Vulnerabilities Archives

OpenSSL patches multiple vulnerabilities (1 rated High severity)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / February 10, 2023 / CVE-2023-0286, OpenSSL, Vulnerabilities, X.509

OpenSSL has released a security update with fixes for one High risk vulnerability (CVE-2023-0286) and multiple other Moderate severity vulnerabilities.

Drupal patches Moderately Critical Private Taxonomy Terms vulnerability

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 13, 2023 / Drupal, Private Taxonomy Terms, Vulnerabilities

Drupal has patched a Moderately Critical ‘Private Taxonomy Terms’ vulnerability that affect multiple versions of Drupal Core.

Google releases Chrome OS security updates with fixes for 5 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / January 9, 2023 / Chrome, CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-4436, CVE-2022-4437, LTS, Vulnerabilities

Google has released Long Term Support (LTS) 102 security update and Stable Channel update for Chrome OS devices to fix multiple vulnerabilities.

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Cybersecurity Attacks, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / November 12, 2022 / CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-30333, CVE-2022-37042, Exploit, Vulnerabilities, ZCS, Zimbra, Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

OpenSSL forewarns of upcoming Critical patch (prepare now)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 30, 2022 / HTTPS, OpenSSL, Vulnerabilities

OpenSSL has released an announcement that forewarns of an upcoming Critical patch for a Critical vulnerability in OpenSSL versions 3.0 and above.

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 12, 2022 / Active Directory, Azure, CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-34689, CVE-2022-37968, CVE-2022-37976, CVE-2022-37979, CVE-2022-38000, CVE-2022-38047, CVE-2022-38048, CVE-2022-41033, CVE-2022-41034, CVE-2022-41038, CVE-2022-41081, EoP, Hyper-V, Kubernetes, Office, Point-to-Point, PPT, RCE, SharePoint, Vulnerabilities

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

Intel reports leak of Alder Lake BIOS source code

Application Security, Data Breach, Source Code Security / By Frank Crast / October 10, 2022 / Alder Lake, BIOS, Intel, Intel Core, Source Code, Vulnerabilities

Chipmaker Intel has confirmed a leak of its Alder Lake BIOS source code, as revealed on 4chan and GitHub. However, the hacker’s origin (or root cause) remains unknown.

Android Security Bulletin for October 2022

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / October 10, 2022 / Android, CVE-2022-20419, mobile, Vulnerabilities

Google has released its Android Security Bulletin for October 2022 with details of security vulnerabilities affecting Android devices.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / CVE-2022-41040, CVE-2022-41082, Exchange, Exchange Server 2019, IIS, Microsoft, PowerSHell, ProxyNotShell, Vulnerabilities, Zero-day

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Google fixes Chrome 105 zero-day vulnerability (CVE-2022-3075) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / September 5, 2022 / browser, Chrome, Chrome105, CVE-2022-3075, Vulnerabilities

Google has released Chrome 105.0.5195.102 for Windows, Mac and Linux with a fix for a High severity zero-day vulnerability (CVE-2022-3075) exploited in the wild.