Google has released an updated Chrome version 122.0.6261.57/.58 for Windows and 122.0.6261.57 for Mac and Linux. The addressed vulnerabilities could allow the remote attacker to bypass securityrestrictions, or execute arbitrary code and gain access to the affected system by pesuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: 1. Google […]
Google Chrome Security Update – 21 February 2024 Read More »
Mozilla has released an updated Firefox version 123, and Firefox ESR version 115.8 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct spoofing attacks, cause DNS cache poisoning, perform denial of service attacks, bypass security restrictions, or execute arbitrary code, and gain access to the affected systems by persuading the
Mozilla FireFox Security Update – 21 February 2024 Read More »
ConnectWise has released security updates to fix multiple vulnerabilities across ConnectWise ScreenConnect 23.9.7 and prior. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions and obtain administrative access, or traverse directories and obtain sensitive information by sending a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on
ConnectWise Security Updates – 21 February 2024 Read More »
VMware has released security updates to address several vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the attacker to bypass security restrictions to request and relay service tickets for arbitrary Active Directory Service Principal Names (SPNs), or hijack the user’s session cookie to hijack a privileged EAP session, or gain elevated privileges to
VMware Security Updates – 21 February 2024 Read More »
SolarWinds has released security updates to address several vulnerabilities affecting SolarWinds Platform and SolarWinds Access Rights Manager (ARM). The addressed vulnerabilities could allow the attacker to bypass security restrictions, or execute arbitrary code and gain access to the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights
SolarWinds Security Updates – 16 February 2024 Read More »
Tenable has released a security update to fix multiple vulnerabilities in Tenable Security Center 6.2.1 with Patch SC-202312.1, and earlier. The addressed vulnerabilities could allow the authenticated remote attacker to perform HTML redirection attacks or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: Tenable Security Center Command Injection
Tenable Security Update – 15 February 2024 Read More »
Palo Alto has released security updates to address several vulnerabilities affecting multiple PAN-OS versions. The addressed vulnerabilities could allow the attacker to perform cross-site scripting (XSS) attacks, bypass security restrictions, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the
Palo Alto Security Updates – 15 February 2024 Read More »
F5 has released security updates to address several vulnerabilities in multiple F5 products. The addressed vulnerabilities could allow the authenticated remote attacker to perform denial of service attacks, manipulate data, view, add, modify, or delete information in the back-end database, obtain sensitive information, bypass security restrictions, execute arbitrary commands, and gain access to the affected
F5 Security Updates – 15 February 2024 Read More »
Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or perform denial-of-service attacks on the affected products. Samples of the addressed vulnerabilities: 1. Intel DSA Software Privilege Escalation Vulnerability (CVE-2023-39425): CVSS: 8.8 Attack Vector: Local Attack Complexity:
Intel Security Updates – 14 February 2024 Read More »
Zoom has released security updates to fix several vulnerabilities in multiple products such as Zoom Clients, Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger denial of service attacks, gain elevated privileges, execute arbitrary code, and
Zoom Security Updates – 14 February 2024 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed two actively exploited zero-day vulnerabilities. Microsoft has fixed (73) vulnerabilities, with (5) classified as critical as they could allow the attacker to perform denial of service attacks, gain elevated privileges, obtain sensitive information, or remote code execution on
Microsoft February 2024 Patch Tuesday Read More »
Adobe has released security updates to fix several vulnerabilities across multiple Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, trigger denial of services attacks, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce Code Execution Vulnerability (CVE-2024-20719): CVSS:
Adobe Security Updates – 14 February 2024 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP ABA, SAP NetWeaver AS Java, SAP CRM WebClient UI, SAP IDES Systems, SAP Cloud Connector, SAP GUI, SAP Bank Account Management, SAPCompanion, SAP NetWeaver Application Server ABAP
Report Summary SAP February 2024 Security Patch Day Read More »
Microsoft has released an updated Microsoft Edge Stable Channel (121.0.2277.112) and Microsoft Edge Extended Stable Channel (120.0.2210.175) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code to gain access or cause a buffer overflow into the affected system by persuading the victim to visit a specially crafted website.
Microsoft Edge Security Update – 11 February 2024 Read More »
SonicWall has released security updates to fix several vulnerabilities across multiple SonicWall products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, execute arbitrary code, cause a buffer overflow, or gain access by sending a specially crafted request to the affected products. Sample of the addressed vulnerabilities: 1. SonicWall SonicOS Security Bypass Vulnerability
SonicWall Security Updates – 11 February 2024 Read More »
Ivanti has released security updates to a zero-day vulnerability across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA products. The addressed vulnerability could allow the remote attacker to gain access to restricted resources on unpatched appliances in low-complexity attacks without requiring user interaction or authentication to the affected systems. The addressed vulnerability: Ivanti
Ivanti Security Updates – 10 February 2024 Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, conduct cross-site scripting attacks, gain elevated privileges, obtain sensitive information, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests. Sample of
Fortinet Security Updates – 09 February 2024 Read More »
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to conduct crosssite scripting attacks, cause web cache poisoning by persuading the authenticated user to visit a malicious website, or perform denial of service attacks by submitting a crafted file containing OLE2 content to
Cisco Security Updates – 08 February 2024 Read More »
Veeam has released a security update to fix several vulnerabilities across multiple Veeam products. The addressed vulnerabilities could allow the remote authenticated attacker to obtain sensitive information, such as plans from other scopes, or obtain the service account’s NTLM hash and use this information to launch further attacks against the affected system. The addressed vulnerabilities:
Veeam Security Update – 08 February 2024 Read More »
Tenable has released a security update to fix several vulnerabilities in Nessus with stable version 10.7.0. The addressed vulnerabilities could allow the authenticated remote attacker to conduct cross-site scripting attacks, execute arbitrary scripts, scan DB content, manipulate data, and view, add, modify, or delete information on the affectedsystem. The addressed vulnerabilities: 1. Tenable Nessus SQL
Tenable Security Update – 07 February 2024 Read More »
