Cisco has released a security advisory addressing multiple vulnerabilities affecting Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842) are rated with high and critical severity and assigned a base CVSS base score between 8.3-9.8. These vulnerabilities could allow unauthenticated, remote attackers to execute arbitrary code and trigger … Continue reading “Cisco Patched Small Business RV Series Routers Multiple Vulnerabilities (CVE-2022-20827, CVE-2022-20841, and CVE-2022-20842)”
Tag: Remote Code Execution Vulnerability
VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access
VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)
Atlassian released a security advisory on June 2nd, 2022, explaining a zero-day unauthenticated remote code execution vulnerability (CVE-2022-26134) in Confluence Server and Data Center. This remote code execution vulnerability was observed over the Memorial Day weekend in the United States by the Volexity incident response team. The vulnerability is being actively exploited in the wild … Continue reading “Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)”
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Security researchers have discovered a new zero-day vulnerability in Microsoft Office, via Microsoft Support Diagnostic Tool (MSDT), that could be exploited to achieve code execution on affected systems simply by opening a malicious Word document. The vulnerability, tracked as CVE-2022-30190, was discovered by a Japanese security researcher nao_sec, who tweeted a warning about the … Continue reading “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)”
Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)
Microsoft has released a patch addressing a flaw in the Azure Data Factory and Azure Synapse pipelines (tracked as CVE-2022-29972). The flaw affects the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a … Continue reading “Microsoft Releases Patch for the Third-party ODBC Driver Remote Code Execution Vulnerability (CVE-2022-29972)”
F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)
A critical Remote Code Execution vulnerability has been reported in the F5 BIG-IP iControl REST API. The vulnerability is being tracked as CVE-2022-1388. A proof of concept for the vulnerability is available and is being actively exploited by threat actors. Security researchers are advising F5 BIG-IP administrators to immediately install the latest security patch. … Continue reading “F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)”
WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)
An unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to execute arbitrary code remotely on multiple WSO2 products has been reported. The vulnerability was reported by a researcher called Orange Tsai and is being tracked as CVE-2022-29464 (WSO2-2021-1738). WSO2 is an open-source software provider that offers an enterprise platform for integrating application programming interfaces (APIs), applications, … Continue reading “WSO2 Unrestricted Arbitrary File Upload and Remote Code Execution Vulnerability (CVE-2022-29464)”
Nginx Zero-Day Remote Code Execution Vulnerability
A new zero-day vulnerability has been discovered in the Nginx LDAP-auth daemon implementation, which allows remote code execution on a vulnerable system. Nginx is an open-source HTTP and reverses proxy server, a mail proxy server, and a generic TCP/UDP proxy server. Large numbers of servers use Nginx as a load balancer. The … Continue reading “Nginx Zero-Day Remote Code Execution Vulnerability”
Zoho ManageEngine ADAudit Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2022-28219)
ManageEngine ADAudit Plus is a security, auditing, and compliance solution for Windows. For Active Directory, Azure AD, file servers, Windows servers, and workstations, key features include thorough login auditing, detailed change tracking, real-time risk alerting, and automated compliance reporting. Endpoints in ManageEngine ADAudit Plus are vulnerable and can allow an unauthenticated attacker to take … Continue reading “Zoho ManageEngine ADAudit Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2022-28219)”