Alerts

Mozilla has released an updated Firefox version 117.0.1, Firefox ESR versions 115.2.1, and 102.15.1 to fix a zero-day vulnerability exploited in the wild. The addressed vulnerability could allow the remote attacker to exploit it through a malicious WebP image, when the victim opens the compromised image it could trigger a heap buffer overflow within the […]

Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe Connect, and Adobe Experience Manager. The addressed vulnerabilities could allow the attacker to steal the victim’s cookiebased authentication credentials or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe

Zoom has released security updates to fix vulnerabilities in Zoom CleanZoom, Zoom clients, and Zoom Desktop Client for Windows and Linux. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, or gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom CleanZoom Privilege Escalation Vulnerability (CVE-2023-39201): CVSS:

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed two actively exploited zero-day vulnerabilities. September’s Patch Tuesday was released to fix security flaws in several Microsoft products such as .NET Framework, 3D Builder, Windows Server 2012, Windows RT 8.1, Windows 10 x64, Microsoft Exchange Server, Microsoft Azure,

Google has released an updated Chrome version (116.0.5845.187/188) for Windows, and (116.0.5845.187) for Linux, and Mac to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to overflow the buffer and execute arbitrary code by persuading the victim to visit a specially craftedwebsite. Google Chrome Buffer Overflow Vulnerability (CVE-2023-4863): CVSS: 8.8 Attack

Cisco has released a security warning to mitigate a zero-day vulnerability across Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). The addressed zero-day vulnerability is located within the web services interface of the Cisco ASA and Cisco FTD devices, specifically the functions that deal with authentication, authorization, and accounting (AAA) functions. This

Aruba has released security updates to fix several vulnerabilities in HPE Aruba Networking (9000, 9200) Series Mobility Controllers and SD-WAN Gateways. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or bypass security restrictions on the affected product  bysending a specially crafted request. Sample of the addressed vulnerabilities: 1. HPE

Apple has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform cross-site scripting attacks, execute arbitrary code, and gain access to the affected products by persuading the victim to open a specially crafted image, attachment, or application. Sample of the addressed vulnerabilities:

Google has released an updated Chrome version (116.0.5845.179/180) for Windows, and (116.0.5845.179) for Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, gain access, or bypass security restrictions on the affected system by persuading the victim to visit a specially crafted website. Sample of the

Aruba has released security updates to address multiple vulnerabilities affecting HPE Aruba Networking Switches. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause denial of service attacks, perform cross-site scripting (XSS) attacks, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Unauthenticated Stored Cross-Site Scripting Vulnerability in

VMware has released a security update to fix a vulnerability across multiple versions of VMware Tools. The addressed vulnerability could allow the attacker with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine to bypass SAML token signature verification on the affected versions of VMware Tools. SAML Token Signature Bypass Vulnerability (CVE-2023-20900): CVSS:

Juniper has released a security update to fix a vulnerability across Junos OS and Junos OS Evolved. The addressed vulnerability could allow the remote attacker to cause a denial of service attack on the affected products by sending a specially crafted BGP UPDATE message. Juniper Networks Junos OS and Junos OS Evolved Denial of Service

Trend Micro has released a security update to fix several reflected cross-site scripting (XSS) vulnerabilities at Trend Micro Mobile Security (Enterprise) version 9.8. The severity of the addressed vulnerabilities could allow the remote attacker to perform reflected cross-site scripting attacks and steal the victim’s cookie-based authentication credential from the affected system by persuading the victim

Mozilla has released an updated Firefox version 117, and Firefox ESR versions 102.15, 115.2 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain sensitive information, perform a denial of service attack, bypass security restrictions, or gain access to the affected system by persuading the victim to visit

Google has released an updated Chrome version (116.0.5845.140) for Linux/Mac and (116.0.5845.140/.141) for Windows to fix a vulnerability. The addressed vulnerability is caused by a use-after-free in MediaStream which could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website.

Microsoft has released an updated Microsoft Edge stable version (116.0.1938.62) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to elevate the privilege or execute arbitrary code on the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge Code Execution Vulnerability (CVE-2023-4427): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low Privileges