Multiple Vulnerabilities in VMware Products

______________________________ A. Nature of the Vulnerabilities CVE-2022-31656 (Authentication Bypass Vulnerability) VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. CVE-2022-31657 (URL Injection Vulnerability) continue reading : Multiple Vulnerabilities in VMware Products

Google Chrome Version 103.0.5060.134

______________________________ A. Highlighted Vulnerabilities Contributed By External Researchers CVE-2022-2477 High Use after free in Guest View CVE-2022-2478 High Use after free in PDF CVE-2022-2479 High Insufficient validation of untrusted input in File CVE-2022-2480 High Use after free in Service Worker API CVE-2022-2481 High Use after free in Views CVE-2022-2163 Low Use after free in Cast continue reading : Google Chrome Version 103.0.5060.134

Cisco Addresses Multiple Vulnerabilities in Cisco Nexus Dashboard

______________________________ A. Nature of Vulnerability CVE-2022-20857: Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to access a specific API running in the data network and execute arbitrary commands on an affected device. The vulnerability is due to insufficient access controls for a specific API. continue reading : Cisco Addresses Multiple Vulnerabilities in Cisco Nexus Dashboard

34th Annual FIRST Conference | Neart Le Chéile – Strength Together

First FIRST – Highly deemed as one significant step toward its keen interest for full membership and global recognition, the Philippines has officially expressed its pursuit of becoming one of the affiliates of the Forum of the Incident Response and Security Team (FIRST) through its first-ever in-person attendance and participation at the 34th FIRST Annual continue reading : 34th Annual FIRST Conference | Neart Le Chéile – Strength Together

Follina – A Microsoft Office Code Execution Vulnerability

Security researchers from different organizations have observed a Zero-Day novel vulnerability on Microsoft Office that may allow loading malware from remote servers without detection in a multi-stage attack.  Kevin Beaumont, a security researcher, has named it “Follina” because the retrieved sample infected Word file included the area code of Follina on its filename. Nao Sec continue reading : Follina – A Microsoft Office Code Execution Vulnerability