firefox

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 100 and Firefox ESR 91.9 and apply the necessary updates. 

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal security advisories SA-CORE-008 and SA-CORE-009 and apply the necessary updates.

Cisco TelePresence Collaboration Endpoint and RoomOS Software H.323 Denial of Service Vulnerability

Advisory ID:cisco-sa-ce-roomos-dos-c65x2Qf2First Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:No workarounds availableCisco Bug IDs:CSCvz55702CVSS Score:Base 7.5CVE-2022-20783CWE-1287 Download CVRFEmail Summary A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to insufficient input validation. An …

Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability

Advisory ID:cisco-sa-uva-static-key-6RQTRs4cFirst Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:No workarounds availableCisco Bug IDs:CSCwa11399CVSS Score:Base 7.5CVE-2022-20773CWE-321 Download CVRFEmail Summary A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA.This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing …

Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

Advisory ID: cisco-sa-vim-privesc-T2tsFUfFirst Published:2022 April 20 16:00 GMTVersion 1.0:FinalWorkarounds:YesCisco Bug IDs:CSCvz96773CVSS Score:Base 7.8CVE-2022-20732CWE-284 Summary A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged …

VMware

VMware Releases Security Updates for Cloud Director

VMware has released security updates to address a remote code execution vulnerability in Cloud Director. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0013 and apply the necessary updates.

Google Chrome

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

CVE-2022-22965 Detail

Current Description A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, …

Google Chrome

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.