Vulnerabilities

Vulnerabilities

Issued by: Security Week

The security flaw, identified as CVE-2022-0540, is an authentication bypass issue that affects Seraph, the web authentication framework of Jira and Jira Service Management. A remote, unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization by sending a specially crafted HTTP request. Many versions of Jira are affected, but the vendor noted that…

Vulnerabilities

Issued by: Security Week

Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…

Vulnerabilities

Issued by: Trend Micro Blog

Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2022-1364 and considered “high severity,” the exploited security hole is described as a type confusion in the V8 JavaScript and WebAssembly engine. Attacks targeting type confusion bugs in Chrome’s V8 engine may lead to arbitrary code execution. All Chromium-based browsers are impacted. “Google is aware that an exploit for CVE-2022-1364 exists in the…

Vulnerabilities

Issued by: Security Week

Elementor is a drag-and-drop website builder for WordPress that has more than 5 million installations. Considered critical, the newly addressed vulnerability was apparently introduced on March 22, in version 3.6.0 of the plugin. Roughly one-third of websites were running a vulnerable version when the bug was found. Researchers with Plugin Vulnerabilities, who identified the flaw,…

Vulnerabilities

Issued by: Kaspersky Blog

In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a…

Vulnerabilities

Issued by: Trend Micro Blog

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder and execute them after permission change using “chmod”. We began seeing malicious activities at the…

Vulnerabilities

Issued by: Dark Reading

When it comes to security, there are some low-lying threats that can cause big problems. One important example is malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. And, as the Linux footprint continues to expand, so, too, will attacks against it. Researchers from FortiGuard Labs noted…

Vulnerabilities

Issued by: Security Week

The developers of Spring, which is owned by VMware and said to be the world’s most popular Java application development framework, announced patches for three vulnerabilities last week. One of them is tracked as CVE-2022-22965, Spring4Shell and SpringShell, and it has been described as a critical remote code execution vulnerability in Spring Framework that can…

Vulnerabilities

Issued by: Security Week

According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. The critical-severity bug, which is tracked as CVE-2022-1162 (CVSS score of 9.1), could allow attackers to take over accounts. In addition…