CVE-2022-37437: Amazon vulnerability

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies Read more…

CVE-2022-28757: Zoom vulnerability

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. How to mitigate CVE-2022-28757 Time needed: 5 minutes. The Read more…

CVE-2022-28756: Zoom vulnerability

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. How to mitigate CVE-2022-28756 Time needed: 5 minutes. The Read more…

CVE-2022-28752: Zoom vulnerability

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user. How to mitigate CVE-2022-28752 Time needed: 5 minutes. The instructions will assist you in mitigating Read more…

CVE-2022-28751: Zoom vulnerability

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. How to mitigate CVE-2022-28751 Time needed: 5 minutes. The Read more…