Zoom has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the local attacker to execute arbitrary code or gain privileges. Samples of the addressed vulnerabilities: 1. DLL injection in Zoom Windows Clients (CVE-2022-28766): CVSS: 8.1 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: […]
Zoom Security Updates -16 November 2022 Read More »
Intel releases security updates to address several vulnerabilities in multiple Intel products. The severity of the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges on the system by improper input validation in the BIOS firmware or improper access control. Samples of the addressed vulnerabilities: 1. Intel Privilege Escalation (CVE-2022-26006): • CVSS:
Intel Security Updates – 14 November 2022 Read More »
Grafana has released security updates (Grafana 9.2.4, Grafana 8.5.15) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to gain elevated privileges on the system by sending specially-crafted requests or obtaining sensitive information. Samples of the addressed vulnerabilities: 1. Privilege Escalation: Unauthorized access to arbitrary endpoints (CVE-2022- 39328): •
Grafana Security Updates – 14 November 2022 Read More »
IBM has released a security update to fix a critical vulnerability that affects IBM InfoSphere Information Server. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability. The addressed vulnerability could allow the remote attacker to execute an arbitrary command due to improper neutralization of special elements on the affected system of IBM InfoSphere DataStage.
IBM Security Update -13 November 2022 Read More »
Dell has released a security update to fix a critical vulnerability that affects Connectrix (Brocade) FOS. Brocade Fabric OS versions before v9.1.1_01, v9.0.1e1, v8.2.3c1, and v7.4.2j1 could allow the unauthenticated remote attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Brocade
Dell Security Update -14 November 2022 Read More »
Microsoft has released an updated Microsoft Edge (Version 107.0.1418.42) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted webpage. Samples of the addressed vulnerabilities: 1. Chromium V8 Code Execution (CVE-2022-3889): CVSS: 8.8
Microsoft Edge Security Updates -13 November 2022 Read More »
Cisco has released security updates to address several vulnerabilities in multiple products. The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco ASA Software, Cisco FTD Software, Cisco FMC Software, Cisco FirePOWER Software and Cisco Secure Firewalls 3100 Series. The severity of the addressed vulnerabilities could allow the remote attacker to
Cisco Released Security Updates -10 November 2022 Read More »
Trend Micro has released new patches to address several vulnerabilities in Trend Micro Apex One and Apex One as a Service. The released security updates resolve several vulnerabilities having severity ratings from medium to high. The attacker could exploit some of these vulnerabilities to obtain sensitive information or gain privileged access on the affected system.
Trend Micro Released Security Updates -10 November 2022 Read More »
Google has released an updated Chrome version (107.0.5304.110) for Mac and Linux and (107.0.5304.106/.107) for Windows, to fix several vulnerabilities, The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading
Google Chrome Security Updates -10 November 2022 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad), SAPUI5 CLIENT RUNTIME, SAP NetWeaver
SAP November 2022 – Security Patch Day Read More »
Redhat has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, leak kernel information, gain Privileges, and cause a denial of service on the affected system. Sample of the addressed vulnerabilities: GnuPG Libksba buffer overflow (CVE-2022-3515): CVSS: 9.8 Attack Vector: Network
Redhat Security Updates – 09 November 2022 Read More »
Citrix has released security updates for Citrix ADC and Citrix Gateway to fix multiple vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker could exploit these vulnerabilities to take over the administrator’s account, take control of the affected system or bypass the security. Sample of the addressed vulnerabilities: Citrix ADC and Citrix
Citrix Security Updates – 09 November 2022 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday, and with it comes fixes for six actively exploited zero-day vulnerabilities, with one being publicly disclosed.Microsoft has fixed (68) vulnerabilities, with (11) classified as Critical as they allow remote code execution, the elevation of privileges, or spoofing. November’s Patch Tuesday was released
Microsoft November 2022 Patch Tuesday Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the system or perform unintentional contact with remote servers by sending a specially-crafted input/configuration.
Fortinet Released Security Updates – 30 October 2022 Read More »
Google has released an emergency security update version (107.0.5304.87/.88) for Windows and (107.0.5304.87) for Mac and Linux to address a single vulnerability known to be exploited in attacks. The severity of the addressed vulnerability could allow the remote attacker to execute arbitrary code by persuading the victim to visit a specially crafted webpage on the affected system.
Google Chrome Zero-Day Patch – 28 October 2022 Read More »
Google has released updated Chrome versions 107.0.5304.62 for Mac, 107.0.5304.68 for Linux, and 107.0.5304.62/63 for Windows to fix multiple vulnerabilities. The remote attacker could exploit these vulnerabilities to take control of the affected system or cause a denial of service. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code
Google Chrome Security Update – 27 October 2022 Read More »
Tenable Nessus has released an updated version (Nessus 10.3.1) to fix multiple vulnerabilities in the third-party components (moment.js, expat, datatables, libxml2, zlib). The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service condition on the affected products by sending a specially-crafted request. Sample of the addressed
Tenable Nessus Security Updates – 27 October 2022 Read More »
Aruba has released security updates to fix vulnerabilities in multiple productsrelated to WLAN and SD-WAN. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code, cause a denial of service, and obtain information. Samples of the addressed vulnerabilities: 1- Command Injection in the PAPI protocol (CVE-2022-37897): CVSS: 9.8 Attack
Aruba Security Updates – 27 October 2022 Read More »
VMware has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code or obtain information on the affected products. Samples of the addressed vulnerabilities: 1- VMware XStream command execution (CVE-2021-39144): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required:
VMware Security Updates – 26 October 2022 Read More »
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, and Safari 16.1. The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security
Apple Security Updates – 26 October 2022 Read More »
