Alerts

SolarWinds has released security updates to fix multiple vulnerabilities in SolarWinds Platform and Server & Application Monitor. The severity of the addressed vulnerabilities could allow the attacker with privileges to execute arbitrary commands on the affected product. Sample of the addressed vulnerabilities: 1. SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-23836): • CVSS: 8.8 • Attack Vector: […]

Mozilla has released security updates to fix vulnerabilities in Firefox 110 and Firefox ESR 102.8. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Weak Security (CVE-2023-25737):

Apple has released security updates to address multiple vulnerabilities including a zero-day vulnerability in Safari 16.3, and macOS Ventura 13.2.1. The addressed vulnerabilities could allow the attacker to obtain information, escalate privileges, or gain access to the affected system by persuading a victim to open specially crafted web content. The actively exploited zero-day vulnerability tracked as (CVE-2023-23529) is

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (5) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BPC MS 10.0, SAP BusinessObjects Business Intelligence platform, SAP NetWeaver Process Integration, SAP NetWeaver AS for Java, SAP NetWeaver

Trend Micro has released a security update to address vulnerabilities in Trend Micro Apex One and Apex One as a Service. The severity of the addressed vulnerabilities could allow the attacker to perform various attacks such as: gaining elevated privileges and creating arbitrary directories with arbitrary ownership or uploading arbitrary files to a specific directory to fill up the

Microsoft has released an updated Microsoft Edge stable version (110.0.1587.41) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The severity of the addressed vulnerabilities could allow the remote attacker to gain access, or perform denial of service or spoofing attacks on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-23374): •

Palo Alto has released security updates to fix multiple vulnerabilities in Cortex XSOAR, and Cortex XDR Agent. The severity of the addressed vulnerabilities could allow the attacker to obtain information or cause a denial of service on the affected systems. Sample of the addressed vulnerabilities: Cortex XSOAR Server Local File Disclosure Vulnerability (CVE-2023-0003): • CVSS: 6.5 •

Google has released an updated Chrome version (110.0.5481.77/.78) for Windows and (110.0.5481.77) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, bypass security restrictions, or cause a denial of service by persuading the victim to visit a specially crafted webpage on the affected system. Sample

OpenSSL has released security updates to fix multiple vulnerabilities in multiple versions. The addressed vulnerability could allow the remote attacker to obtain sensitive information, or cause a denial of service attack by passing arbitrary pointers to a memcmp call or sending an overly large number of trial messages for decryption on the affected systems. Sample of the addressed vulnerabilities:

VMware has released a security update to fix vulnerabilities in VMware Workstation 17 and vRealize Operations (vROps). The addressed vulnerabilities could allow the authenticated attacker to bypass security restrictions, gain access to the affected systems by sending a speciallycrafted or malicious HTTP request to trick the authenticated user into visiting a harmful website, allowing the attacker to perform a

Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco IOS XE Software, 800 Series Industrial ISRs, Catalyst Access Points (COS-APs), CGR1000 Compute Modules, RV340 Dual WAN Gigabit VPN Routers, RV340W Dual WAN Gigabit Wireless-AC VPN Routers, RV345 Dual WAN Gigabit VPN Routers,

F5 has released security updates to fix several vulnerabilities across multiple F5 products. The addressed vulnerabilities could allow the attacker to take control of the affected system by sending a specially crafted request to disclose information, escalate privileges, or cause a denial of service attack. Samples of the addressed vulnerabilities: 1. iControl SOAP Vulnerability (CVE-2023-22374): • CVSS: 8.5

Google has released an updated Chrome version (109.0.5414.119/.120) for Windows, and (109.0.5414.119) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage. Sample of the addressed vulnerabilities: Google Chrome

ManageEngine has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, manipulate data, or obtain information from the affected system. Sample of the addressed vulnerabilities: 1. ManageEngine ServiceDesk Plus MSP Security Bypass Vulnerability (CVE-2023-22964): • CVSS: 8.1 • Attack Vector: Network • Attack Complexity: High