Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices. One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities…

According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. The critical-severity bug, which is tracked as CVE-2022-1162 (CVSS score of 9.1), could allow attackers to take over accounts. In addition…

The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

Microsoft today issued security updates for 71 software vulnerabilities, three of which were critical and one that has a known proof-of-concept available in the public domain. Among the most notable flaws fixed today by Microsoft are: CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability This is a critical bug that could allow an attacker who…

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues. There were 12 use-after-free bugs reported externally, impacting Safe Browsing, Site isolation, Web packaging, Omnibox, Printing, Vulkan, Scheduling, Text Input Method Editor, Bookmarks, Optimization Guide, and Data Transfer. The most…

Of the 26 security holes fixed in the Windows and macOS versions of Acrobat and Reader, 16 have been assigned a “critical” severity rating (high severity based on their CVSS score), and a majority are memory-related issues that can be exploited for arbitrary code execution. Four of these critical vulnerabilities — CVE-2021-44704 through CVE-2021-44707 —…

The security hole, tracked as CVE-2021-0146 and rated high severity, impacts Pentium, Celeron and Atom CPUs on mobile, desktop and embedded devices. Affected Atom IoT processors are present in many cars, apparently including ones made by Tesla. Intel announced the availability of fixes when it released its November 2021 Patch Tuesday updates. “Hardware allows activation…