Google has released an updated Chrome version (111.0.5563.64/.65) for Windows and (111.0.5563.64) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected […]
Google Chrome Security Update 08 March 2023 Read More »
SonicWall has released security updates to address vulnerabilities in SonicOS which runs on SonicWall firewalls and provides the web management interface for configurations. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or bypass security restrictions on the affected products. Sample of the addressed vulnerabilities: SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656): •
SonicWall Security Updates 05 March 2023 Read More »
Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2. The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system. Sample of the addressed vulnerabilities: 1. Sudo Code Execution Vulnerability (CVE-2023-27320): • CVSS: 9.8 • Attack Vector: Network •
Linux Security Updates 02 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, obtain information, cause a denial of service, and trigger Cross-site Scripting (XSS) or server-side request forgery (SSRF) attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IP Phone Command Injection Vulnerability
Cisco Security Updates 02 March 2023 Read More »
Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, bypass security restrictions, and perform crosssite scripting. Sample of the addressed vulnerabilities: Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity:
Aruba Security Updates 01 March 2023 Read More »
Microsoft has released an updated Edge version (110.0.1587.56) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system. Sample of the addressed vulnerabilities: 1. Edge
Microsoft Edge Security Update 26 February 2023 Read More »
Google has released an updated Chrome version (110.0.5481.177/.178) for Windows and (110.0.5481.177) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 23 February 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or cause a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: Cisco APIC and Cisco Cloud Network Controller CSRF (CVE-2023-20011): • CVSS: 8.8 • Attack Vector: Network • Attack
Cisco Security Updates 23 February 2023 Read More »
VMware has released security updates to fix multiple vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the remote authenticated attacker to read arbitrary files, cause a denial of service attack, conduct an SSRF attack, or execute arbitrary code by using specially-crafted request/XML content to gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware
VMware Security Updates 22 February 2023 Read More »
Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Curl libcurl Denial of Service (CVE-2022-42915): • CVSS: 9.8 • Attack
Tenable Security Updates 22 February 2023 Read More »
Apache has released security updates to address vulnerabilities in multiple products. The addressed vulnerabilities could allow the remote attacker to manipulate data or cause a denial of service attack on the vulnerable system. Sample of the addressed vulnerabilities: Apache Commons FileUpload and Tomcat Denial of Service (CVE-2023-24998): • CVSS: 7.5 • Attack Vector: Network • Attack Complexity:
Apache Security Updates 21 February 2023 Read More »
Atlassian has released security updates to address vulnerabilities in the “Git” utility that affects multiple products. The addressed vulnerabilities could allow the remote attacker to gain access to the affected systems. Sample of the addressed vulnerabilities: Git Integer Overflow Vulnerability (CVE-2022-41903): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity: Low • Privileges Required: None •
Atlassian Security Updates 20 February 2023 Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1. FortiNAC – External Control of File Name or Path in
Fortinet Security Updates 18 February 2023 Read More »
Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform cross-site scripting attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Cisco ClamAV Buffer Overflow (CVE-2023-20032): • CVSS:
Cisco Security Updates 16 February 2023 Read More »
Intel has released security updates to fix several vulnerabilities in multiple products. The addressed vulnerabilities could allow the remote attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, causing a denial of service, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1- Intel Integrated BMC and OpenBMC
Intel Security Updates 16 February 2023 Read More »
SolarWinds has released security updates to fix multiple vulnerabilities in SolarWinds Platform and Server & Application Monitor. The severity of the addressed vulnerabilities could allow the attacker with privileges to execute arbitrary commands on the affected product. Sample of the addressed vulnerabilities: 1. SolarWinds Platform Deserialization of Untrusted Data Vulnerability (CVE-2023-23836): • CVSS: 8.8 • Attack Vector:
SolarWinds Security Updates 16 February 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for three actively exploited zero-day vulnerabilities. Microsoft has fixed (77) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform code execution, bypass security features, elevate privileges, or cause a denial of service. February’s Patch Tuesday
Microsoft February 2023 Patch Tuesday Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 110 and Firefox ESR 102.8. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Mozilla Firefox Weak Security (CVE-2023-25737):
Mozilla FireFox Security Updates 15 February 2023 Read More »
Apple has released security updates to address multiple vulnerabilities including a zero-day vulnerability in Safari 16.3, and macOS Ventura 13.2.1. The addressed vulnerabilities could allow the attacker to obtain information, escalate privileges, or gain access to the affected system by persuading a victim to open specially crafted web content. The actively exploited zero-day vulnerability tracked as (CVE-2023-23529) is
Apple Security Updates 14 February 2023 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (5) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BPC MS 10.0, SAP BusinessObjects Business Intelligence platform, SAP NetWeaver Process Integration, SAP NetWeaver AS for Java, SAP NetWeaver
SAP February 2023 Security Patch Day Read More »
