SonicWall Urges Users to Patch Several Vulnerabilities in Secure Mobile Access Products (CVE-2021-20038)
December 8, 2021SonicWall patched eight vulnerabilities in its Secure Mobile Access 100 product line. None have been exploited in the wild, yet, but users are strongly urged to patch. Background On December 7, Soni...
CVE-2021-44515: ZoHo Patches ManageEngine Zero-Day Exploited in the Wild
December 6, 2021ZoHo has released patches for an authentication bypass vulnerability that could lead to remote code execution and has been exploited in the wild. Background On December 3, ZoHo issued a security adv...
NUCLEUS:13: 13 Vulnerabilities Found in Siemens Nucleus TCP/IP Stack
November 10, 2021Thirteen new vulnerabilities have been discovered in the Nucleus TCP/IP stack used in potentially billions of devices.
Microsoft’s November 2021 Patch Tuesday Addresses 55 CVEs (CVE-2021-42321)
November 9, 2021Microsoft addresses 55 CVEs in its November 2021 Patch Tuesday release, including two zero-day vulnerabilities that have been exploited in the wild.
Oracle October 2021 Critical Patch Update Addresses 231 CVEs
October 20, 2021Oracle addresses 231 CVEs in its final quarterly update of 2021 with 419 patches, including 36 critical updates. Background On October 19, Oracle released its Critical Patch Update (CPU) for October...
Microsoft’s October 2021 Patch Tuesday Addresses 74 CVEs (CVE-2021-40449)
October 12, 2021Microsoft addresses 74 CVEs in its October 2021 Patch Tuesday release, including another Print Spooler flaw and a zero-day vulnerability in Win32k that was exploited in the wild.
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
October 5, 2021The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to re...
CVE-2021-22005: Critical File Upload Vulnerability in VMware vCenter Server
September 22, 2021VMware published an advisory addressing 19 vulnerabilities, including one critical flaw in vCenter Server that is reportedly simple to exploit. Background On September 21, VMware published a securit...
CVE-2021-38647 (OMIGOD): Critical Flaw Leaves Azure Linux VMs Vulnerable to Remote Code Execution
September 17, 2021Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz...
Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs (CVE-2021-40444)
September 14, 2021Microsoft addresses 60 CVEs in its September 2021 Patch Tuesday release, along with patches for a critical vulnerability in its MSHTML (Trident) engine that was first disclosed in an out-of-band advis...
CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild
September 7, 2021Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian publis...
The PrintNightmare Continues: Another Zero-Day in Print Spooler Awaits Patch (CVE-2021-36958)
August 19, 2021Microsoft continues to work on securing Windows Print Spooler after several vulnerabilities have been disclosed. One remains unpatched, despite new limitations on Point and Print functionality. Backg...