VMware has released a security update to address several vulnerabilities in multiple VMware products, including VMware vCenter Server and VMware Cloud Foundation. The addressed vulnerabilities could allow the attacker to gain elevated privileges, or execute arbitrary code and gain access to the affected system by sending a specially crafted packet. Sample of the addressed vulnerabilities: […]
VMware Security Update – 23 June 2024 Read More »
Adobe has released security updates to fix multiple vulnerabilities across several Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, escalate privilege, obtain sensitive information, trigger denial of services attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce and Magento
Adobe Security Updates – 13 June 2024 Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests. Sample of the addressed vulnerability: 1. Fortinet FortiOS Buffer Overflow Vulnerability
Fortinet Security Updates – 12 June 2024 Read More »
Mozilla has released an updated Firefox version 127, and Firefox ESR version 115.12 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, bypass security restrictions, conduct spoofing attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed
Mozilla FireFox Security Updates – 12 June 2024 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (51) vulnerabilities, with (1) classified as critical as they could allow the attacker to execute arbitrary code, remote code execution, and gain access to the affected products. June’s Patch Tuesday was released
Microsoft June 2024 Patch Tuesday Read More »
Google has released an updated Chrome version “126.0.6478.56/57” for Windows and Mac, and version “126.0.6478.54” for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1.
Google Chrome Security Update – 12 June 2024 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS Java, ABAP platform, SAP Financial Consolidation, SAP Document Builder, SAP S/4HANA, SAP CRM (WebClient UI), SAP BW/4HANA Transformation and DTP, SAP Student Life Cycle
SAP June 2024 Security Patch Day Read More »
Veeam has released a security update to fix a critical vulnerability across Veeam Recovery Orchestrator. The addressed vulnerability could allow the remote attacker to gain access to the VRO web UI with administrative privileges in the affected system. Veeam Recovery Orchestrator Gain Access Vulnerability (CVE-2024-29855): CVSS: 9 Attack Vector: Network Attack Complexity: High Privileges Required:
Veeam Security Update – 11 June 2024 Read More »
Trend Micro has released security updates to address several vulnerabilities across multiple Trend Micro products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, perform denial of service attacks, or gain elevated privileges to the affected product. Sample of the addressed vulnerabilities: 1. Trend Micro Deep Security Agent Privilege
Trend Micro Security Updates – 10 June 2024 Read More »
PHP has released security updates to fix several vulnerabilities across multiple PHP versions (8.1, 8.2, 8.3). The addressed vulnerabilities could allow the attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected product by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. PHP Code Execution Vulnerability (CVE-2024-4577): CVSS:
PHP Security Updates – 10 June 2024 Read More »
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to execute scripts in the victim’s web browser, perform stored cross-site scripting (XSS), or perform server-side request forgery (SSRF) attacks and gain access to the affected product by sending a specially crafted HTTP request. Sample
Cisco Security Updates – 06 June 2024 Read More »
SolarWinds has released security updates to address several vulnerabilities across SolarWinds Platform 2024.1 SR 1 and previous versions. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, or view, add, modify, and delete information in the back-end database on the affected system by sending specially crafted SQL statements to the user interface.
SolarWinds Security Updates – 05 June 2024 Read More »
Microsoft has released an updated Microsoft Edge Stable Channel (Version 125.0.2535.85) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, or overflow a buffer and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge
Microsoft Edge Security Update – 04 June 2024 Read More »
Google has released an updated Chrome version “125.0.6422.141/.142” for Windows and Mac, and version “125.0.6422.141” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, or overflow a buffer and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities:
Google Chrome Security Update – 02 June 2024 Read More »
Ivanti has released a security update to fix a vulnerability in Ivanti Endpoint Manager (EPM). The addressed vulnerability could allow the attacker to execute arbitrary code and gain elevated privileges to the affected systems. Ivanti Endpoint Manager (EPM) Privilege Escalation (CVE-2024-22058): CVSS: 7.8 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None
Ivanti Security Update – 30 May 2024 Read More »
F5 has released security updates to address several vulnerabilities in NGINX Plus and NGINX Open Source. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or perform denial of service attacks on the affected system. Sample of the addressed vulnerabilities: 1. F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerability
F5 Security Updates – 30 May 2024 Read More »
Check Point has released security updates to fix a zero-day vulnerability across multiple Check Point products. The addressed vulnerability could allow the remote attacker to gain unauthorized access to sensitive information on the affected systems once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Check Point Security Gateways
Check Point Security Update – 29 May 2024 Read More »
OpenSSL has released a security update to fix a critical vulnerability across multiple OpenSSL versions. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected systems by sending a specially crafted request. OpenSSL Code Execution Vulnerability (CVE-2024-4741): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required:
OpenSSL Security Update – 29 May 2024 Read More »
Microsoft has released an updated Microsoft Edge Stable Channel (Version 125.0.2535.67) to address multiple vulnerabilities. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge Code Execution Vulnerability (CVE-2024-5160):
Microsoft Edge Security Update – 26 May 2024 Read More »
Google has released an updated Chrome version “125.0.6422.112/.113” for Windows and Mac, and version “125.0.6422.112” for Linux. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2024-5274): CVSS: 8.8 Attack
Google Chrome Security Update – 26 May 2024 Read More »
