Atlassian released a security advisory on June 2nd, 2022, explaining a zero-day unauthenticated remote code execution vulnerability (CVE-2022-26134) in Confluence Server and Data Center. This remote code execution vulnerability was observed over the Memorial Day weekend in the United States by the Volexity incident response team. The vulnerability is being actively exploited in the wild … Continue reading “Atlassian Confluence Server and Confluence Data Center Zero-day Remote Code Execution Vulnerability (CVE-2022-26134)”
Tag: Zero-day Vulnerability
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)
Security researchers have discovered a new zero-day vulnerability in Microsoft Office, via Microsoft Support Diagnostic Tool (MSDT), that could be exploited to achieve code execution on affected systems simply by opening a malicious Word document. The vulnerability, tracked as CVE-2022-30190, was discovered by a Japanese security researcher nao_sec, who tweeted a warning about the … Continue reading “Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability (CVE-2022-30190)”
Nginx Zero-Day Remote Code Execution Vulnerability
A new zero-day vulnerability has been discovered in the Nginx LDAP-auth daemon implementation, which allows remote code execution on a vulnerable system. Nginx is an open-source HTTP and reverses proxy server, a mail proxy server, and a generic TCP/UDP proxy server. Large numbers of servers use Nginx as a load balancer. The … Continue reading “Nginx Zero-Day Remote Code Execution Vulnerability”
Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability
Update: On March 31, Spring provided official confirmation and CVE-2022-22965 is now assigned to this vulnerability. Qualys Research Team has released QIDs as of March 30 and will keep updating those QIDs as new information is available. On March 30, a new zero-day Remote Code Execution (RCE) vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An … Continue reading “Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability”
Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096
Google has released an emergency update to address a high-severity zero-day vulnerability – CVE-2022-109). The vulnerability, reported by an anonymous security researcher, is said to be exploited in the wild. This zero-day vulnerability is a type-confusion flaw in the Chrome V8 JavaScript engine. A type-confusion error arises when a resource (e.g., a variable or … Continue reading “Google Chrome Releases Fix to Address Zero-day Vulnerability – CVE-2022-1096”
Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)
A remote code execution vulnerability in Apache Log4j2 was discovered on the Internet on December 9, 2021, and is actively being exploited in the wild. In Apache Log4j2, attackers can create customized requests to execute remote code. Users are recommended to examine related vulnerabilities as soon as possible due to the wide spectrum of impact … Continue reading “Apache Log4j2 Zero-day Remote Code Execution Vulnerability Exploited in the Wild (CVE-2021-44228)”
Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)
Grafana Labs released an emergency security upgrade to fix a zero-day flaw that permitted remote access to local files. Security researchers released proof-of-concept code to exploit the flaw over the weekend. Before Grafana Labs gave out patches for affected versions 8.0.0-beta1 through 8.3.0, details regarding the issue became public earlier this week. Tracked as CVE-2021-43798, this is … Continue reading “Grafana Releases Fix for Zero-day Vulnerability Exploited in the Wild (CVE-2021-43798)”