SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP PDCE, SAP Commerce, SAP Landscape Management, SAP Document Builder, SAP NetWeaver Knowledge Management XMLEditor, CRM (WebClient UI), SAP Business Warehouse – Business Planning and Simulation, SAP […]
SAP July 2024 Security Patch Day Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the remote attacker to perform cross-site scripting attacks, obtain sensitive information, create users with elevated privileges, or execute arbitrary code or commands and gain unauthorized access to the affected system by sending specially crafted requests. Sample of
Fortinet Security Updates – 10 July 2024 Read More »
Zoom has released security updates to fix several vulnerabilities across multiple Zoom products. The addressed vulnerabilities could allow the attacker to conduct denial of service attacks, or gain elevated privileges to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Zoom Apps for Windows – Improper Input Validation (CVE-2024-27240):
Zoom Security Updates – 10 July 2024 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (142) vulnerabilities, with (4) classified as critical as they could allow the attacker to execute arbitrary code, this could result in remote code execution, gain access, and gain elevated privileges to the
Microsoft July 2024 Patch Tuesday Read More »
Cisco has released a security update to address a vulnerability affecting Cisco NX-OS Software. The addressed vulnerability could allow the local attacker with administrative privileges to execute arbitrary code and gain access to the affected system by sending a specially crafted input. Cisco NX-OS Software Command Execution Vulnerability (CVE-2024-20399): CVSS: 6 Attack Vector: Local Attack
Cisco Security Update – 02 July 2024 Read More »
Apache has released a security update to address several vulnerabilities across Apache HTTP Server 2.4.58 and earlier. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the
Apache Security Update – 02 July 2024 Read More »
OpenSSH released a security update to fix a vulnerability affecting all versions of OpenSSH between 8.5p1 and 9.7p1. The addressed vulnerability could allow the unauthenticated remote attacker to execute arbitrary code with root privileges and gain access to the affected system by sending specially crafted requests. OpenSSH Code Execution Vulnerability (CVE-2024-6387): CVSS: 9.8 Attack Vector:
OpenSSH Security Update – 01 July 2024 Read More »
Microsoft has released an updated Microsoft Edge Stable Channel (Version 126.0.2592.81) to address multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Code Execution Vulnerability (CVE-2024-6290):
Microsoft Edge Security Update – 01 July 2024 Read More »
Juniper has released security updates to fix a critical vulnerability that affects multiple Juniper products. The addressed vulnerability could allow the remote attacker to bypass security restrictions, bypass authentication, and take full control of the affected products by sending specially crafted requests. Juniper Networks Session Smart Router Security Bypass (CVE-2024-2973): CVSS: 10 Attack Vector: Network
Juniper Security Updates – 01 July 2024 Read More »
Progress has released a security update to address several vulnerabilities affecting WhatsUp Gold 23.1.2 and all older versions. The addressed vulnerability could allow the remote attacker to bypass security restrictions, perform denial of services attacks, gain elevated privileges, obtain sensitive information, upload arbitrary files, or execute arbitrary code and gain access to the affected system.
Progress WhatsUp Gold Security Update – 27 June 2024 Read More »
Fortra has released a security update to address several vulnerabilities in multiple Fortra products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, bypass security restrictions, or manipulate data and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276): CVSS: 9.8
Fortra Security Update – 27 June 2024 Read More »
MOVEit Transfer has released security updates to address a critical vulnerability across multiple versions of Progress MOVEit Transfer. The addressed vulnerability could allow the remote attacker to bypass authentication because of inadequate authentication measures. Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806): CVSS: 9.1 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None
MOVEit Transfer Security Update – 26 June 2024 Read More »
Google has released an updated Chrome version “126.0.6478.126/127” for Windows and Mac, and version “126.0.6478.126” for Linux. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution
Google Chrome Security Update – 26 June 2024 Read More »
Trellix has released a security update to fix multiple vulnerabilities across Trellix Intrusion Prevention System. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system. The addressed vulnerabilities: 1. Trellix Intrusion Prevention System Manager Code Execution Vulnerability (CVE-2024-5671): CVSS: 9.8 Attack Vector:
Trellix Security Updates – 23 June 2024 Read More »
Microsoft has released an updated Microsoft Edge Stable Channel (Version 126.0.2592.68) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge (Chromium-based) Code Execution (CVE-2024-6100): CVSS: 8.8 Attack Vector: Network
Microsoft Edge Security Update – 23 June 2024 Read More »
SolarWinds has released a security update to address a vulnerability across multiple SolarWinds products. The addressed vulnerability could allow the unauthenticated attacker to traverse directories and read sensitive files from the host machine on the affected system by sending specific HTTP GET requests. SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995): CVSS: 8.6 Attack Vector: Network Attack
SolarWinds Security Update – 23 June 2024 Read More »
Google has released an updated Chrome version “126.0.6478.114/115” for Windows and Mac, and version “126.0.6478.114” for Linux. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed
Google Chrome Security Update – 23 June 2024 Read More »
VMware has released a security update to address several vulnerabilities in multiple VMware products, including VMware vCenter Server and VMware Cloud Foundation. The addressed vulnerabilities could allow the attacker to gain elevated privileges, or execute arbitrary code and gain access to the affected system by sending a specially crafted packet. Sample of the addressed vulnerabilities:
VMware Security Update – 23 June 2024 Read More »
Adobe has released security updates to fix multiple vulnerabilities across several Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, escalate privilege, obtain sensitive information, trigger denial of services attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce and Magento
Adobe Security Updates – 13 June 2024 Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests. Sample of the addressed vulnerability: 1. Fortinet FortiOS Buffer Overflow Vulnerability
Fortinet Security Updates – 12 June 2024 Read More »
