Browsing Category
Vulnerabilities
44 posts
CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities
MAY 19, 2022 12:38 GMT CISA has issued a rare emergency directive and is advising urgent patching priority for…
May 19, 2022 00:04 GMT
F5Networks Security Fixes—Critical RCE Impacting BIG-IP
MAY 6, 2022 16:03 GMT F5Networks has released security updates to patch multiple products, including a critical vulnerability…
May 6, 2022 15:52 GMT
Wormable RPC Vulnerability Among Several Fixed In April Patch Tuesday
APRIL 14, 2022 20:32 GMT Microsoft’s Patch Tuesday for April includes a notably high volume of critical fixes.…
April 14, 2022 18:31 GMT
Spring4Shell Zero-Day RCE Affects VMWare’s Java Application Framework
A zero-day RCE vulnerability (CVE-2022-22965) affecting VMWare's Spring Java Framework has had PoC exploit code prematurely released.
March 31, 2022 23:27 GMT
Critical Remote Code Execution Vulnerability Found in Sophos Firewall Products
A critical Remote Code Execution vulnerability with CVSS score of 9.8 has been patched in the Sophos Firewall platform.
March 29, 2022 22:22 GMT
PwnKit Local Privilege Escalation Bug Plagues Linux Distributions
1/27/2022 23:23 GMT An argument-parsing bug in the pkexec utility from the PolKit package allows easy-to-exploit local privilege…
January 27, 2022 21:55 GMT
Microsoft Critical Wormable RCE and Six Zero-Days Highlight January Patch Tuesday
The January 2022 Patch Tuesday is a big one, but shouldn't be postponed as it contains a patch for a critical wormable RCE vulnerability in the HTTP protocol stack.
January 12, 2022 21:32 GMT
Log4j New Year Wrap-Up
One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
January 7, 2022 01:15 GMT
Apache Releases Log4j 2.16.0 to Patch Lingering DoS Vulnerability
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
December 14, 2021 19:39 GMT
Log4j/Log4Shell Updates and Recommended Guidance
Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.
December 13, 2021 20:18 GMT