Microsoft security patches sometimes cause other problems, and the July update was no different: after the release, some users found that MS Access runtime applications wouldn’t open. Fortunately, the company deploys a to fix.
July Android Security Bulletin
Google released July updates for its Android operating system, including a fix for a critical security vulnerability in the system component that could lead to remote code execution without additional privileges needed.
Google also fixed serious issues in the kernel, which could lead to information disclosure, and in the framework, which could lead to local elevation of privilege. Meanwhile, vendor-specific fixes from MediaTek, Qualcomm, and Unisoc are available if your device uses these chips. Samsung devices are starting to receive the July patch, and Google too published updates for its Pixel line.
Software maker SAP has released 27 new and updated security notices as part of its July Security Patch Day, fixing several very serious vulnerabilities. Tracked as CVE-2022-35228the most serious issue is an information disclosure flaw in the central management console of the vendor’s Business Objects platform.
Vulnerability allows unauthenticated attacker to obtain network token information, security firm says Onapsis. “Fortunately, an attack like this would require a legitimate user to access the application,” the firm adds. However, it is still important to patch as soon as possible.
Oracle has Posted 349 fixes in its critical July 2022 update, including fixes for 230 vulnerabilities that can be exploited remotely.
Oracle’s April patch update included 520 security fixes, some of which were for CVE-2022-22965 aka Spring4Shell, a remote code execution flaw in the Spring framework. Oracle’s July update continues to fix this issue.
In July, the Oracle Financial Services Applications product family requires the most patches at 59, 17% of the total, followed by Oracle Communications with 56 patches, or 16% of the total, according to the security firm. Defensible.
Due to the threat posed by a successful attack, Oracle “strongly recommends” applying the July security patches as soon as possible.
Software vendor Cisco has fixed Multiple vulnerabilities in Cisco Nexus Dashboard that could allow an attacker to execute arbitrary commands, read or download container image files, or perform cross-site request forgery attacks.
Tracked as CVE-2022-20857 and rated “critical” with a severity score of 9.8 out of 10, one of the worst vulnerabilities could allow an unauthenticated remote attacker to carry out a cross-site request forgery attack on a device affected.
SonicWall urges users to update immediately after emission a patch to fix a critical SQL injection bug. The fault, followed as CVE-2022-22280 with a CVSS score of 9.4, it’s not believed to have been used in any actual attacks yet, but that’s serious. With this in mind, the company advises users to upgrade to GMS 9.3.1-SP2-Hotfix-2 and Analytics 18.104.22.168-Hotfix-1.
Hot on the heels of the June security patch, Atlassian has released another major patch for July, fixing critical vulnerabilities affecting Confluence, Jira, Bamboo, Fisheye, Crucible, and Bitbucket users.
CVE-2022-26136 is a vulnerability in multiple Atlassian products that allows an unauthenticated remote attacker to bypass servlet filters used by proprietary and third-party applications. The vulnerability can cause authentication and cross-site scripting to be bypassed.
The second, tracked as CVE-2022-26137, is a cross-origin resource sharing bypass. vulnerability in several Atlassian products that allows an unauthenticated remote attacker to cause additional servlet filters to be called when the application is processing requests.
Meanwhile, CVE-2022-26138 is a chilling flaw that could allow an unauthenticated remote attacker who knows the hard-coded password to log into Confluence and gain access to all content accessible to users in the group. users.
If you are using the affected products, update them as soon as possible.