security holes Archives - Cyber Security Minute

CISA Urges Organizations to Patch Recent Chrome, Magento Zero-Days

Issued by: Security Week

One of these is CVE-2022-24086, a critical-severity (CVSS score 9.8) vulnerability in Adobe Commerce and Magento. Described as an improper input validation bug, the security hole can be exploited to achieve remote code execution, without authentication. On Sunday, Adobe released an emergency advisory to warn that it had observed very limited attacks targeting CVE-2022-24086. The…

Vulnerabilities

Google Patches Four Severe Vulnerabilities in Chrome

Issued by: Security Week

Tracked as CVE-2021-37977, the most severe of these security holes could be exploited to achieve arbitrary code execution on a target system. The flaw, described as a use-after-free bug in Garbage Collection, was reported last month by an anonymous researcher. Google says it paid a $10,000 bounty reward for the finding. Now rolling out to…

Vulnerabilities

Flaws in Nagios Network Management Product Can Pose Risk to Many Companies

Issued by: Security Week

The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks. The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for…

Vulnerabilities

Microsoft Patch Tuesday Updates Fix Over 50 Vulnerabilities

Issued by: Security Week

Microsoft’s Patch Tuesday updates for July 2018 address more than 50 vulnerabilities, but none of them appear to have been exploited for malicious purposes before the fixes were released. The company has classified 18 of the flaws as critical and, similar to previous months, they mostly affect the Edge and Internet Explorer web browsers. Many…

Vulnerabilities

Java and Python FTP attacks can punch holes through firewalls

Issued by: CIO Security

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks. On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

Application Security, Vulnerabilities

Cisco Patches 9 Flaws in Email Security Appliance

Issued by: Security Week

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…