VMware released security updates to fix 3 critical vulnerabilities in their One Assist Software. A malicious actor with network access may be able to obtain administrator access without the need to authenticate. Workspace One Assist is a real-time remote support…
On Nov 1st OpenSSL project has release patches for a couple of high severity flaws that could trigger Denial of Service or trigger remote code execution. Tracked as CVE-2022-3786 An attacker can craft a malicious email address in a certificate to overflow an arbitrary…
On Monday Apple released a patch for a zero-day flaw that’s been actively exploited. Tracking as CVE-2022-42827 described An out-of-bounds write issue was addressed with improved bounds checking. In the out-of-bounds write vulnerability, the software writes data past the end,…
CISA on Thursday, Oct 20 added the Zimbra Collaboration exploit to the Known Vulnerabilities Exploit catalog (KVE). The issue is tracked as CVE-2022-41352, this is a remote code execution vulnerability that has to do with cpio a third-party utility tool…
Horizon3.ai recently released a proof of concept on the Fortinet Authentication Bypass vulnerability. Horizon3.ai researchers created an exploit after examining the differences between the vulnerable firmware and the patched version. Soon after releasing the proof of concept, exploit attempts numbers started to rise. On…
Fortinet on Monday published an advisory confirming that this vulnerability has been exploited in the wild. “Fortinet is aware of an instance where the vulnerability was exploited and recommended immediately validating your system against the following indicator of compromise in the device…
An extremely popular sandbox library with more than 16 million downloads a month, vm2 can run untrusted code securely in a single process with your code side by side. Researchers from Oxeye discovered the vulnerability codenamed “Sandbreak”, a critical remote…
CISA on Sept 30th added a recently disclosed critical flaw impacting Atlassian’s Bitbucket Server and Data Center to the known exploited vulnerabilities (KEV) catalog. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Software professionals use this…