Alerts

SonicWall has released security updates to fix multiple vulnerabilities in NetExtender Windows (32 and 64-bit) 10.2.336 and earlier versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges on affected systems by sending a specially crafted request. The addressed vulnerabilities: 1. SonicWall NetExtender Pre-Logon Vulnerability (CVE-2023-44218): CVSS: 8.8 Attack Vector: Adjacent Attack Complexity: […]

Google has released an updated Chrome version (117.0.5938.149/.150) for Windows, and (117.0.5938.149) for Mac and Linux to fix a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2023-5346):

Mozilla has released an updated Firefox version 118.0.1, and Firefox ESR version 115.3.1 to fix a zero-day vulnerability exploited in the wild. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Mozilla Firefox Heap Buffer

F5 has released security updates to fix several vulnerabilities across multiple versions of BIG-IP APM Clients. The addressed vulnerabilities could allow the attacker within the local network to send IP traffic outside of the VPN tunnel and bypass security restrictions, or obtain sensitive information from the affected systems. The addressed vulnerabilities: 1. F5 BIG-IP Security

Google has released an updated Chrome version (117.0.5938.132) for Windows, Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially-crafted website. Sample of the addressed vulnerabilities: Google Chrome Heap Buffer Overflow

Mozilla has released an updated Firefox version 118, and Firefox ESR version 115.3 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain sensitive information, perform denial of service attacks, or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample

Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or trigger denial of service attacks on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

VMware has released a security update to address a vulnerability that affects Aria Operations. The addressed vulnerability could allow the local attacker with administrator privileges to gain ‘root’ privileges on the affected system. VMware Aria Operations Privilege Escalation Vulnerability (CVE-2023-34043): CVSS: 6.7 Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Consequences:

Drupal has released a security update to fix a vulnerability that affects multiple versions of Drupal Core. The addressed vulnerability could allow the remote attacker to obtain sensitive information from the affected products by sending specially crafted requests. This vulnerability only affects sites with the JSON: API module enabled and can be mitigated by uninstalling

MOVEit Transfer has released security updates to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to perform either cross-site scripting attack by sending specially crafted URLs, or SQL injection attack to view, add, modify, or delete information in the back-end database on the affected system.

Apple has released security updates to address three zero-day vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, elevate the privilege, and bypass security restrictions on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Platform 2023.3 and prior versions. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands with NETWORK SERVICE privileges on the affected system. The addressed vulnerabilities: 1. SolarWinds Platform Command Execution Vulnerability (CVE-2023-23840): CVSS: 6.8 Attack Vector: Adjacent Network Attack Complexity:

Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or trigger a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Bitbucket Server, Data Center Code Execution (CVE-2023-22513): CVSS: 8.5 Attack Vector:

Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, or manipulate files on the affected products. Sample of the addressed vulnerabilities: 1- Fortinet FortiWeb Code Execution Vulnerability (CVE-2023-34984): CVSS: 7.1 Attack Vector: Network Attack Complexity: High Privileges Required: None

Microsoft Edge has released an updated Microsoft Edge Stable version (117.0.2045.31), and version 109 (109.0.1518.140) to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to exploit it through a malicious WebP image, when the victim opens the compromised image it could trigger a heap buffer overflow within the content process, potentially

Fortinet has released security updates to fix several vulnerabilities in FortiProxy, FortiADC, and FortiOS. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, or gain access to the affected products and inject malicious script into the webpage to steal the victim’s cookie-based authentication credentials. The addressed vulnerabilities: 1. FortiADC – Command Injection

Apache has released a security update to address a vulnerability in Apache Tomcat Connectors. The addressed vulnerability could allow the remote attacker to obtain sensitive information caused by a flaw in the mod_jk component by sending a specially crafted HTTP request. Apache Tomcat Connectors Information Disclosure (CVE-2023-41081): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low