Alerts

Google has released an updated Chrome version (115.0.5790.170/.171) for Windows, and (115.0.5790.170) for Linux, and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerability: Google […]

Mozilla has released an updated Firefox version 116, and Firefox ESR versions 102.14, 115.1 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, perform a denial of service attack, bypass security restrictions, gain elevated privileges, or execute arbitrary code on the affected system by persuading the

Ivanti has released security updates to address vulnerabilities in Ivanti desktop and server management 2022.2 SU2 and all prior versions and Ivanti endpoint manager versions 11.10,11.9, 11.8, or older. The addressed vulnerabilities could allow the attacker to perform arbitrary file write to the EPMM server and can be used in conjunction with “CVE-2023-35078” to bypass

VMware has released security updates to fix multiple vulnerabilities in VMware SD-Wan and Tanzu Application Service. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, caused by improper authentication in SD-Wan and logging credentials in hex encoding in platform system audit logs in VMware Tanzu Application. Sample of the addressed vulnerabilities: VMware

Apple has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, perform denial of service attacks, bypass security restrictions, obtain sensitive information, gain elevated privileges, or gain access to the affected systems by persuading the victim to visit a specially crafted website. Sample

OpenSSH released a security update to fix a vulnerability affecting all versions of OpenSSH before 9.3p2. The addressed vulnerability could allow the remote attacker to execute arbitrary code on the affected system by sending specially crafted requests. OpenSSH Code Execution Vulnerability (CVE-2023-38408): CVSS: 8.1 Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction:

Atlassian has released security updates to address several vulnerabilities in Atlassian Confluence and Atlassian Bamboo. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, and execute arbitrary code on the affected systems. Sample of the addressed vulnerabilities: Atlassian Confluence Data Center and Atlassian Confluence Server Code Execution Vulnerability (CVE-2023-22508): CVSS:

Microsoft has released an updated Edge version (115.0.1901.183) and extended stable version (114.0.1823.90) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to gain privileges or trigger spoofing attack by persuading the victim to open specially crafted file or request. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Privilege Escalation (CVE-2023-38187): CVSS: 7.5

Google has released an updated Chrome version (115.0.5790.98/99) for Windows, and (115.0.5790.98) for Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions or gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the

Microsoft has released an updated Edge version (114.0.1823.82) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the attacker to gain access or trigger a spoofing attack by persuading the victim to open a specially crafted file or request. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Code Execution (CVE-2023-36887): CVSS: 7.8 Attack Vector: Local

Juniper has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform denial of service, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: Juniper Networks Junos OS Denial of Service Vulnerability (CVE-2023-36832): CVSS: 7.5 Attack Vector:

Drupal has released a security update to fix a vulnerability in the Drupal Two-factor Authentication module versions before tfa 8.x-1.1. The addressed vulnerability could allow the remote attacker to bypass access restrictions to reset the password by sending a specially crafted request to the affected products. Two-factor Authentication Module for Drupal Security Bypass Vulnerability (SACONTRIB-