Aruba has released a security update to fix multiple vulnerabilities affecting several versions of HPE Aruba OS. The addressed vulnerabilities could allow the remote attacker to traverse directories, execute arbitrary code, and gain access to the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: HPE Aruba OS Directory Traversal Vulnerability […]
Aruba Security Update – 19 September 2024 Read More »
Google has released an updated Chrome version 129.0.6668.58/.59 for Windows, and Mac and 129.0.6668.58 for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1. Google
Google Chrome Security Update – 18 September 2024 Read More »
VMware has released a security update to address several vulnerabilities across multiple VMware products. The addressed vulnerabilities could allow the attacker to execute buffer overflow attacks, gain elevated privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. VMware vCenter Server Buffer Overflow Vulnerability (CVE-2024-38812): CVSS: 9.8
VMware Security Update – 18 September 2024 Read More »
SolarWinds has released a security update to address multiple vulnerabilities affecting SolarWinds ARM 2024.3 and prior versions. The addressed vulnerabilities could allow the attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. SolarWinds Access Rights Manager Code Execution (CVE-2024-28991): CVSS: 9 Attack Vector: Adjacent
SolarWinds Security Update – 16 September 2024 Read More »
Palo Alto has released security updates to fix multiple vulnerabilities across several Palo Alto products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute buffer overflow attacks, gain elevated privilege, bypass security restrictions, or execute arbitrary commands and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Palo Alto
Palo Alto Security Updates – 12 September 2024 Read More »
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Multiple Cisco Products Privilege Escalation Vulnerability
Cisco Security Updates – 12 September 2024 Read More »
Tenable has released security updates to address multiple vulnerabilities in third-party components (OpenSSL and Expat) that are used by Nessus, and Nessus Agent. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Libexpat
Tenable Security Updates – 12 September 2024 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform, SAP Commerce Cloud, SAP Replication Server, SAP Replication Server, SAP Production and Revenue Accounting, SAP S/4HANA, SAP NetWeaver and SAP Business Warehouse.
SAP September 2024 Security Patch Day Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to perform brute force attacks, obtain sensitive information, conduct man-in-the-middle attacks, retrieve or delete arbitrary files from the underlying filesystem, execute limited and temporary commands on the underlying database, and gain access to the affected
Fortinet Security Updates – 11 September 2024 Read More »
Citrix has released a security update to address multiple vulnerabilities across Citrix Workspace app for Windows. The addressed vulnerabilities could allow the attacker to gain elevated privileges to the affected systems by sending a specially crafted request. The addressed vulnerabilities: 1. Citrix Workspace app for Windows Privilege Escalation Vulnerability (CVE-2024-7889): CVSS: 7.8 Attack Vector: Local
Citrix Security Update – 11 September 2024 Read More »
Google has released an updated Chrome version 128.0.6613.137/.138 for Windows, and Mac and 128.0.6613.137 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability
Google Chrome Security Update – 11 September 2024 Read More »
Elasticsearch has released a security update to fix critical vulnerabilities in Kibana versions 8.10.0 to 8.15.0. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code when Kibana attempts to parse a YAML document containing a crafted payload. Sample of the addressed vulnerabilities: Elasticsearch Kibana Remote Code Execution Vulnerability (CVE-2024-37285): CVSS: 9.1 Attack
Elasticsearch Kibana Security Update – 11 September 2024 Read More »
Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected product. Samples of the addressed vulnerabilities: 1. Intel® Reference Processors Privilege Escalation Vulnerability (CVE-2023-42772): CVSS: 8.2 Attack Vector: Local Attack Complexity:
Intel Security Updates – 11 September 2024 Read More »
Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data in The Agent Portal
Ivanti Security Updates – 11 September 2024 Read More »
Adobe has released security updates to fix several vulnerabilities across Adobe Acrobat Reader, ColdFusion, and Audition. The addressed vulnerabilities could allow the attacker to trigger denial of service attacks or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion Code Execution Vulnerability (CVE-2024-41874): CVSS: 9.8 Attack
Adobe Security Updates – 11 September 2024 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (79) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges
Microsoft September 2024 Patch Tuesday Read More »
Progress has released a security update to address a critical vulnerability affecting LoadMaster 7.2.60.0 and all prior versions and Multi-Tenant Hypervisor 7.1.35.11 and all prior versions. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code, and gain access to the affected LoadMaster’s management interface using a specially crafted HTTP request. Progress
Progress LoadMaster Security Update – 09 September 2024 Read More »
Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the attacker to upload malicious files, obtain sensitive information, manipulate data and files, obtain credentials, gain elevated privileges, execute malicious commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Veeam VSPC
Veeam Security Update – 05 September 2024 Read More »
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or gain elevated privileges to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Smart Licensing Utility Static Credential Vulnerability (CVE-2024-20439): CVSS: 9.8 Attack Vector: Network Attack
Cisco Security Updates – 05 September 2024 Read More »
Mozilla has released an updated Firefox version 130, Firefox ESR version 115.15, and 128.2 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, conduct spoofing attacks, obtain sensitive information, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Code
Mozilla FireFox Security Updates – 04 September 2024 Read More »
