Alerts

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Web Intelligence, SAP PowerDesigner Client, SAP NetWeaverAS Java, SAP Business One (B1i) and SAP S/4HANA Core, S/4HANA (Manage Withholding Tax Items), SAP NetWeaver AS for Java

Linux has released security updates to fix multiple vulnerabilities in GNU C Library’s dynamic loader glibc version 2.34 and GNU grub2. The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain sensitive information, gain access, or gain elevated privileges using a maliciously crafted GLIBC_TUNABLES environment variable processed by the ld.so dynamic loader to

SonicWall has released security updates to fix multiple vulnerabilities in NetExtender Windows (32 and 64-bit) 10.2.336 and earlier versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges on affected systems by sending a specially crafted request. The addressed vulnerabilities: 1. SonicWall NetExtender Pre-Logon Vulnerability (CVE-2023-44218): CVSS: 8.8 Attack Vector: Adjacent Attack Complexity:

Google has released an updated Chrome version (117.0.5938.149/.150) for Windows, and (117.0.5938.149) for Mac and Linux to fix a vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2023-5346):

Mozilla has released an updated Firefox version 118.0.1, and Firefox ESR version 115.3.1 to fix a zero-day vulnerability exploited in the wild. The addressed vulnerability could allow the remote attacker to execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted website. Mozilla Firefox Heap Buffer

F5 has released security updates to fix several vulnerabilities across multiple versions of BIG-IP APM Clients. The addressed vulnerabilities could allow the attacker within the local network to send IP traffic outside of the VPN tunnel and bypass security restrictions, or obtain sensitive information from the affected systems. The addressed vulnerabilities: 1. F5 BIG-IP Security

Google has released an updated Chrome version (117.0.5938.132) for Windows, Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially-crafted website. Sample of the addressed vulnerabilities: Google Chrome Heap Buffer Overflow

Mozilla has released an updated Firefox version 118, and Firefox ESR version 115.3 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain sensitive information, perform denial of service attacks, or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample

Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or trigger denial of service attacks on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

VMware has released a security update to address a vulnerability that affects Aria Operations. The addressed vulnerability could allow the local attacker with administrator privileges to gain ‘root’ privileges on the affected system. VMware Aria Operations Privilege Escalation Vulnerability (CVE-2023-34043): CVSS: 6.7 Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Consequences:

Drupal has released a security update to fix a vulnerability that affects multiple versions of Drupal Core. The addressed vulnerability could allow the remote attacker to obtain sensitive information from the affected products by sending specially crafted requests. This vulnerability only affects sites with the JSON: API module enabled and can be mitigated by uninstalling

MOVEit Transfer has released security updates to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to perform either cross-site scripting attack by sending specially crafted URLs, or SQL injection attack to view, add, modify, or delete information in the back-end database on the affected system.

Apple has released security updates to address three zero-day vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, elevate the privilege, and bypass security restrictions on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Platform 2023.3 and prior versions. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands with NETWORK SERVICE privileges on the affected system. The addressed vulnerabilities: 1. SolarWinds Platform Command Execution Vulnerability (CVE-2023-23840): CVSS: 6.8 Attack Vector: Adjacent Network Attack Complexity: