Ivanti has released security updates to fix two vulnerabilities across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA Gateways. The addressed vulnerabilities could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Ivanti Connect Secure Remote Code Execution (CVE-2025-0282): CVSS: […]
Ivanti Security Updates – 09 January 2025 Read More »
Google has released an updated Chrome version “131.0.6778.264/.265” for Windows and Mac and “131.0.6778.264” for Linux. The addressed vulnerability could allow the remote attacker to execute arbitrary code to gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2025-0291): CVSS: 8.8 Attack Vector:
Google Chrome Security Update – 08 January 2025 Read More »
SonicWall has released security updates to fix multiple vulnerabilities affecting SonicOS and SonicWALL SSL-VPN. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain sensitive information, gain elevated privileges, conduct server-side request forgery attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1.
SonicWall Security Updates – 08 January 2025 Read More »
Palo Alto has released a security update to fix a vulnerability affecting Palo Alto PAN-OS software. The addressed vulnerability could allow the remote attacker to perform denial of service attacks caused by sending a malicious packet through the data plane of the firewall that reboots the firewall, also repeated attempts to trigger this condition will
Palo Alto Security Update – 29 December 2024 Read More »
Apache has released security updates to address a vulnerability affecting multiple versions of Apache Tomcat. The addressed vulnerability could allow the remote attacker to execute arbitrary code, bypass intended file system access controls, and gain access to the affected systems. Apache Tomcat Code Execution Vulnerability (CVE-2024-56337): CVSS: 8.1 Attack Vector: Network Attack Complexity: High Privileges
Apache Tomcat Security Updates – 24 December 2024 Read More »
Adobe has released a security update to fix a vulnerability in Adobe ColdFusion versions 2023.11 and 2021.17. The addressed vulnerability could allow the remote attacker to access files or directories outside the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. Adobe ColdFusion
Adobe ColdFusion Security Update – 24 December 2024 Read More »
Sophos has released security updates to fix multiple vulnerabilities in Sophos firewall versions 21.0 GA (21.0.0) and older. The severity of the addressed vulnerability could allow the remote attacker to execute remote code and gain access to the affected versions. 1. Sophos firewall pre-auth SQL injection vulnerability (CVE-2024-12727): CVSS: 9.8 Attack Vector: Network Attack Complexity:
Sophos Security Update – 22 December 2024 Read More »
Apache has released security updates to address two vulnerabilities affecting multiple versions of Apache Tomcat. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code, and gain access to the affected systems. The addressed vulnerabilities: 1. Apache Tomcat Code Execution Vulnerability (CVE-2024-50379): CVSS: 9.8 Attack Vector: Network
Apache Tomcat Security Updates – 19 December 2024 Read More »
Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary command/code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiWLM Remote Command/Code Execution Vulnerability (CVE-2023- 34990): CVSS: 9.6 Attack Vector: Network Attack Complexity:
Fortinet Security Updates – 19 December 2024 Read More »
Google has released an updated Chrome version “131.0.6778.204/.205” for Windows and Mac and “131.0.6778.204” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability
Google Chrome Security Update – 19 December 2024 Read More »
The Pumakit Linux rootkit is a recently identified stealthy malware targeting Linux systems. It is structured as a Loadable Kernel Module (LKM), enabling it to function at the kernel level and granting it extensive access to the operating system. The Pumakit Linux rootkit is a recently discovered malware that employs advanced stealth techniques to avoid
Pumakit Linux Rootkit Malware – 15 December 2024 Read More »
Apple has released security updates to address multiple vulnerabilities across macOS Ventura, macOS Sequoia, macOS Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial of services attacks, elevate privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities:
Apple Security Updates – 15 December 2024 Read More »
Splunk has released security updates to fix multiple vulnerabilities affecting several Splunk products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: Splunk Secure Gateway App Remote Code Execution Vulnerability (CVE-2024- 53247): CVSS: 8.8
Splunk Security Updates – 11 December 2024 Read More »
Google has released an updated Chrome version “131.0.6778.139/.140” for Windows and Mac and “131.0.6778.139” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code to gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability
Google Chrome Security Update – 11 December 2024 Read More »
Aruba has released security updatesto fix multiple vulnerabilities affecting several Aruba products. The addressed vulnerabilities could allow the remote attacker to conduct cross-site scripting attacks or denial of service attacks or execute arbitrary commands/codes and gain access to the affected systems. Sample of the addressed vulnerabilities: HPE Aruba Networking ClearPass Authenticated Remote Code Execution Vulnerability
Aruba Security Updates – 11 December 2024 Read More »
Adobe has released security updates to fix several vulnerabilities across Adobe Acrobat and Reader, Adobe Experience Manager (AEM), and Adobe Illustrator. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe
Adobe Security Updates – 11 December 2024 Read More »
Intel has released security updates to address several vulnerabilities affecting multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected systems. Samples of the addressed vulnerabilities: 1. Improper Access Control in the Intel® NUC Software Studio Service Software Vulnerability (CVE-2024-23498): CVSS:
Intel Security Updates – 11 December 2024 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (72) vulnerabilities, with (1) classified as critical as they could allow the attacker to conduct spoofing attacks, gain elevated privileges, perform denial of service attacks, obtain sensitive information, or execute arbitrary code
Microsoft December 2024 Patch Tuesday Read More »
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to manipulate data, bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti CSA Administrative Access Vulnerability (CVE-2024-11639): CVSS:
Ivanti Security Updates – 11 December 2024 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS for JAVA, SAP Web Dispatcher, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server (ABAP), SAP HCM, SAP Product Lifecycle Costing, SAP NetWeaver Administrator
SAP December 2024 Security Patch Day Read More »
