CVE-2022-47523: ManageEngine Password Manager Pro、PAM360、Access Manager Plus SQL インジェクションの脆弱性
Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years....
CVE-2022-47939: Linux カーネルにおける「緊急」の RCE 脆弱性
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation....
CVE-2022-37958: Microsoft SPNEGO NEGOEX における「緊急」の脆弱性に関するよくある質問
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible....
マイクロソフト 2022 年 12 月月例セキュリティ更新プログラム、47 件の CVE を修正 (CVE-2022-44698)
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710)....
CVE-2022-27518: Citrix ADC および Gateway における脆弱性により認証を必要とせずにリモートからのコード実行が可能
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently....
CVE-2022-42475: Fortinet、FortiOS SSL VPN のゼロデイの脆弱性にパッチを適用
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently....
CVE-2022-27510: Citrix ADC とゲートウェイ認証バイパスにおける「緊急」の脆弱性
Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability....
マイクロソフト 2022 年 11 月月例セキュリティ更新プログラム、62 件の CVE (CVE-2022-41073) を修正
Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild....
CVE-2022-3786、CVE-2022-3602: OpenSSL、深刻度の高い 2 つの脆弱性にパッチを適用
OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7....
CVE-2021-39144: VMware、XStream オープンソースライブラリの「緊急」の Cloud Foundation の脆弱性を修正
VMware issues patches for end-of-life versions of Cloud Foundation Network Security Virtualization for vSphere (NSX-V) to address a critical vulnerability in an open source library. Background On October 25, VMware published VMSA-2022-0027, an advisory for multiple vulnerabilities in its VMw...
Oracle 2022 年 10 月のクリティカルパッチアップデートで 179 件の CVE に対処
Oracle addresses 179 CVEs in its fourth and final quarterly update of 2022 with 370 patches, including 56 critical updates....
マイクロソフト 2022 年 10 月月例セキュリティ更新プログラム、84 件の CVE に対応(CVE-2022-41033)
Microsoft addresses 84 CVEs in its October 2022 Patch Tuesday release, including 13 critical flaws....