Vulnerabilities

Vulnerabilities

Issued by: Security Week

On March 10, Dell announced patches for five SMM vulnerabilities in the UEFI – the successor of the BIOS firmware interface – of 45 device models, including multiple Alienware, Inspiron, and Vostro laptop models. Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity security bugs (CVSS score of 8.2) are described as improper input…

Vulnerabilities

Issued by: Security Week

The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…

Vulnerabilities

Issued by: Security Week

The Series A funding round was led by Sonae IM and received participation from previous investor Caisse des Dépôts. To date, the company has raised $17.2 million. Founded in 2018, the Lyon, France-based Hackuity is focused on helping cybersecurity teams identify, prioritize, and resolve vulnerabilities before threat actors start exploiting them. The company’s approach to…

Vulnerabilities

Issued by: Security Week

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

Vulnerabilities

Issued by: CSO

Security researchers have found several vulnerabilities affecting many models of APC Smart-UPS uninterruptible power supplies that could be exploited to take over the devices. UPS devices are used across many industries to keep mission-critical devices running in case of power loss. “Two of these are remote code execution (RCE) vulnerabilities in the code handling the…

Vulnerabilities

Issued by: Dark Reading

Microsoft today issued security updates for 71 software vulnerabilities, three of which were critical and one that has a known proof-of-concept available in the public domain. Among the most notable flaws fixed today by Microsoft are: CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability This is a critical bug that could allow an attacker who…

Vulnerabilities

Issued by: Security Week

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Vulnerabilities

Issued by: Security Week

QNAP typically provides security updates for four years after a product has reached EOL status. The reason for that, the company says, is that some models may be technologically deprecated and may lack performance capabilities and operational memory, meaning that they may not receive updated drivers. However, due to evolving security threats targeting QNAP models,…