Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965).
CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure Vulnerability
Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers.
Cr8escape: How Tenable Can Help (CVE-2022-0811)
CrowdStrike discloses container escape vulnerability affecting CRI-O for Kubernetes. Here’s how Tenable.cs can help you detect vulnerable pods. Background On March 15, CrowdStrike published technical details and a proof-of-concept for CVE-2022-0811, a vulnerability they have named cr8escape,…
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
Private messages between Conti members uncover invaluable information about how the infamous ransomware group hijacks victims’ systems. Leaked internal chats between Conti ransomware group members offer a unique glimpse into its inner workings and provide valuable insights, including details on…
Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)
<p>Microsoft addresses 71 CVEs in its March 2022 Patch Tuesday release, including three vulnerabilities that were publicly disclosed as zero-days.</p>
Government Advisories Warn of APT Activity Resulting from Russian Invasion of Ukraine
Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups. As governments around the world call for heightened cyber vigilance, the reality of our digital world comes into stark relief: there are no boundaries when it…
CVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities
SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system takeover. Background On February 8, SAP disclosed several vulnerabilities in the Internet Communication…
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild.
CVE-2022-20699、CVE-2022-20700、CVE-2022-20708:Critical Flaws in Cisco Small Business RV Series Routers
Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores. Update February 4: Cisco has updated their advisory to announce partial patches for the RV160 and RV260 Series Routers. The Solution section has been updated with this…
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497…
CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central
ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patches for CVE-2021-44757, a critical authentication bypass in its ManageEngine Desktop Central and…
Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important 0Moderate 0Low Update January 13: The Solutions section has been updated to reflect…