Cisco has released a security recommendation to address a high vulnerability in the web UI feature of Cisco IOS XE software when exposed to the internet or to untrusted networks. The addressed vulnerability could allow the remote unauthenticated attacker to create accounts on the affected system with privilege level 15 access. The attacker can then […]
Cisco Security Update – 22 October 2023 Read More »
VMware has released security updates to address vulnerabilities affecting Aria Operations, VMware Cloud Foundation, and VMware Fusion and Workstation. The addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: 1. VMware Aria Operations for Logs
VMware Security Updates – 22 October 2023 Read More »
SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Access Rights Manager 2023.2 and prior versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, and gain access to the affected systems by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights
SolarWinds Security Updates – 22 October 2023 Read More »
Cisco has released a security update to address a vulnerability across the web UI of Cisco Catalyst SD-WAN Manager. The addressed vulnerability could allow the remote authenticated attacker to exploit it by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. After successful exploitation, the attacker could be able
Cisco Security Update – 19 October 2023 Read More »
SonicWall has released security updates to fix multiple vulnerabilities in The SonicOS Management web interface and SSLVPN portal. The addressed vulnerabilities could allow the attacker to gain privilege, perform a denial of service attack, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. SonicWall SonicOS Denial of Service Vulnerability (CVE-2023-39276): CVSS:
SonicWall Security Updates – 18 October 2023 Read More »
Oracle released its critical patch updates for October 2023, containing (387) new security patches for multiple affected products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtain sensitive information, perform denial of service attacks, and gain access to the affected systems. Sample of the addressed vulnerabilities: Oracle MySQL Connectors Denial
Oracle Security Patch Updates October 2023 Read More »
Cisco has released a security recommendation to address a critical vulnerability in the web UI feature of Cisco IOS XE software when exposed to the internet or to untrusted networks. The addressed vulnerability could allow the remote unauthenticated attacker to create accounts on the affected system with privilege level 15 access. The attacker can then
Cisco Security Update – 17 October 2023 Read More »
Samba has released security updates to address vulnerabilities affecting multiple Samba versions. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or perform denial of service attacks on the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Samba Information Disclosure Vulnerability (CVE-2023-4154): CVSS: 7.5
Samba Security Updates – 16 October 2023 Read More »
Write here cURL has released a security update to address vulnerabilities across libcurl and cURL versions before 8.4.0. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and bypass security restrictions on the affected products due to a flaw in the curl_easy_duphandle function and a heap-based buffer overflow caused by the improper handling
cURL Security Update – 15 October 2023 Read More »
Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, perform cross-site scripting attacks, steal the victim’s cookie-based authentication credentials, or traverse directories on the affected systems by sending specially crafted URL requests. Sample of the addressed vulnerabilities: 1. Fortinet FortiSIEM Directory Traversal Vulnerability
Fortinet Security Updates – 15 October 2023 Read More »
Juniper has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, gain elevated privileges, and cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Juniper Networks Junos OS Privilege Escalation (CVE-2023-44194): CVSS: 8.4 Attack
Juniper Security Updates – 12 October 2023 Read More »
Google has released an updated Chrome version (118.0.5993.70/.71) for Windows, and (118.0.5993.70) for Mac and Linux to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the
Google Chrome Security Updates – 11 October 2023 Read More »
F5 has released security updates to fix several vulnerabilities across multiple versions of F5 BIG-IP, BIG-IP (APM), and F5 BIG-IP Next SPK. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary commands, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or gain elevated privileges on the affected systems by
F5 Security Updates – 11 October 2023 Read More »
Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to cause a denial of service, gain elevated privileges, disclose information, execute arbitrary commands, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiSIEM – Remote Unauthenticated OS Command Injection Vulnerability (CVE-2023-34992): CVSS:
Fortinet Security Updates – 11 October 2023 Read More »
Citrix has released security updates to address multiple vulnerabilities across Citrix NetScaler ADC and NetScaler Gateway. The addressed vulnerabilities could allow the remote unauthenticated attacker to trigger a denial of service attack or obtain sensitive information from the affected product if configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an
Citrix Security Updates – 11 October 2023 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Web Intelligence, SAP PowerDesigner Client, SAP NetWeaverAS Java, SAP Business One (B1i) and SAP S/4HANA Core, S/4HANA (Manage Withholding Tax Items), SAP NetWeaver AS for Java
SAP October 2023 Security Patch Day Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed three actively exploited zero-day vulnerabilities. Microsoft has fixed (104) vulnerabilities, with (12) classified as critical as they could allow the attacker to perform remote code execution on the affected products. October’s Patch Tuesday was released to fix security
Microsoft October 2023 Patch Tuesday Read More »
Linux has released security updates to fix multiple vulnerabilities in GNU C Library’s dynamic loader glibc version 2.34 and GNU grub2. The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain sensitive information, gain access, or gain elevated privileges using a maliciously crafted GLIBC_TUNABLES environment variable processed by the ld.so dynamic loader to
Linux Security Updates – 09 October 2023 Read More »
Atlassian has released a security update to address a critical vulnerability across multiple products. The addressed vulnerability could allow the remote attacker to gain elevated privileges on the system, caused by an error related to the /setup/* endpoints on Confluence instances allowing the creation of administrator accounts that can be used to access Confluence instances. Atlassian
Atlassian Security Update – 05 October 2023 Read More »
Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, gain elevated privileges, gain access to the affected products, or perform denial of service attacks by sending a specially crafted HTTP request to a specific API. Sample of the addressed vulnerabilities: 1.
Cisco Security Updates – 05 October 2023 Read More »
