Alerts

Atlassian Jira Server and Data Center could allow the remote authenticated attacker to execute arbitrary code on the system. The remote attacker could exploit the addressed vulnerability by using a specially crafted velocity template to execute arbitrary code on the system via template injection, leading to Remote Code Execution (RCE) in the email templates feature. […]

Fortinet has released security updates to address several vulnerabilities in multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the attackers to perform several attacks like executing unauthorized code or commands, improper access control, and information disclosure on the affected system.

Google Chrome has released security updates for Windows versions (104.0.5112.79/80/81) and for Linux and Mac versions (104.0.5112.79). The remote attacker could exploit some of these vulnerabilities to take control of the affected system, obtain information and cause a denial of service. Samples of the addressed vulnerabilities: Google Chrome Safe Browsing code execution (CVE-2022-2604): CVSS: 8.8

Samba has released a security update to address multiple vulnerabilities in the software affecting several versions. The remote attacker could exploit this vulnerability to bypass security, obtain information, cause a denial of service and gain privileges on the system. All versions of Samba are affected by CVE-2022-3274, Samba 4.3, and later is affected by CVE-2022-32744.

IBM has released a security update to address a critical vulnerability affecting PowerVM VIOS 3.1. The remote attacker could exploit this vulnerability to tamper with system configuration or cause a denial of service. VIOS is part of the PowerVM® Editions hardware feature. The VIOS is software that is located in the logical partition. This software

Trend Micro has released the security update for spyware pattern for Trend Micro Apex One that resolves the agent link following local privilege escalation vulnerability related to the scanning function. The remote attacker could exploit this vulnerability to escalate privileges on the system. The addressed vulnerability could allow the authenticated attacker to gain elevated privileges

Drupal has released multiple security updates to address vulnerabilities affecting versions 9.4, 9.3, and 9.7. The remote attacker could exploit these vulnerabilities to take control and disclose information about the affected system. The highest severity for the addressed vulnerabilities could allow the remote attacker to execute arbitrary code within the context of the vulnerable application,

Mozilla has released security updates to address multiple vulnerabilities in Mozilla Firefox 103 and Firefox ESR 91.12 and ESR 102.1. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could be exploited remotely to allow the attackers to perform various attacks, like browser spoofing, information

HIVE is a ransomware family that has impacted Windows and Linux operating systems. It was originally written in Go Language but was rewritten in Rust in early 2022. It can encrypt both logical drives and remote network shares on execution. Hive new variant: The main difference between the new Hive variant and the old ones

Lockbit ransomware operation has released LockBit 3.0, which introduces bugbounty programs, and new tactics and techniques. LockBit is known to target the financial services sector heavily among other sectors. The authors of LockBit 3.0 have introduced new management features for affiliates and added Zcash for victim payments in addition to Monero and Bitcoin. Lockbit is

Atlassian has resealed a security fix to mitigate a critical security vulnerability that uses hard-coded credentials affecting Confluence Server and Confluence Data Center. The Confluence user account with the username “disabledsystemuser” is created when the Questions for Confluence app is enabled on Confluence Server or Data Center. This account is intended to aid administrators in

Oracle has released its critical patch updates for July 2022, containing (349) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a

Apple has released security updates to address multiple vulnerabilities in the updated versions 2022-005 Catalina, macOS Big Sur 11.6.8, and Monterey 12.5.The severity of the addressed vulnerabilities could allow the attackers to perform several attacks, like elevating privileges, OS crashes, and executing arbitrary code on the affected system. The addressed vulnerabilities include 37 flaws spanning

Cisco has released a security update to fix vulnerabilities across multiple products. The remote attacker could exploit these vulnerabilities to gain access, obtain information, and cause a denial of service. The vulnerabilities’ severities could allow the remote attacker to execute arbitrary code, read or upload container image files, and perform a cross-site request forgery attack. The

Google has released updated Chrome versions (103.0.5060.134) to fix several vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code in the context of the affected applications by persuading the victim to visit a specially crafted webpage. Samples of

Apache has released security patches to address vulnerabilities in Apache CloudStack, Apache Spark, Apache Hive, and Apache SkyWalking. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, execute commands or cause a denial of service. Sample of the addressed vulnerabilities: Apache CloudStack XML external entity (CVE-2022-35741): Apache CloudStack is vulnerable

Cisco has released security updates to address several vulnerabilities in multiple Cisco products such as Cisco Smart Software Manager, Cisco Unified Communications Products, Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). Analysis The addressed vulnerabilities could allow the remote attacker to conduct several attacks on the affected systems, such as cross-site scripting, directory

OpenSSL has released security updates to fix several vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system. OpenSSL is an open-source command-line tool commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information. OpenSSL is available for most Unix-like operating systems (including Linux, macOS,