patch Archives - Page 2 of 7 - Cyber Security Minute

Cisco Patches High-Severity Vulnerabilities in Business Switches

Issued by: Security Week

Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited remotely, without authentication, to cause a denial-of-service (DoS) condition. The flaw exists due to incomplete input validation of specific OSPFv3 packets, allowing an attacker to send a malicious OSPFv3 link-state advertisement (LSA) to…

Vulnerabilities

Microsoft Shares Details on Critical ChromeOS Vulnerability

Issued by: Security Week

Tracked as CVE-2022-2587 (CVSS score of 9.8) and described as an out-of-bounds write, the vulnerability was addressed with the release of a patch in June. The issue was identified in the CRAS (ChromiumOS Audio Server) component, and could be triggered using malformed metadata associated with songs. CRAS resides between the operating system and ALSA (Advanced…

Vulnerabilities

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

Issued by: Security Week

The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1. The zero-day has been patched with the release of Chrome 103.0.5060.114 for Windows. No information has been made available about the…

Vulnerabilities

Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability

Issued by: Security Week

The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May. The first attacks leveraging Follina…

Vulnerabilities

ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

Issued by: Security Week

Siemens has released 12 advisories covering 35 vulnerabilities. Based on CVSS scores, the most important advisory covers 11 flaws affecting the web server of SICAM P850 and P855 devices. One of these bugs is critical and it allows an unauthenticated attacker to execute arbitrary code or launch a denial-of-service (DoS) attack. The five high-severity vulnerabilities…

Vulnerabilities

GitLab Patches Critical Account Takeover Vulnerability

Issued by: Security Week

According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. The critical-severity bug, which is tracked as CVE-2022-1162 (CVSS score of 9.1), could allow attackers to take over accounts. In addition…

Vulnerabilities

Google Patches Critical Vulnerability With Chrome 99 Update

Issued by: Security Week

The critical flaw, tracked as CVE-2022-0971, has been described as a use-after-free issue affecting the Blink Layout component. Sergei Glazunov of Google Project Zero has been credited for reporting the flaw. Google doesn’t often assign a “critical severity” rating to Chrome vulnerabilities. In fact, over the past year, only four other Chrome updates fixed a…

Vulnerabilities

High-Severity Vulnerabilities Patched in Omron PLC Programming Software

Issued by: Security Week

An advisory released earlier this month by Japan’s JPCERT/CC revealed that the product is affected by five use-after-free and out-of-bounds vulnerabilities, all with a CVSS score of 7.8. CX-Programmer, which is part of Omron’s CX-One automation software suite, is designed for programming and debugging Omron programmable logic controllers (PLCs). According to the U.S. Cybersecurity and…

Vulnerabilities

Microsoft Patches Critical Exchange Server Flaw

Issued by: Dark Reading

Microsoft today issued security updates for 71 software vulnerabilities, three of which were critical and one that has a known proof-of-concept available in the public domain. Among the most notable flaws fixed today by Microsoft are: CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability This is a critical bug that could allow an attacker who…

Vulnerabilities

Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days

Issued by: Security Week

Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed. Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a…