JSON Web Token Vulnerability
A security flaw with risk severity of high has been found in the popular JsonWebToken open-source JavaScript package. The attacker could perform RCE on a server verifying a maliciously crafted…
SPNEGO NEGOEX Vulnerability
Microsoft has patched the information disclosure vulnerability in SPNEGO NEGOEX tracked CVE-2022-37958 in September 2022. Now, the vulnerability allows threat actors to conduct an RCE and reclassified the severity as…
Microsoft Patch Release Review – Year 2022
This post summarizes the microsoft patch release for the year 2022 SEVERITY WISE BREAKUP SeverityDefense in DepthDenial of ServiceElevation of PrivilegeInformation DisclosureRemote Code ExecutionSecurity Feature BypassSpoofingTamperingUnknownGrand TotalCritical 115 72 1 89Important16937411323739223 856Low 11 1 3Moderate 12 3131 11None1 1Unknown 156156Grand Total272392113312402641561112 IMPACT WISE…
Nvidia fixes High Severity Bugs in its products
Nvidia patched 29 security flaws in its GPU display driver, out of which 10 are high severity. These flaws could allow an unprivileged user to modify files, and escalate privileges,…
Red Hat Quarkas ZeroDay Vulnerability
A zero-day vulnerability has been discovered in the Red Hat build of Quarkus, a full-stack, Kubernetes-native Java framework optimized for Java virtual machines and native compilation. Tracked CVE-2022-4116, the flaw…
ConnectWise Patches RCE Vulnerabilities
ConnectWise, a remote management platform has patched a cross-site scripting) vulnerability that could lead to remote code execution. Threat actors could exploit it to take complete control of the ConnectWise…
RCE Vulnerabilities found in IKE
Numerous exploits have been found in the wild targeting Windows Internet Key Exchange Protocol Extensions. The discovered vulnerabilities could have been exploited to target systems. The attacks observed would be…
F5 address CSRF and RCE vulnerabilities in BIG-IP
F5 released patches for vulnerabilities affecting its BIG-IP and BIG-IQ networking devices that could result in remote code execution (RCE). The vulnerability CVE-2022-41622 leaves BIG-IP and BIG-IQ vulnerable to unauthenticated…