Alerts

Palo Alto has released security updates addressing vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to store a JavaScript payload in the web interface or export local files from the firewall through a race condition. The addressed vulnerabilities: 1. Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama WebInterface (CVE-2023-0007): CVSS: 6.5 Attack […]

Intel has released security updates to fix several vulnerabilities in multiple products. addressed vulnerabilities could allow the attacker to escalate privileges, obtain sensitive information, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Intel i915 Graphics Drivers for Linux Privilege Escalation (CVE-2023-28410): CVSS: 8.8 Attack Vector: Local

Citrix has released security updates to address several vulnerabilities in Citrix ADC and Citrix Gateway. The addressed vulnerabilities could allow the remote attacker to gain unauthorized access to the system, or perform a cross-site scripting attack to steal the victim’s cookie-based authentication credentials. The addressed vulnerabilities: 1. Citrix ADC and Gateway Unauthorized Access (CVE-2023-24487): CVSS: 6.3

Mozilla has released security updates to fix vulnerabilities in Firefox 113, and Firefox ESR 102.11 The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, conduct a spoofing attack, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities:

Microsoft has released an updated Edge version (113.0.1774.35) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to conduct spoofing attacks, bypass security restrictions, or gain Privileges on the affected systems by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Privilege Escalation (CVE-2023-29350):

Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, or trigger cross-site scripting attacks on the affected products. Sample of the addressed vulnerabilities: 1. FortiADC – Command Injection Vulnerability in External Resource Module (CVE-2023-27999): CVSS: 7.6 Attack Vector:

F5 has released security updates to fix several vulnerabilities across multiple F5 products. The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, modify sensitive files, escalate privileges, or cause a denial of service attack on the affected systems. Samples of the addressed vulnerabilities: 1. F5 NGINX Management Suite Vulnerability (CVE-2023-28656):

Google has released an updated Chrome version (113.0.5672.63/.64) for Windows and (113.0.5672.63) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, cause a denial of service attack, or bypass security restrictions by persuading the victim to visit a specially crafted website. Sample of

Ivanti has released a security update to fix multiple vulnerabilities in Ivanti Avalanche. The addressed vulnerabilities could allow the remote attacker to gain access, obtain sensitive information, or bypass security restrictions on the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti Avalanche Security Bypass Vulnerability (CVE-2023-28126): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low

Cisco has released a security update to fix a zero-day vulnerability across Cisco Prime Collaboration Deployment. The addressed vulnerability could allow the unauthenticated remote attacker to perform a cross-site scripting attack on Cisco prime collaboration deployment caused by improper validation of user-supplied input by the web-based management interface. Cisco Prime Collaboration Deployment Cross-Site Scripting (CVE-2023-20060): CVSS:

Google has released an updated Chrome version (112.0.5615.137/138) for Windows and (112.0.5615.137) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code on the system, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage. Sample of the addressed vulnerabilities:

Google has released an updated Chrome version (112.0.5615.121) for Windows, Linux, and Mac to fix a zero-day vulnerability. The zero-day vulnerability could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted web page with an unknown input which leads to a type of