ArubaOS Multiple Vulnerabilities (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, and CVE-2023-22752)

Aruba Networks has released a security advisory to address 33 vulnerabilities that affect different versions of ArubaOS. The vulnerabilities affect various products, including Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways. Out of these 33 vulnerabilities, six are rated as critical. CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, and CVE-2023-22750 are critical severity command … Continue reading “ArubaOS Multiple Vulnerabilities (CVE-2023-22747, CVE-2023-22748, CVE-2023-22749, CVE-2023-22750, CVE-2023-22751, and CVE-2023-22752)”

Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)

Google has released an update for Chrome browser on Windows, Mac, and Linux to address a high-severity zero-day vulnerability (CVE-2022-4135). The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group.     “Google is aware that an exploit for CVE-2022-4135 exists in the wild.”, says the advisory released by Google on November 24, 2022.  … Continue reading “Google Releases Patch for an Actively Exploited Zero-day Vulnerability in its Chrome Browser (CVE-2022-4135)”

SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)

Tracked as CVE-2021-20019, a vulnerability was observed in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can potentially lead to an internal sensitive data disclosure vulnerability. The shortcoming was rectified in an update rolled out to SonicOS on June 22. However, there is no evidence that … Continue reading “SonicWall Buffer Overflow Vulnerability (SNWLID-2021-0006, CVE-2021-20019)”

PAN-OS Buffer overflow vulnerability (CVE-2020-2040)

Within a span of three months, one more critical vulnerability with a score of 10.0 has been observed in PAN-OS devices. When a Captive Portal or Multi-factor authentication interface is enabled on PAN-OS devices, it is considered to be vulnerable to critical buffer overflow vulnerability. This vulnerability is classified as CWE-120 and assigned CVE-2020-2040, on … Continue reading “PAN-OS Buffer overflow vulnerability (CVE-2020-2040)”