Alerts

Trend Micro has released a security update to address vulnerabilities in Trend Micro Apex One and Apex One as a Service. The severity of the addressed vulnerabilities could allow the attacker to perform various attacks such as: gaining elevated privileges and creating arbitrary directories with arbitrary ownership or uploading arbitrary files to a specific directory to fill up the […]

Microsoft has released an updated Microsoft Edge stable version (110.0.1587.41) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The severity of the addressed vulnerabilities could allow the remote attacker to gain access, or perform denial of service or spoofing attacks on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-23374): •

Palo Alto has released security updates to fix multiple vulnerabilities in Cortex XSOAR, and Cortex XDR Agent. The severity of the addressed vulnerabilities could allow the attacker to obtain information or cause a denial of service on the affected systems. Sample of the addressed vulnerabilities: Cortex XSOAR Server Local File Disclosure Vulnerability (CVE-2023-0003): • CVSS: 6.5 •

Google has released an updated Chrome version (110.0.5481.77/.78) for Windows and (110.0.5481.77) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, bypass security restrictions, or cause a denial of service by persuading the victim to visit a specially crafted webpage on the affected system. Sample

OpenSSL has released security updates to fix multiple vulnerabilities in multiple versions. The addressed vulnerability could allow the remote attacker to obtain sensitive information, or cause a denial of service attack by passing arbitrary pointers to a memcmp call or sending an overly large number of trial messages for decryption on the affected systems. Sample of the addressed vulnerabilities:

VMware has released a security update to fix vulnerabilities in VMware Workstation 17 and vRealize Operations (vROps). The addressed vulnerabilities could allow the authenticated attacker to bypass security restrictions, gain access to the affected systems by sending a speciallycrafted or malicious HTTP request to trick the authenticated user into visiting a harmful website, allowing the attacker to perform a

Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco IOS XE Software, 800 Series Industrial ISRs, Catalyst Access Points (COS-APs), CGR1000 Compute Modules, RV340 Dual WAN Gigabit VPN Routers, RV340W Dual WAN Gigabit Wireless-AC VPN Routers, RV345 Dual WAN Gigabit VPN Routers,

F5 has released security updates to fix several vulnerabilities across multiple F5 products. The addressed vulnerabilities could allow the attacker to take control of the affected system by sending a specially crafted request to disclose information, escalate privileges, or cause a denial of service attack. Samples of the addressed vulnerabilities: 1. iControl SOAP Vulnerability (CVE-2023-22374): • CVSS: 8.5

Google has released an updated Chrome version (109.0.5414.119/.120) for Windows, and (109.0.5414.119) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage. Sample of the addressed vulnerabilities: Google Chrome

ManageEngine has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, manipulate data, or obtain information from the affected system. Sample of the addressed vulnerabilities: 1. ManageEngine ServiceDesk Plus MSP Security Bypass Vulnerability (CVE-2023-22964): • CVSS: 8.1 • Attack Vector: Network • Attack Complexity: High

Microsoft has released an updated Microsoft Edge stable version to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The severity of the addressed vulnerabilities could allow the remote attacker to bypass security restrictions or gain elevated privileges on the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge Elevation of Privilege Vulnerability (CVE-2023-21795): • CVSS: 8.3 •

Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.3, macOS Monterey 12.6.3, macOS Ventura 13.2, and Safari 16.3. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the affected system by mounting a maliciously crafted Samba network share or persuading a victim to open

Cisco has released security updates to address several vulnerabilities in multiple Cisco products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco (Unified CM) and (Unified CM SME) and Email Security Appliance (ESA). The severity of the addressed vulnerability in the web-based management interface could allow the remote attacker to bypass security restrictions, conduct SQL

Mozilla has released security updates to fix vulnerabilities in Firefox 109 and Firefox ESR 102.7. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code and gain access to the affected products. Successful exploitation of these vulnerabilities may result in a complete compromise of vulnerable systems. Sample of