Citrix has released security advisories to address multiple high-severity vulnerabilities affecting Workspace, Virtual Apps, and Desktops. The vulnerabilities are assigned with CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24486. On successful exploitation, these vulnerabilities can have severe consequences ranging from privilege escalation to session takeover. Citrix products are used in various organizations worldwide for handling multiple operations. … Continue reading “Citrix Patches Multiple Vulnerabilities in Workspace, Virtual App, and Desktop (CVE-2023-24483, CVE-2023-24484, CVE-2023-24485, CVE-2023-24486)”
Tag: elevation-of-privilege vulnerability
Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)
Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered a new vulnerability in Microsoft’s Service Fabric – commonly used with Azure. Tracked as CVE-2022-30137, the vulnerability could allow a malicious actor with access to a compromised container to escalate privileges and gain control of the resource’s host Service Fabric node and the entire cluster. … Continue reading “Microsoft Service Fabric Elevation of Privilege Vulnerability (FabricScape) (CVE-2022-30137)”
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
7-Zip Privilege Escalation and Command Execution Zero-day Vulnerability (CVE-2022-29072)
7-ZIP through version 21.07 allows privilege escalation and command execution when a file with .7z extension is dragged to the Help>Contents area. The vulnerability is being tracked as CVE-2022-29072. 7-Zip is a free and open-source file archiver for Windows, macOS, and Linux. The zero-day vulnerability in 7-zip is due to misconfiguration of 7z.dll … Continue reading “7-Zip Privilege Escalation and Command Execution Zero-day Vulnerability (CVE-2022-29072)”
Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days
Microsoft has released security fixes for several vulnerabilities including patches for zero-day vulnerabilities in its March 2022 Patch Tuesday. Microsoft addresses 92 vulnerabilities in their March 2022 Patch Tuesday release. Out of these 92 vulnerabilities, three (3) are rated as critical. The release also includes fixes for three (3) publicly disclosed zero-day vulnerabilities. As of … Continue reading “Microsoft Patches 92 Vulnerabilities in March 2022 Patch Tuesday including 3 Zero-days”
New Linux Elevation of Privilege Vulnerability Exploited in the Wild (Dirty Pipe) (CVE-2022-0847)
Linux has been exploited by a highly severe vulnerability (CVE-2022-0847) that is being called ‘Dirty Pipe’. This vulnerability can allow local users to gain root privileges through publicly available exploits and is considered one of the most significant Linux security vulnerabilities that have been discovered since 2016 when another high-severity and easy-to-exploit Linux bug (dubbed … Continue reading “New Linux Elevation of Privilege Vulnerability Exploited in the Wild (Dirty Pipe) (CVE-2022-0847)”
VMware Multiple Vulnerabilities (VMSA-2020-0026)
On November 19, 2020, VMware published an advisory addressing critical vulnerabilities in various VMware products. VMware has evaluated the severity of CVE-2020-4004 to be “Critical” with a maximum CVSSv3 base score of 9.3. The severity of CVE-2020-4005 has been evaluated to be “Important” with a maximum CVSSv3 base score of 8.8. Affected VMware Products VMware … Continue reading “VMware Multiple Vulnerabilities (VMSA-2020-0026)”