WS_FTP has released a security update to address a critical vulnerability affecting WS_FTP Server. The addressed vulnerability could allow the remote attacker to bypass security restrictions and upload a file to a specified location on the operating system hosting the WS_FTP Server application. WS_FTP Server Arbitrary File Upload (CVE-2023-42659): CVSS: 9.1 Attack Vector: Network Attack […]
WS_FTP Security Update – 09 November 2023 Read More »
SolarWinds has released security updates to fix multiple vulnerabilities in SolarWinds products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code with system privileges and gain access to the affected systems. Sample of the addressed vulnerabilities: SolarWinds Network Configuration Manager Directory Traversal Vulnerability (CVE-2023-33226): CVSS: 8 Attack Vector: Adjacent
SolarWinds Security Updates – 08 November 2023 Read More »
Trend Micro has released a security update to fix multiple vulnerabilities across Trend Micro Apex One and Apex One as a Service. The addressed vulnerabilities could allow the attacker to escalate privileges on the affected products. Sample of the addressed vulnerabilities: Agent Link Following Local Privilege Escalation Vulnerability (CVE-2023-47192): CVSS: 7.8 Attack Vector: Local Attack
Trend Micro Security Update – 08 November 2023 Read More »
Google has released an updated Chrome version 119.0.6045.123/.124 for Windows, and 119.0.6045.123 for Mac and Linux to fix a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2023-5996):
Google Chrome Security Update – 08 November 2023 Read More »
Veeam has released a security update to fix several vulnerabilities in Veeam ONE IT infrastructure monitoring and analytics platform versions 11, 11a, and 12. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform cross-site scripting attacks, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1.
Veeam Security Update – 07 November 2023 Read More »
Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, conduct cross-site scripting or perform denial of service attacks, execute arbitrary commands, and gain access to the affected system by sending a specially crafted HTTP request. Sample of the
Cisco Security Updates – 02 November 2023 Read More »
Tenable has released security updates to fix multiple vulnerabilities in several third-party components (curl, OpenSSL, zlib) affecting multiple tenable products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, conduct denial of service attacks, bypass security restrictions, or gain elevated privileges to the affected system by loading a specially crafted file during installation
Tenable Security Updates – 01 November 2023 Read More »
VMware has released a security update to address a vulnerability affecting several versions of VMware Workspace ONE UEM. The addressed vulnerability could allow the remote attacker to conduct phishing attacks by redirecting the victim to arbitrary websites to retrieve the SAML response to login as the victim user. VMware Workspace ONE UEM Open Redirect Vulnerability
VMware Security Update – 01 November 2023 Read More »
Google has released an updated Chrome version (119.0.6045.105/.106) for Windows, and (119.0.6045.105) for Mac and Linux to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the
Google Chrome Security Update – 01 November 2023 Read More »
Atlassian has released a security update to address a critical vulnerability across all versions of Confluence Data Center and Confluence Server products. The addressed vulnerability could allow the unauthenticated remote attacker to cause significant data loss on the vulnerable Confluence Data Center and Server but there is no impact to confidentiality as the attacker cannot
Atlassian Security Update – 31 October 2023 Read More »
Microsoft has released an updated Microsoft Edge stable version (118.0.2088.76) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, conduct spoofing attacks, execute arbitrary code, and gain access to the affected system by persuading the victim to open a specially crafted Adobe PDF file. Sample of the addressed
Microsoft Edge Security Update – 30 October 2023 Read More »
VMware has released security updates to address vulnerabilities affecting VMware Tools version 12.x.x, 11.x.x, 10.3.x macOS and Windows. The addressed vulnerabilities could allow the attacker to gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: VMware Tools Privilege Escalation (CVE-2023-34057): CVSS: 7.8 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User
VMware Security Updates – 29 October 2023 Read More »
F5 has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, launch SQL injection attacks, execute arbitrary commands, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: 1. F5 BIG-IP Command Execution
F5 Security Updates – 28 October 2023 Read More »
Aruba has released a security update to address multiple vulnerabilities across ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to gain elevated privilege, manipulate data, conduct phishing attacks, execute arbitrary commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability (CVE-2023-43506):
Aruba Security Update – 26 October 2023 Read More »
Aruba has released a security update to address multiple vulnerabilities across ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to gain elevated privilege, manipulate data, conduct phishing attacks, execute arbitrary commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability (CVE-2023-43506):
Aruba Security Update – 26 October 2023 Read More »
Tenable has released a security update to fix multiple vulnerabilities in several third-party components (OpenSSL, curl, chosen, datatables) affecting Nessus Network Monitor (NNM) version 6.2.3 and earlier. The addressed vulnerabilities could allow the attacker to escalate privileges to NT AUTHORITYSYSTEM on Windows hosts, perform denial of service attacks, or perform blind SQL injection and manipulate
Tenable Security Update – 26 October 2023 Read More »
Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, bypass security restrictions, perform denial of service attacks, obtain sensitive information, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Apple Safari Code Execution Vulnerability
Apple Security Updates – 26 October 2023 Read More »
VMware has released security updates to fix multiple vulnerabilities affecting VMware vCenter Server, and VMware Cloud Foundation. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending specially crafted requests. Sample of the addressed vulnerabilities: VMware vCenter Server Out-of-Bounds Write Vulnerability
VMware Security Updates – 25 October 2023 Read More »
Mozilla has released an updated Firefox version 119, and Firefox ESR version 115.4 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a denial of service attack, bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a
Mozilla FireFox Security Updates – 25 October 2023 Read More »
Google has released an updated Chrome version (118.0.5993.117/.118) for Windows, and (118.0.5993.117) for Mac and Linux to fix a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2023-5472):
Google Chrome Security Update – 25 October 2023 Read More »
