Microsoft has recently revised the severity for SPNEGO Extended Negotiation security mechanism (NEGOEX) vulnerability to critical from its previous High severity from the September 2022 patch release. The vulnerability is being tracked as CVE-2022-37958.
Cybersecurity Announcements
Cybersecurity Announcement: WordPress Releases Patch for High Severity SQL Injection Vulnerability
WordPress has released version 6.0.2. This security and maintenance release contains patches for 3 vulnerabilities, including a high severity SQL Injection vulnerability in the Links functionality (CVSS Score of 8.0), as well as two Medium Severity Cross-Site Scripting vulnerabilities.
Cybersecurity Announcement: Atlassian Bitbucket Server and Data Center Critical Vulnerability (CVE-2022-36804)
Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that allows remote attackers with access to public repositories or read access to private Bitbucket repositories to execute arbitrary code.
Cybersecurity Announcement: Microsoft Windows Support Diagnostic Tool and Point-to-Point Protocol Remote Code Execution Vulnerability (CVE-2022-34713) and (CVE-2022-30133)
Microsoft released announcements for known vulnerabilities addressed in their Tuesday Patch release. Two are considered Remote Code Execution vulnerabilities, meaning an attacker can exploit the system vulnerabilities remotely.
Cybersecurity Announcement: Django SQL injection vulnerability
Django, an open-source Python-based web framework, has detected a SQL injection vulnerability (CVE-2022-34265) in some recent versions.
Cybersecurity Announcement: Linux Local Privilege Escalation Vulnerability (CVE-2021-4034 PwnKit)
Qualys researchers discovered a Local Privilege Escalation vulnerability (CVE-2021-4034) in polkit’s pkexec, a program that is installed by default on every major Linux distribution.
Cybersecurity Announcement: Critical Illumina vulnerabilities (multiple CVEs)
Four critical vulnerabilities were discovered in Illumina Local Run Manager (LRM), software used by sequencing instruments to aid in genetic analysis.
Cybersecurity Announcement: Microsoft “Follina” zero-day in the wild (CVE-2022-30190)
About the Event A recently discovered zero-day vulnerability in all supported versions of Windows could allow an attacker to execute arbitrary code on affected machines. The flaw, dubbed “Follina”, exists due to improper validation of …
Cybersecurity Announcement: Microsoft Remote Procedure Call Runtime Remote Code Execution Vulnerability
Microsoft released a patch as part of April 2022’s Patch Tuesday for a Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2022-26809). This vulnerability impacts most Windows Server and Desktop versions, including Windows 7 and Windows 11.
Cybersecurity announcement: web fingerprint scanning Tue, Apr 5
Spring announced a remote code execution vulnerability in Spring Core, aka Spring4Shell. Details and actions here.