Palo Alto has released security updates to fix multiple vulnerabilities in PAN-OS and GlobalProtect App systems. The addressed vulnerabilities could allow the attacker to delete files from the local file system, or expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Sample of the addressed vulnerabilities: PAN-OS: Local File […]
Palo Alto Security Updates – 13 April 2023 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 112, and Firefox ESR 102.10. The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, conduct a spoofing attack, bypass security restrictions, and cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Mozilla Firefox
Mozilla FireFox Security Updates – 12 April 2023 Read More »
Fortinet has released security updates to address several vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, escalate privileges, bypass security restrictions, obtain information, cause crosssite scripting, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. FortiPresence – Unpassworded Remotely Accessible Redis & MongoDB (CVE-2022-41331):
Fortinet Security Updates – 12 April 2023 Read More »
Adobe has released important security updates for Adobe Acrobat and Reader for Windows and macOS. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, cause a memory leak, or gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Reader Code Execution
Adobe Security Updates – 12 April 2023 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Diagnostics Agent, SAP Business Client, SAP NetWeaver Process Integration, SAP BusinessObjects Business Intelligence Platform (Promotion Management, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP NetWeaver (BI CONT ADDON), SAP NetWeaver Enterprise Portal, SAP
SAP April 2023 Security Patch Day Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for one actively exploited zero-day vulnerability. Also, Microsoft has released an updated Microsoft Edge version (112.0.1722.34) to fix multiple vulnerabilities. Microsoft has fixed (97) vulnerabilities, with (7) classified as critical as they could allow the attacker to perform remote code
Microsoft April 2023 Patch Tuesday Read More »
Apple has released security updates to address two zero-day vulnerabilities in macOS Ventura 13.3, and Safari 16.4. The addressed vulnerabilities could allow the attacker to gain access by sending specially crafted web content or gain kernel privileges by a specially crafted application. The actively exploited zero-day vulnerabilities: CVE-2023-28205 – A use after free issue in WebKit that could
Apple Security Updates – 09 April 2023 Read More »
Cisco has released security updates to address several vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, gain access, bypass security restrictions, obtain information, cause a denial of service, or trigger a cross-site scripting attack on the affected products. Sample of the addressed vulnerabilities: 1. Cisco Secure Network Analytics Code Execution
Cisco Security Updates – 06 April 2023 Read More »
Google has released an updated Chrome version (112.0.5615.49/50) for Windows and (112.0.5615.49) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, bypass security restrictions, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 06 April 2023 Read More »
Sophos has released security updates to fix multiple vulnerabilities in Sophos Web Appliance versions older than 4.3.10.4. The addressed vulnerabilities could allow the remote attacker to gain access, cause a cross-site scripting attack, or execute arbitrary/JavaScript code on the affected versions. Sample of the addressed vulnerabilities: 1. Sophos Pre-auth Command Injection Vulnerability (CVE-2023-1671): CVSS: 9.8 Attack Vector: Network
Sophos Security Updates – 05 April 2023 Read More »
Samba has released security updates to fix several vulnerabilities in multiple Samba versions. The addressed vulnerabilities could allow the remote attacker to perform several attacks such as: obtaining confidential BitLocker recovery keys from a Samba AD DC caused by an insufficient fix for confidential attribute disclosure vulnerability “CVE-2018-10919” using LDAP filters or deleting the “dnsHostname” attribute from any object in
Samba Security Updates – 02 April 2023 Read More »
In March 2023, security researchers uncovered a sophisticated supply chain attack that employed a trojanized version of the 3CX VoIP desktop client. This attack specifically targeted the clients of 3CX, representing a significant threat to the security of businesses that rely on this popular communication software. 3CX is a widely-used communication software that offers a range of features, including
3CX Supply Chain Attack 01 April 2023 Read More »
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3, and Safari 16.4. The addressed vulnerabilities could allow the attacker to gain privileges, bypass security restrictions, obtain information, or execute arbitrary code on the affected system. Sample of the addressed vulnerabilities:
Apple Security Updates – 28 March 2023 Read More »
Microsoft has released security updates to fix several vulnerabilities across multiple products. The released security updates are fixing security flaws in Snipping tool, Snip & Sketch, and Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary code on the system, cause a denial of service, or trigger a buffer overflow by persuading the
Microsoft Security Updates 26 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, gain access, bypass security restrictions, gain privileges, obtain information, or cause a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: 1. Cisco IOS XE Software Denial of Service (CVE-2023-20027): •
Cisco Security Updates 23 March 2023 Read More »
Google has released an updated Chrome version (111.0.5563.110/.111) for Windows and (111.0.5563.110) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 22 March 2023 Read More »
Adobe has released security updates addressing vulnerabilities in ColdFusion 2018 update 15 and below, and ColdFusion 2021 update 5 and below. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or obtain information from the affected systems. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data Vulnerability (CVE-2023-26359): • CVSS: 9.8 • Attack
Adobe ColdFusion Security Updates 16 March 2023 Read More »
Zoom has released security updates to fix vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to perform remote code execution, gain elevated privileges, or cause a denial of service attack on the affected product. Sample of the addressed vulnerabilities: 1. Improper Trust Boundary Implementation for SMB in Zoom Clients (CVE-2023-22885): • CVSS: 8.3 • Attack
Zoom Security Updates 15 March 2023 Read More »
Aruba has released security updates addressing multiple vulnerabilities in ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to perform various attacks such as elevate privileges, disclose information, perform cross-site scripting, or gain access and execute arbitrary code on the affected systems. Sample of the addressed vulnerabilities: 1. Unauthenticated Arbitrary User Creation Leads to Complete System Compromise (CVE-2023-25589):
Aruba Security Updates 15 March 2023 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 111 and Firefox ESR 102.9. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a spoofing attack, cause a denial of service attack, or execute arbitrary code and gain access to vulnerable systems. Sample of the addressed vulnerabilities: Mozilla Firefox Code Execution Vulnerability (CVE-2023-28177):
Mozilla FireFox Security Updates 15 March 2023 Read More »
