Web Client Common 1011415 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-16) - 3
Web Server Common 1011414 - SuiteCRM Remote Code Execution Vulnerability (CVE-2020-28328)
Web Server HTTPS 1011395* - Lighttpd Denial of Service Vulnerability (CVE-2022-22707) 1011406 - SalesAgility SuiteCRM Remote Code Execution Vulnerability (CVE-2022-23940)
MySQL Cluster 1011222* - Oracle MySQL Cluster Management Remote Code Execution Vulnerability (CVE-2021-35590)
MySQL Cluster NDBD 1011362* - Oracle MySQL Cluster Data Node Buffer Overflow Vulnerability (CVE-2021-35621) 1011389* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355) 1011391* - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357) 1011385* - Oracle MySQL Cluster Data Node Remote Code Execution Vulnerability (CVE-2021-35592) 1011390* - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
Web Server Common 1011343* - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001) 1011377* - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833) 1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963)
Web Server HTTPS 1011395 - Lighttpd Denial of Service Vulnerability (CVE-2022-22707)
Web Server Miscellaneous 1011396 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21616) 1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Database Microsoft SQL 1000917* - Restrict Microsoft SQL Server XP_CMDSHELL Procedure
MySQL Cluster NDBD 1011389 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21355) 1011391 - Oracle MySQL Cluster Data Node Information Disclosure Vulnerability (CVE-2022-21357) 1011390 - Oracle MySQL Cluster Data Node Stack-based Buffer Overflow Vulnerability (CVE-2022-21356)
Web Server Common 1011343 - BMC Track-It Information Disclosure Vulnerability (CVE-2021-35001) 1011377 - Django Infinite Loop Denial of Service Vulnerability (CVE-2022-23833)
Web Server Miscellaneous 1010461* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2019-0230)
Web Server Oracle 1010223* - Oracle WebLogic Java Messaging Service Unspecified Vulnerability (CVE-2016-0638)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Web Client Common 1011383 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0289)
Web Server Common 1011371* - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963) 1011372* - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
Web Server Miscellaneous 1011378 - Eclipse Jetty Unauthenticated Information Disclosure Vulnerability (CVE-2021-28169) 1011376* - VMware Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-2022-22947)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Web Client Common 1011367 - Chromium Based Browsers Incorrect Authorization Vulnerability (CVE-2022-0309) 1011368 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-0297) 1011374 - Chromium Use After Free Vulnerability (CVE-2022-0609)
Web Client Mozilla Firefox 1011361 - Mozilla Firefox Use-After-Free Remote Code Execution Vulnerability (CVE-2022-26381)
Web Server Common 1011371 - Spring Cloud Function Remote Code Execution Vulnerability (CVE-2022-22963) 1011372 - Spring Framework "Spring4Shell" Remote Code Execution Vulnerability (CVE-2022-22965)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.