CVE-2022-22536: SAP Patches Internet Communication Manager Advanced Desync (ICMAD) Vulnerabilities
SAP and Onapsis Research Labs collaborate to disclose three critical vulnerabilities impacting SAP NetWeaver Application Servers. The most severe of the three could lead to full system takeover. Background On February 8, SAP disclosed several vulnerabilities in the Internet Communication…
Microsoft’s February 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-21989)
Microsoft addresses 48 CVEs in its February 2022 Patch Tuesday release, including one zero-day vulnerability that was publicly disclosed, but not exploited in the wild.
CVE-2022-20699、CVE-2022-20700、CVE-2022-20708:Critical Flaws in Cisco Small Business RV Series Routers
Cisco patches 15 flaws in Cisco Small Business RV Series Routers, including three with critical 10.0 CVSSv3 scores. Update February 4: Cisco has updated their advisory to announce partial patches for the RV160 and RV260 Series Routers. The Solution section has been updated with this…
Oracle January 2022 Critical Patch Update Addresses 266 CVEs
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497…
CVE-2021-44757: ZoHo Patches Authentication Bypass in ManageEngine Desktop Central
ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patches for CVE-2021-44757, a critical authentication bypass in its ManageEngine Desktop Central and…
Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs (CVE-2022-21907)
Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important 0Moderate 0Low Update January 13: The Solutions section has been updated to reflect…
CVE-2021-44228,CVE-2021-45046,CVE-2021-4104: 有关 Log4Shell 和关联漏洞的常见问题
与 Log4Shell 和相关漏洞相关的常见问题列表。
Microsoft’s December 2021 Patch Tuesday Addresses 67 CVEs (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild.
Apache Log4j 缺陷:网络安全行业的福岛时刻
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come.
Apache Log4j 缺陷让第三方软件成为关注焦点
Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning.
CVE-2021-44228: Apache Log4j 严重远程代码执行漏洞概念验证现已可用 (Log4Shell)
常用日志记录库 Log4j 2 中的严重漏洞影响了许多服务和应用程序,包括 Minecraft、Steam 和 Apple iCloud。攻击者已经开始主动扫描并试图利用该缺陷。
CVE-2021-41773: Path Traversal Zero-Day in Apache HTTP Server Exploited
The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to reflect the secondary fix the Apache HTTP Server Project released.BackgroundOn October 5, the Apache…
联系我们的销售团队