SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (6) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP 3D Visual Enterprise License Manager, SAP BusinessObjects Intelligence Platform, SAP AS NetWeaver JAVA, SAP IBP […]
SAP May 2023 Security Patch Day Read More »
Microsoft has released an updated Edge version (113.0.1774.35) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct spoofing attacks, bypass security restrictions, or gain Privileges on the affected systems by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Privilege Escalation (CVE-2023-29350):
Microsoft Edge Security Update – 07 May 2023 Read More »
Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port phone adapters. The addressed vulnerability could allow the remote attacker to execute arbitrary code on the affected device with full privileges by upgrading the affected device to a crafted version of the firmware. The addressed vulnerability: Cisco SPA112 2-Port Phone Adapters
Cisco Phone Vulnerable To RCE Attacks – 07 May 2023 Read More »
Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, or trigger cross-site scripting attacks on the affected products. Sample of the addressed vulnerabilities: 1. FortiADC – Command Injection Vulnerability in External Resource Module (CVE-2023-27999): CVSS: 7.6 Attack Vector:
Fortinet Security Updates – 07 May 2023 Read More »
F5 has released security updates to fix several vulnerabilities across multiple F5 products. The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, modify sensitive files, escalate privileges, or cause a denial of service attack on the affected systems. Samples of the addressed vulnerabilities: 1. F5 NGINX Management Suite Vulnerability (CVE-2023-28656):
F5 Security Updates – 04 May 2023 Read More »
Google has released an updated Chrome version (113.0.5672.63/.64) for Windows and (113.0.5672.63) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, cause a denial of service attack, or bypass security restrictions by persuading the victim to visit a specially crafted website. Sample of
Google Chrome Security Update – 03 May 2023 Read More »
Ivanti has released a security update to fix multiple vulnerabilities in Ivanti Avalanche. The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, or bypass security restrictions on the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti Avalanche Security Bypass Vulnerability (CVE-2023-28126): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low
Ivanti Avalanche Security Update – 27 April 2023 Read More »
Cisco has released a security update to fix a zero-day vulnerability across Cisco Prime Collaboration Deployment. The addressed vulnerability could allow the unauthenticated remote attacker to perform a cross-site scripting attack on Cisco prime collaboration deployment caused by improper validation of user-supplied input by the web-based management interface. Cisco Prime Collaboration Deployment Cross-Site Scripting (CVE-2023-20060): CVSS:
Cisco Security Update – 27 April 2023 Read More »
VMware has released a security update to fix multiple vulnerabilities across VMwareWorkstation Pro / Player and VMware Fusion. The addressed vulnerabilities could allow the local attacker to gain access, gain root privilege, or obtain sensitive information from the affected products. Sample of the addressed vulnerabilities: 1. VMware Workstation and Fusion Buffer Overflow (CVE-2023-20869): CVSS: 9.3
VMware Security Update – 26 April 2023 Read More »
Cisco released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, escalate privileges, gain access, or cause a denial of service attack on the affected systems. Samples of the addressed vulnerabilities: 1. Cisco Modeling Labs External Authentication Bypass Vulnerability (CVE-2023-20154): CVSS: 9.1
Cisco Security Updates – 20 April 2023 Read More »
VMware has released a security update to fix multiple vulnerabilities across VMware Aria Operations for Logs (formerly vRealize Log Insight). The addressed vulnerabilities could allow the remote attacker to gain access to the affected appliances via log deserialization and command injection vulnerabilities. 1. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023- 20864): CVSS: 9.8 Attack
VMware Security Update – 20 April 2023 Read More »
Oracle released its critical patch updates for April 2 023, containing (433) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a
Oracle Security Patch Updates April 2023 Read More »
Google has released an updated Chrome version (112.0.5615.137/138) for Windows and (112.0.5615.137) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage. Sample of the addressed vulnerabilities:
Google Chrome Security Update – 19 April 2023 Read More »
Google has released an updated Chrome version (112.0.5615.121) for Windows, Linux, and Mac to fix a zero-day vulnerability. The zero-day vulnerability could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted web page with an unknown input which leads to a type of
Google Chrome Security Update – 15 April 2023 Read More »
Juniper Networks has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, bypass security restrictions, and cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Juniper Networks Junos OS Denial of Service Vulnerability (CVE-2023-28976):
Juniper Networks Security Updates – 13 April 2023 Read More »
Palo Alto has released security updates to fix multiple vulnerabilities in PAN-OS and GlobalProtect App systems. The addressed vulnerabilities could allow the attacker to delete files from the local file system, or expose the plaintext values of secrets stored in the device configuration and encrypted API keys. Sample of the addressed vulnerabilities: PAN-OS: Local File
Palo Alto Security Updates – 13 April 2023 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 112, and Firefox ESR 102.10. The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, conduct a spoofing attack, bypass security restrictions, and cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Mozilla Firefox
Mozilla FireFox Security Updates – 12 April 2023 Read More »
Fortinet has released security updates to address several vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, escalate privileges, bypass security restrictions, obtain information, cause crosssite scripting, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. FortiPresence – Unpassworded Remotely Accessible Redis & MongoDB (CVE-2022-41331):
Fortinet Security Updates – 12 April 2023 Read More »
Adobe has released important security updates for Adobe Acrobat and Reader for Windows and macOS. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, cause a memory leak, or gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Reader Code Execution
Adobe Security Updates – 12 April 2023 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Diagnostics Agent, SAP Business Client, SAP NetWeaver Process Integration, SAP BusinessObjects Business Intelligence Platform (Promotion Management, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP NetWeaver (BI CONT ADDON), SAP NetWeaver Enterprise Portal, SAP
SAP April 2023 Security Patch Day Read More »
