Alerts

F5 has released security updates to fix several vulnerabilities across multiple versions of BIG-IP APM Clients. The addressed vulnerabilities could allow the attacker within the local network to send IP traffic outside of the VPN tunnel and bypass security restrictions, or obtain sensitive information from the affected systems. The addressed vulnerabilities: 1. F5 BIG-IP Security […]

Google has released an updated Chrome version (117.0.5938.132) for Windows, Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially-crafted website. Sample of the addressed vulnerabilities: Google Chrome Heap Buffer Overflow

Mozilla has released an updated Firefox version 118, and Firefox ESR version 115.3 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain sensitive information, perform denial of service attacks, or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample

Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or trigger denial of service attacks on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

VMware has released a security update to address a vulnerability that affects Aria Operations. The addressed vulnerability could allow the local attacker with administrator privileges to gain ‘root’ privileges on the affected system. VMware Aria Operations Privilege Escalation Vulnerability (CVE-2023-34043): CVSS: 6.7 Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Consequences:

Drupal has released a security update to fix a vulnerability that affects multiple versions of Drupal Core. The addressed vulnerability could allow the remote attacker to obtain sensitive information from the affected products by sending specially crafted requests. This vulnerability only affects sites with the JSON: API module enabled and can be mitigated by uninstalling

MOVEit Transfer has released security updates to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to perform either cross-site scripting attack by sending specially crafted URLs, or SQL injection attack to view, add, modify, or delete information in the back-end database on the affected system.

Apple has released security updates to address three zero-day vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, elevate the privilege, and bypass security restrictions on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Platform 2023.3 and prior versions. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands with NETWORK SERVICE privileges on the affected system. The addressed vulnerabilities: 1. SolarWinds Platform Command Execution Vulnerability (CVE-2023-23840): CVSS: 6.8 Attack Vector: Adjacent Network Attack Complexity:

Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or trigger a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Bitbucket Server, Data Center Code Execution (CVE-2023-22513): CVSS: 8.5 Attack Vector:

Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, or manipulate files on the affected products. Sample of the addressed vulnerabilities: 1- Fortinet FortiWeb Code Execution Vulnerability (CVE-2023-34984): CVSS: 7.1 Attack Vector: Network Attack Complexity: High Privileges Required: None

Microsoft Edge has released an updated Microsoft Edge Stable version (117.0.2045.31), and version 109 (109.0.1518.140) to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to exploit it through a malicious WebP image, when the victim opens the compromised image it could trigger a heap buffer overflow within the content process, potentially

Fortinet has released security updates to fix several vulnerabilities in FortiProxy, FortiADC, and FortiOS. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, or gain access to the affected products and inject malicious script into the webpage to steal the victim’s cookie-based authentication credentials. The addressed vulnerabilities: 1. FortiADC – Command Injection

Apache has released a security update to address a vulnerability in Apache Tomcat Connectors. The addressed vulnerability could allow the remote attacker to obtain sensitive information caused by a flaw in the mod_jk component by sending a specially crafted HTTP request. Apache Tomcat Connectors Information Disclosure (CVE-2023-41081): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low

Cisco has released security updates to fix multiple vulnerabilities in Cisco IOS XR Software. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, perform denial of service attacks, or bypass security restrictions on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IOS XR Code Execution Vulnerability (CVE-2023-20236): CVSS: 6.7

Palo Alto has released security updates to address vulnerabilities affecting PAN-OS and Cortex XDR Agent. The addressed vulnerabilities could allow the attacker to cause denial of serviceattacks on the affected products, or allow the local user to disable the Cortex XDRagent on the vulnerable Windows devices. The addressed vulnerabilities: 1. PAN-OS: Denial-of-Service Vulnerability in BGP

Google has released an updated Chrome version (117.0.5938.62/.63) for Windows, (117.0.5938.62) for Linux, and Mac and (109.0.5414.165) for Windows Server 2012, and Windows Server 2012 R2 only to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, and gain access to the affected system by persuading