Amazon Linux team is advising its clients about a critical vulnerability affecting Linux servers.  Amazon Linux 2 is a Linux operating system from Amazon Web Services (AWS). It offers a security-focused, stable, and high-performance OS to develop and run cloud applications. In 2021, critical vulnerabilities in the Java log4j package were published that affected Apache […]

Xen is a hypervisor that allows multiple computer operating systems to run on the same computer hardware simultaneously. The Xen Project community develops and keep Xen Project as free and open-source software, subject to the requirements of the GNU General Public License (GPL), version 2. Xen Project is at present available for the IA-32, x86-64 […]

Two bugs in the web interface of a Fujitsu cloud storage system would allow authenticated threat actors to read, write, and even destroy backed up files. According to the report, these flaws reside in the enterprise-grade Fujitsu Eternus CS800 V8.1 solution. These problems were found by researchers at NCC Group, who mention that the flaws […]

In its most recent security release, GitLab announced the launching of GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) versions 15.01, 14.9.4, and 14.9.5. These updates contain important security fixes, so users of previous deployments are encouraged to address them as soon as possible to prevent malicious activity. According to the report, GitLab fixed […]

Cybersecurity specialists reported the detection of multiple flaws in the Mozilla Thunderbird multiplatform email client, which successful exploitation would allow malicious hackers to perform several attack scenarios on target systems. Below are brief descriptions of the reported flaws and their respective tracking key and scores assigned according to the Common Vulnerability Scoring System (CVSS). CVE-2022-31736: […]

Information security specialists reported the detection of two severe flaws in Apache Traffic Server (ATS), a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid. As per the report, successful exploitation of these flaws would allow performing dangerous cyberattack variants. Below are brief descriptions of the reported flaws and their […]

Cisco Talos researchers detected multiple critical vulnerabilities in Open Automation Software Platform, a solution powered by a universal data connector that allows data to be moved between programmable logic controllers (PLCs) from different vendors, from a PLC to a database, or from a database to visualization. Researcher Jared Rittle was responsible for identifying the flaws, […]

Tech firm NETGEAR released a security alert related to multiple vulnerabilities in the BR200 and BR500 routers. As per the report, a successful attack requires the computer that manages the router to visit a malicious website. Errors are considered critical and received scores above 7/10 according to the Common Vulnerability Scoring System (CVSS). Due to […]

In a security alert, SonicWall has strongly urged its customers to address some security flaws in its Secure Mobile Access (SMA) Series 1000 products, as their successful exploitation would allow threat actors to fully compromise vulnerable devices. The most severe vulnerability, tracked as CVE-2022-22282, was described as an unauthenticated access control evasion, while two minor […]

Researchers from SEC Consult Vulnerability Lab reported the detection of a sandbox breakout vulnerability present in some Konica Minolta bizhub multifunctional models. Detected in late 2019, successful exploitation of this flaw would have given attackers full read/write access to the device’s operating system, in addition to root access to stored data. Threat actors could have […]

A group of researchers developed a tool capable of detecting errors in the way applications such as Adobe Acrobat or Microsoft Word process JavaScript code, which has allowed finding a total of 134 security flaws, of which 33 have already received a CVE tracking key. The tool is called “Cooper”, in reference to the technique […]

A report by F5 Networks points to the detection of a critical vulnerability that would allow threat actors with access to an exposed network to execute arbitrary commands, deploy file actions, and disable services on BIG-IP. Tracked as CVE-2022-1388, the flaw received a score of 9.8/10 according to the Common Vulnerability Scoring System (CVSS) and […]

Five critical remote code execution (RCE) vulnerabilities have been confirmed to be found in millions of Aruba and Avaya devices whose exploitation would allow threat actors to take control of the network switches used in all kinds of facilities, including hospitals, hotels and airports. Researchers at security firm Armis dubbed this set of flaws as […]