Category: Vulnerabilities

November 23, 2022

Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Microsoft Patch Tuesday security updates for November 2022 addressed a privilege escalation vulnerability, tracked as CVE-2022-37966, that impacts Windows Server. […]

November 22, 2022

BMC is a specialized processor that allows administrators to remotely control and monitor a device without having to access the operating system or applications running on it. The BMC can be used to reboot a device, install an operating system, […]

November 21, 2022

Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. In its advisory, Apple notes that the flaw allowed a sandboxed […]

November 18, 2022

On November 10, the US Cybersecurity and Infrastructure Security Agency (CISA) published two advisories describing three vulnerabilities affecting NJ and NX-series controllers and software made by Japanese electronics giant Omron. One of the advisories describes CVE-2022-33971, a high-severity flaw that […]

November 18, 2022

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8. “There is a command injection vulnerability using environment variables […]

November 17, 2022

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. […]

November 16, 2022

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist […]

November 15, 2022

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one […]

November 14, 2022

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone […]

November 11, 2022

The feature-rich PDF reader provides broad functionality to users, including support for multimedia documents and dynamic forms via JavaScript support, which also expands the application’s attack surface. This week, Cisco’s Talos security researchers have published information on four vulnerabilities in […]

November 11, 2022

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]

November 11, 2022

The most severe of the security defects is CVE-2022-20927, a bug in the dynamic access policies (DAP) functionality of ASA and FTD software, allowing a remote, unauthenticated attacker to cause a denial-of-service (DoS) condition. Due to improper processing of data […]

November 10, 2022

Google has resolved a high-severity security issue affecting all Pixel smartphones that could be trivially exploited to unlock the devices. The vulnerability, tracked as CVE-2022-20465 and reported by security researcher David Schütz in June 2022, was remediated as part of […]

November 10, 2022

Written in the C programming language and originally developed for the Gnome project, libxml2 is a software library for parsing XML documents. Tracked as CVE-2022-40303 and CVE-2022-40304, the two vulnerabilities could lead to remote code execution. Apple has credited Google […]

November 10, 2022

Also referred to as Cozy Bear, the Dukes, and Yttrium, APT29 is a Russian cyberespionage group likely sponsored by the Russian Foreign Intelligence Service (SVR). The group is believed to be responsible for multiple high-profile attacks, including the 2016 targeting […]

November 9, 2022

There were also updates to two previously released notes. Three other security notes were released between the second Tuesday of October and the second Tuesday of November. Three of this month’s security notes are marked ‘hot news’, which represents the […]

November 9, 2022

Citrix has released a fix for three high-severity vulnerabilities discovered in two of its popular products, and is now urging users to apply the patch immediately. The company has fixed three flaws found in Citrix ADC and Citrix Gateway. ADC […]

November 9, 2022

Workspace ONE Assist allows IT staff to remotely access and troubleshoot devices in real time from the Workspace ONE console. The first issue, tracked as CVE-2022-31685 (CVSSv3 9.8/10), is an authentication bypass flaw, an attacker with network access to Workspace […]

November 8, 2022

The first part of the update, the ‘2022-11-01 patch level’, includes fixes for 17 security defects, 12 of which could lead to escalation of privilege (EoP), three to denial of service (DoS), and two leading to information disclosure. All of […]

November 3, 2022

Azul has released Azul Vulnerability Detection, a new SaaS product that continuously detects known security vulnerabilities that exist in Java applications. By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for in-production use and addresses […]