Splunk has released security updates to fix several vulnerabilities across multiple Splunk products. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, or bypass security restrictions caused by the lack of protections for risky SPL commands and persuade the victim to initiate a request within their browser. The addressed vulnerabilities: 1. Splunk […]
Splunk Security Updates – 31 March 2024 Read More »
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, bypass security restrictions, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Cisco IOS XE Software Denial of Service
Cisco Security Updates – 28 March 2024 Read More »
Microsoft has released an updated Microsoft Edge version 123.0.2420.65 and Extended Stable Channel (Version 122.0.2365.113) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge
Microsoft Edge Security Update – 28 March 2024 Read More »
Google has released an updated Chrome version 123.0.6312.86/.87 for Windows and Mac and version 123.0.6312.86 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution
Google Chrome Security Update – 27 March 2024 Read More »
Microsoft has released an updated Microsoft Edge version 123.0.2420.53 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, conduct spoofing attacks, bypass security restrictions, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the
Microsoft Edge Security Update – 24 March 2024 Read More »
Mozilla has released an updated Firefox version 124.0.1, and Firefox ESR version 115.9.1 to fix two zero-day vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected products by fooling range-based bounds check elimination or injecting an event handler into a privileged object. The addressed vulnerabilities:
Mozilla FireFox Security Updates – 23 March 2024 Read More »
Atlassian has released security updates to address several vulnerabilities across multiple products and third-party components included in Atlassian products. The addressed vulnerabilities could allow the attacker to manipulate data, view, add, modify, or delete information in the back-end database, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to
Atlassian Security Updates – 22 March 2024 Read More »
Ivanti has released security updates to fix two critical vulnerabilities across Ivanti Neurons for ITSM and Ivanti Standalone Sentry. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected systems. The addressed vulnerabilities: 1. Ivanti Neurons for ITSM Code Execution Vulnerability (CVE-2023-46808): CVSS: 9.9 Attack Vector: Network
Ivanti Security Updates – 21 March 2024 Read More »
Mozilla has released an updated Firefox version 124, and Firefox ESR version 115.9 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform denial of service attacks, or execute arbitrary code, and gain access to the affected products by persuading the victim to visit a specially crafted website.
Mozilla FireFox Security Updates – 20 March 2024 Read More »
Google has released an updated Chrome version 123.0.6312.58/.59 for Windows and Mac and version 123.0.6312.58 for Linux. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of
Google Chrome Security Update – 20 March 2024 Read More »
Fortra has released security updates to address several vulnerabilities in multiple Fortra products. The addressed vulnerabilities could allow the remote attacker to conduct crosssite scripting attacks, perform directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allow files to be uploaded outside of the intended ‘uploadtemp’ directory by sending specially crafted POST requests,
Fortra Security Updates – 19 March 2024 Read More »
Microsoft has released an updated Microsoft Edge version 122.0.2365.92 to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, conduct spoofing attacks, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft
Microsoft Edge Security Update – 17 March 2024 Read More »
Cisco has released security updates to fix several vulnerabilities in multiple Cisco products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, execute denial of service attacks, bypass security restrictions, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Cisco IOS XR Software Privilege Escalation Vulnerability
Cisco Security Updates – 14 March 2024 Read More »
Apache has released security updates to address two vulnerabilities affecting multiple versions of Apache Tomcat. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks by sending specially crafted WebSocket connections or HTTP/2 requests. Sample of the addressed vulnerabilities: Apache Tomcat Denial of Service Vulnerability (CVE-2024-23672): CVSS: 7.5 Attack Vector: Network
Apache Tomcat Security Updates – 14 March 2024 Read More »
Palo Alto has released security updates to address multiple vulnerabilities affecting GlobalProtect App and PAN-OS. The addressed vulnerabilities could allow the attacker to gain elevated privileges to the affected products. Sample of the addressed vulnerabilities: GlobalProtect App: Local User Can Disable GlobalProtect (CVE-2024-2431): CVSS: 5.7 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User
Palo Alto Security Updates – 14 March 2024 Read More »
ManageEngine has released a security update to address a critical vulnerability across Zoho ManageEngine Desktop Central version 9, build 90055. The addressed vulnerability could allow the remote attacker to upload arbitrary files, execute arbitrary PHP code, and gain access to the affected system by sending a specially crafted HTTP request. ManageEngine Desktop Central Unrestricted File
ManageEngine Security Update – 13 March 2024 Read More »
Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected products. Samples of the addressed vulnerabilities: 1. 4th Generation Intel Xeon Processors using Intel SGX or Intel TDX Privilege Escalation Vulnerability
Intel Security Updates – 13 March 2024 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS ABAP, SAP NetWeaver WSRM, SAP Fiori Front End Server, and SAP ABAP Platform. The attacker could exploit some of these vulnerabilities to bypass security
SAP March 2024 Security Patch Day Read More »
Zoom has released security updates to fix two vulnerabilities across Zoom Rooms Client for Windows before version 5.17.5. The addressed vulnerabilities could allow the local authenticated attacker to trigger denial of service attacks on the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: Zoom Rooms Client for Windows Denial of
Zoom Security Updates – 13 March 2024 Read More »
Google has released an updated Chrome version 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2024-2400): CVSS: 8.8 Attack Vector:
Google Chrome Security Update – 13 March 2024 Read More »
