About

Archive - October 2022

SQLite patches 22-year-old code execution, denial of service vulnerability 31 October 2022 at 15:51 UTC Upcoming ‘critical’ OpenSSL update prompts feverish speculation 28 October 2022 at 14:31 UTC VMWare patches RCE exploit in NSX Manager 28 October 2022 at 11:00 UTC GitHub patches bug that could allow access to another user’s repo 27 October 2022 at 14:15 UTC Jira Align flaws enabled malicious users to gain super admin privileges 26 October 2022 at 16:00 UTC Melis Platform CMS patched for critical RCE flaw 25 October 2022 at 15:20 UTC Critical authentication bug in Fortinet products actively exploited in the wild 25 October 2022 at 13:53 UTC HyperSQL DataBase flaw leaves library vulnerable to RCE 24 October 2022 at 14:46 UTC Login spoofing issue in GitHub nets researcher $10k bug bounty reward 21 October 2022 at 14:00 UTC Failed Cobalt Strike fix with buried RCE exploit now patched 21 October 2022 at 10:25 UTC Microsoft Office Online Server open to SSRF-to-RCE exploit 20 October 2022 at 15:46 UTC Security certification body (ISC)² defends ‘undemocratic’ bylaw changes 19 October 2022 at 15:11 UTC Apache Commons Text RCE: Resemblance to Log4Shell but exposure risk is ‘much lower’ 19 October 2022 at 10:35 UTC Researchers find 633% increase in cyber-attacks aimed at open source repositories 18 October 2022 at 15:21 UTC ‘We don’t teach developers how to write secure software’ – Linux Foundation’s David A Wheeler on reversing the CVE surge 14 October 2022 at 14:15 UTC Adobe patches critical Magento XSS that puts sites at takeover risk 14 October 2022 at 11:11 UTC GitLab patches RCE bug in GitHub import function 13 October 2022 at 14:27 UTC Hidden DNS resolver insecurity creates widespread website hijack risk 11 October 2022 at 10:51 UTC Zimbra remote code execution vulnerability actively exploited in the wild 10 October 2022 at 14:21 UTC Policy-as-code approach counters ‘cloud native’ security risks 07 October 2022 at 15:24 UTC Critical flaw in open source WebPageTest remains unpatched 07 October 2022 at 11:00 UTC Dex patches authentication bug that enabled unauthorized access to client applications 06 October 2022 at 16:00 UTC The exploitability advisory: CISA’s VEX offers fresh take on tackling known vulnerabilities 06 October 2022 at 14:28 UTC PHP package manager component Packagist vulnerable to compromise 05 October 2022 at 14:38 UTC Matrix address flaws that break message encryption assurances 04 October 2022 at 14:49 UTC JavaScript sandbox vm2 remediates remote code execution risk 04 October 2022 at 12:48 UTC Researchers net $46k for Akamai misconfiguration vulnerability 04 October 2022 at 10:41 UTC Microsoft confirms zero-day exploits against Exchange Server in ‘limited’ attacks 03 October 2022 at 14:19 UTC Nepxion Discovery software with Spring Cloud functionality fails to patch RCE, info leak bugs 03 October 2022 at 11:20 UTC