0-Day

• OSNexus Nov 1
• 1 Click RCE on all agents May 11
• CVE-2022-25153 - ITarian Endpoint Manager agent local privilege escalation May 11
• CVE-2022-25152 - Creation of procedure and bypass approvals by any user with a valid session token (ITarian SaaS platform / on-premise) May 11
• CVE-2022-25151 - Session cookie not protected by HttpOnly flag (ITarian SaaS platform / on-premise) May 11
• Itarian May 11

• CVE-2021-42080 - Reflective XSS Aug 11
• CVE-2021-42079 - Server Side Request Forgery (SSRF) Aug 11
• Zero Click RCE May 11
• CVE-2021-32233 and CVE-2021-43977 - Stored XSS May 11