IBM has released a security update to fix a vulnerability in IBM Financial Transaction Manager for SWIFT Services version 3.2.4. The addressed vulnerability could allow the remote attacker to modify the sending address and the message type of a business transaction. However, these elements of FIN messages are assumed to be immutable in the Message […]
IBM Security Update – 25 December 2023 Read More »
Ivanti has released security updates to fix multiple vulnerabilities affecting all supported versions of Ivanti Avalanche. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, gain access, perform server-side request forgery (SSRF), or trigger denial of services attacks on the affected products. Sample of the addressed vulnerabilities: 1. Ivanti Wavelink Avalanche Premise
Ivanti Security Updates – 21 December 2023 Read More »
Google has released an updated Chrome version 120.0.6099.129/130 for Windows, and 120.0.6099.129 for Mac and Linux to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to execute a buffer overflow attack, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website.
Google Chrome Security Update – 21 December 2023 Read More »
Mozilla has released an updated Firefox version 121, and Firefox ESR version 115.6 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1.
Mozilla FireFox Security Updates – 20 December 2023 Read More »
Microsoft has released an updated Microsoft Edge version 120.0.2210.77 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1. Microsoft Edge Code
Microsoft Edge Security Update – 17 December 2023 Read More »
Ivanti has released security updates to fix multiple vulnerabilities across Ivanti Connect Secure and Ivanti Policy Secure. The addressed vulnerabilities could allow the attacker to gain access, gain elevated privileges, or perform a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti Connect Secure Denial of Service Vulnerability (CVE-2023-39340):
Ivanti Security Updates – 14 December 2023 Read More »
Google has released an updated Chrome version 120.0.6099.109/110 for Windows, and 120.0.6099.109 for Mac and Linux to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google
Google Chrome Security Update – 14 December 2023 Read More »
Fortinet has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. FortiMail Remote Wildcard RADIUS Login Bypass (CVE-2023-47539): CVSS: 9 Attack Vector: Network
Fortinet Security Updates 13 December 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (34) vulnerabilities, with (4) classified as critical as they could allow the attacker to perform remote code execution and spoofing attacks on theaffected products. December’s Patch Tuesday was released to fix security
Microsoft December 2023 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP ECC and SAP S/4HANA (IS-OIL), SAP Commerce Cloud, Business Objects BI Platform SAP GUI for Windows and SAP GUI for Java, SAP BusinessObjects Web
SAP December 2023 Security Patch Day Read More »
Cisco has released a security update to fix two vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code to manipulate file upload parameters and enable path traversal, this can lead to uploading a malicious file used to perform a remote code execution attack on
Cisco Security Update – 13 December 2023 Read More »
Apple has released security updates to address multiple vulnerabilities across macOS Monterey, Ventura, Sonoma and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, and gain access to the affected systems by persuading the victim to visit a specially crafted website. Sample of
Apple Security Updates – 12 December 2023 Read More »
Microsoft has released the latest Microsoft Edge Stable Channel (Version 120.0.2210.61) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security, gain elevated privileges, or disclose sensitive information on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Elevation of Privilege (CVE-2023-35618): CVSS: 9.6 Attack
Microsoft Edge Security Update – 10 December 2023 Read More »
Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Assets Discovery Remote Code Execution (CVE-2023-22523): CVSS: 9.8
Atlassian Security Updates – 06 December 2023 Read More »
Google has released an updated Chrome version 120.0.6099.62/.63 for Windows, and 120.0.6099.62 for Mac and Linux to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the
Google Chrome Security Update – 06 December 2023 Read More »
Tenable has released a security update to fix multiple vulnerabilities in Tenable’s third-party components (OpenSSL, HandlebarsJS, jquery-file-upload) across Nessus Network Monitor 6.3.0 and earlier versions. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of
Tenable Security Update – 04 December 2023 Read More »
SolarWinds has released a security update to fix a vulnerability in SolarWinds platform. The addressed vulnerability could allow the attackers with low-privileged accounts to launch SQL injection attacks and then they could view, add, modify, or delete the data on the vulnerable system. SQL Injection Remote Code Execution Vulnerability (CVE-2023-40056): CVSS: 8 Attack Vector: Adjacent
SolarWinds Security Update – 04 December 2023 Read More »
IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions 10.5.0.x, 11.1.4.x, and 11.5.x. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or gain elevated privileges by executing routines that they shouldn’t have access to on the vulnerable system. Sample of the addressed vulnerabilities: 1.
IBM DB2 Security Updates – 04 December 2023 Read More »
Apple has released security updates to address multiple vulnerabilities across macOS Monterey, Ventura, Sonoma and Safari. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected systems by persuading the victim to visit a specially crafted website. The addressed vulnerabilities: 1. Apple Safari, and
Apple Security Updates – 03 December 2023 Read More »
VMware has released a security update to address a critical vulnerability in the VMware Cloud Director Appliance (VCD Appliance). The addressed vulnerability could allow the remote attacker to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console) to the affected system. VMware Cloud Director Appliance Security Bypass (CVE-2023-34060): CVSS:
VMware Security Update – 03 December 2023 Read More »
