Alerts

Oracle released its critical patch updates for July 2023, containing (508) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update includes security updates addressing numerous vulnerabilities that could potentially be exploited remotely without authentication. The affected product […]

Citrix has released security updates to address several vulnerabilities in Citrix ADC, and Citrix Gateway. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, perform cross-site scripting attacks, or gain elevated privileges on the affected systems. The addressed vulnerabilities: 1. Citrix ADC, Citrix Gateway Unauthenticated Remote Code Execution (CVE- 2023-3519):

Adobe has released security updates to fix multiple vulnerabilities in Adobe ColdFusion. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system via the deserialization of untrusted data or bypass security restrictions by persuading the victim to open a specially crafted file. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion

Cisco has released a security update to fix a critical vulnerability in Cisco SD-WAN vManage software. The addressed vulnerability could allow the remote attacker to gain access, gain read permissions, or limited write permissions to the configuration, or obtain sensitive information from the affected Cisco SD-WAN vManage instance by sending a crafted API request. Cisco

SonicWall has released security updates to fix multiple vulnerabilities affecting multiple SonicWall products. The addressed vulnerabilities could allow the attacker to bypass authentication, directory traversal, or disclose information on the affected systems. Sample of the addressed vulnerabilities: 1. Password Hash Read via Web Service (CVE-2023-34134): CVSS: 9.8 Attack Vector: Network Attack Complexity: High Privileges Required:

Citrix has released security updates to address several vulnerabilities in Citrix Secure Access Client. The addressed vulnerabilities could allow the attacker to execute arbitrary code or gain elevated privileges on the affected systems. The addressed vulnerabilities: 1. Citrix Secure Access Client for Ubuntu Code Execution (CVE-2023-24492): CVSS: 9.6 Attack Vector: Network Attack Complexity: Low Privileges

Fortinet has released security updates to fix several vulnerabilities in multiple Fortinet products. The addressed vulnerabilities could allow the attacker to overflow a buffer, execute arbitrary code, directory traversal, obtain sensitive information, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: Fortinet FortiOS and Fortinet FortiProxy Buffer

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed six actively exploited zero-day vulnerabilities. Microsoft has fixed (132) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform remote code execution on the affected products. July’s Patch Tuesday was released to fix security

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP ECC and SAP S/4HANA (IS-OIL), SAP NetWeaver, SAP Web Dispatcher, SAP UI5

MOVEit Transfer has released a security update to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, or SQL injection attacks to view, add, modify, or delete information in the back-end database on the affected system. Sample of the addressed