Alerts

SolarWinds has released a security update to fix a vulnerability in SolarWinds platform. The addressed vulnerability could allow the attackers with low-privileged accounts to launch SQL injection attacks and then they could view, add, modify, or delete the data on the vulnerable system. SQL Injection Remote Code Execution Vulnerability (CVE-2023-40056): CVSS: 8 Attack Vector: Adjacent […]

IBM has released security updates to fix multiple vulnerabilities in IBM Db2 versions 10.5.0.x, 11.1.4.x, and 11.5.x. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or gain elevated privileges by executing routines that they shouldn’t have access to on the vulnerable system. Sample of the addressed vulnerabilities: 1.

Apple has released security updates to address multiple vulnerabilities across macOS Monterey, Ventura, Sonoma and Safari. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected systems by persuading the victim to visit a specially crafted website. The addressed vulnerabilities: 1. Apple Safari, and

Microsoft has released an updated Microsoft Edge Stable version (119.0.2151.97) and an Extended Stable version (118.0.2088.122) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge

ache has released security updates to address several vulnerabilities in Apache Tomcat versions prior to 9.0.83. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, conduct denial of service attacks, bypass web application firewall protection, conduct XSS attacks, and gain access to the affected system by sendinga specially crafted HTTP(S) trailer header.

Google has released an update Chrome version 119.0.6045.199/.200 for Windows,and 119.0.6045.199 for Mac and Linux to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google Chrome Code Execution Vulnerability (CVE-2023-6351):

Trellix has released a security update to fix a vulnerability in Trellix Application and Change Control ePO extension “8.3.8.x” and earlier versions. The addressed vulnerability could allow the remote attacker to access the “Inventory” section of the ePO extension and upload a specially crafted GTI reputation file. This flaw is only applicable to on-premises ePO

Referring to EG-FinCIRT report ID 36/2023 “LockBit V3.0 Ransomware”, Security researchers detected that LockBit V3.0 ransomware operation has increased its activity recently against Middle Eastern organizations. LockBit v3.0 is a Windows ransomware program written in C programming language. It operates as a ransomware-as-a-service (RaaS) model, meaning it is available for use by different affiliates. The

Mozilla has released an updated Firefox version 120, and Firefox ESR version 115.5 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a denial of service attack, bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a

Splunk has released a security update to fix multiple vulnerabilities across several Splunk products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, perform cross-site scripting attacks, or gain access to the affected systems. Sample of the addressed vulnerabilities: Splunk Enterprise Code Execution Vulnerability (CVE-2023-46214): CVSS: 8.0 Attack Vector: Network Attack Complexity:

Tenable has released security updates to fix two vulnerabilities across multiple Tenable Nessus versions. The addressed vulnerabilities could allow the remote attacker with administrator privileges to overwrite arbitrary files on the remote host, which could lead to a denial of service condition. Sample of the addressed vulnerabilities: Tenable Nessus Denial of Service Vulnerability (CVE-2023-6062): CVSS:

Cisco has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the attacker to bypass security, perform cross-site scripting attacks, gain elevated privileges, or trigger denial of services attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco Identity Services Engine Security Bypass (CVE-2023-20272): CVSS: 6.7 Attack

Zoom has released security updates to fix several vulnerabilities in multiple products such as Zoom Clients, Zoom Rooms for macOS, Zoom Desktop Client for Windows, and Zoom VDI Client. The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger denial of service attacks, or gain elevated privileges on the affected system by sending

Google has released an updated Chrome version 119.0.6045.159/.160 for Windows, and 119.0.6045.159 for Mac and Linux to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and gain access to the affected system or cause the application to crash by persuading a victim to visit a specially crafted web

Intel has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privileges, or trigger a denial of services attack on the affected system. Sample of the addressed vulnerabilities: 1. Intel NUC Software Privilege Escalation Vulnerability (CVE-2023-28737): CVSS: 8.8 Attack Vector: Local