Alerts

Aruba has released a security update to address multiple vulnerabilities across ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to gain elevated privilege, manipulate data, conduct phishing attacks, execute arbitrary commands, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Aruba Networks ClearPass Policy Manager Privilege Escalation Vulnerability (CVE-2023-43506): […]

Tenable has released a security update to fix multiple vulnerabilities in several third-party components (OpenSSL, curl, chosen, datatables) affecting Nessus Network Monitor (NNM) version 6.2.3 and earlier. The addressed vulnerabilities could allow the attacker to escalate privileges to NT AUTHORITYSYSTEM on Windows hosts, perform denial of service attacks, or perform blind SQL injection and manipulate

Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, bypass security restrictions, perform denial of service attacks, obtain sensitive information, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Apple Safari Code Execution Vulnerability

Mozilla has released an updated Firefox version 119, and Firefox ESR version 115.4 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a denial of service attack, bypass security restrictions, execute arbitrary code, and gain access to the affected system by persuading the victim to visit a

Google has released an updated Chrome version (118.0.5993.117/.118) for Windows, and (118.0.5993.117) for Mac and Linux to fix a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2023-5472):

Cisco has released a security recommendation to address a high vulnerability in the web UI feature of Cisco IOS XE software when exposed to the internet or to untrusted networks. The addressed vulnerability could allow the remote unauthenticated attacker to create accounts on the affected system with privilege level 15 access. The attacker can then

VMware has released security updates to address vulnerabilities affecting Aria Operations, VMware Cloud Foundation, and VMware Fusion and Workstation. The addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: 1. VMware Aria Operations for Logs

SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Access Rights Manager 2023.2 and prior versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges, execute arbitrary code, and gain access to the affected systems by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights

Cisco has released a security update to address a vulnerability across the web UI of Cisco Catalyst SD-WAN Manager. The addressed vulnerability could allow the remote authenticated attacker to exploit it by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. After successful exploitation, the attacker could be able

SonicWall has released security updates to fix multiple vulnerabilities in The SonicOS Management web interface and SSLVPN portal. The addressed vulnerabilities could allow the attacker to gain privilege, perform a denial of service attack, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. SonicWall SonicOS Denial of Service Vulnerability (CVE-2023-39276): CVSS:

Oracle released its critical patch updates for October 2023, containing (387) new security patches for multiple affected products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtain sensitive information, perform denial of service attacks, and gain access to the affected systems. Sample of the addressed vulnerabilities: Oracle MySQL Connectors Denial

Samba has released security updates to address vulnerabilities affecting multiple Samba versions. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or perform denial of service attacks on the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Samba Information Disclosure Vulnerability (CVE-2023-4154): CVSS: 7.5

Write here cURL has released a security update to address vulnerabilities across libcurl and cURL versions before 8.4.0. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code and bypass security restrictions on the affected products due to a flaw in the curl_easy_duphandle function and a heap-based buffer overflow caused by the improper handling

Juniper has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, gain elevated privileges, and cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Juniper Networks Junos OS Privilege Escalation (CVE-2023-44194): CVSS: 8.4 Attack

Google has released an updated Chrome version (118.0.5993.70/.71) for Windows, and (118.0.5993.70) for Mac and Linux to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the