Alerts

Microsoft has released an updated Microsoft Edge Stable Channel (Version 126.0.2592.68) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge (Chromium-based) Code Execution (CVE-2024-6100): CVSS: 8.8 Attack Vector: Network […]

SolarWinds has released a security update to address a vulnerability across multiple SolarWinds products. The addressed vulnerability could allow the unauthenticated attacker to traverse directories and read sensitive files from the host machine on the affected system by sending specific HTTP GET requests. SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995): CVSS: 8.6 Attack Vector: Network Attack

Google has released an updated Chrome version “126.0.6478.114/115” for Windows and Mac, and version “126.0.6478.114” for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests. Sample of the addressed vulnerability: 1. Fortinet FortiOS Buffer Overflow Vulnerability

Mozilla has released an updated Firefox version 127, and Firefox ESR version 115.12 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, bypass security restrictions, conduct spoofing attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed

Google has released an updated Chrome version “126.0.6478.56/57” for Windows and Mac, and version “126.0.6478.54” for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1.

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS Java, ABAP platform, SAP Financial Consolidation, SAP Document Builder, SAP S/4HANA, SAP CRM (WebClient UI), SAP BW/4HANA Transformation and DTP, SAP Student Life Cycle

Trend Micro has released security updates to address several vulnerabilities across multiple Trend Micro products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, perform denial of service attacks, or gain elevated privileges to the affected product. Sample of the addressed vulnerabilities: 1. Trend Micro Deep Security Agent Privilege

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the attacker to execute scripts in the victim’s web browser, perform stored cross-site scripting (XSS), or perform server-side request forgery (SSRF) attacks and gain access to the affected product by sending a specially crafted HTTP request. Sample

SolarWinds has released security updates to address several vulnerabilities across SolarWinds Platform 2024.1 SR 1 and previous versions. The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, or view, add, modify, and delete information in the back-end database on the affected system by sending specially crafted SQL statements to the user interface.

Microsoft has released an updated Microsoft Edge Stable Channel (Version 125.0.2535.85) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, or overflow a buffer and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge

Google has released an updated Chrome version “125.0.6422.141/.142” for Windows and Mac, and version “125.0.6422.141” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, or overflow a buffer and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities:

Ivanti has released a security update to fix a vulnerability in Ivanti Endpoint Manager (EPM). The addressed vulnerability could allow the attacker to execute arbitrary code and gain elevated privileges to the affected systems. Ivanti Endpoint Manager (EPM) Privilege Escalation (CVE-2024-22058): CVSS: 7.8 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None

F5 has released security updates to address several vulnerabilities in NGINX Plus and NGINX Open Source. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or perform denial of service attacks on the affected system. Sample of the addressed vulnerabilities: 1. F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerability

Check Point has released security updates to fix a zero-day vulnerability across multiple Check Point products. The addressed vulnerability could allow the remote attacker to gain unauthorized access to sensitive information on the affected systems once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. Check Point Security Gateways