Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)December 13, 2022
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
CVE-2022-27518: Unauthenticated RCE in Citrix ADC and GatewayDecember 13, 2022
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
CVE-2022-42475: Fortinet Patches Zero Day in FortiOS SSL VPNsDecember 12, 2022
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently.
CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass VulnerabilityNovember 9, 2022
Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability.
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)November 8, 2022
Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild.
CVE-2022-3786 and CVE-2022-3602: OpenSSL Patches Two High Severity VulnerabilitiesNovember 1, 2022
OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.
CVE-2021-39144: VMware Patches Critical Cloud Foundation Vulnerability in XStream Open Source LibraryOctober 26, 2022
VMware issues patches for end-of-life versions of Cloud Foundation Network Security Virtualization for vSphere (NSX-V) to address a critical vulnerability in an open source library. Background ...
Oracle October 2022 Critical Patch Update Addresses 179 CVEsOctober 19, 2022
Oracle addresses 179 CVEs in its fourth and final quarterly update of 2022 with 370 patches, including 56 critical updates.
Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)October 11, 2022
Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws.
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)October 7, 2022
CISA, the NSA and FBI issue a joint advisory detailing the top 20 vulnerabilities exploited by state-sponsored threat actors linked to the People’s Republic of China.
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxyOctober 7, 2022
Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access.
CVE-2022-41040 and CVE-2022-41082: ProxyShell Variant Exploited in the WildSeptember 30, 2022
Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available.