Alerts

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for two actively exploited zero-day vulnerabilities. Also, this patch includes a release for an updated edge version (111.0.1661.41) to fix multiple vulnerabilities. Microsoft has fixed (83) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform

SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products SAP Business Objects Business Intelligence Platform (CMC), SAP NetWeaver, SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP Business Objects (Adaptive Job Server), SAP Solution Manager and ABAP managed systems (ST-PI), SAP

Tenable has released security updates to fix a critical vulnerability in Tenable.sc, tenable.io, and Nessus. The addressed vulnerability could allow the authenticated attacker to modify the scan variables, and manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. Tenable Plugin Arbitrary Code Execution Vulnerability (CVE-2022-4313): • CVSS: 9.1 • Attack Vector: Network • Attack Complexity:

Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2. The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system. Sample of the addressed vulnerabilities: 1. Sudo Code Execution Vulnerability (CVE-2023-27320): • CVSS: 9.8 • Attack Vector: Network •

Cisco has released security updates to address vulnerabilities affecting multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, obtain information, cause a denial of service, and trigger Cross-site Scripting (XSS) or server-side request forgery (SSRF) attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IP Phone Command Injection Vulnerability

Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, bypass security restrictions, and perform crosssite scripting. Sample of the addressed vulnerabilities: Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity:

VMware has released security updates to fix multiple vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the remote authenticated attacker to read arbitrary files, cause a denial of service attack, conduct an SSRF attack, or execute arbitrary code by using specially-crafted request/XML content to gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware

Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Curl libcurl Denial of Service (CVE-2022-42915): • CVSS: 9.8 • Attack

Atlassian has released security updates to address vulnerabilities in the “Git” utility that affects multiple products. The addressed vulnerabilities could allow the remote attacker to gain access to the affected systems. Sample of the addressed vulnerabilities: Git Integer Overflow Vulnerability (CVE-2022-41903): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity: Low • Privileges Required: None •

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1. FortiNAC – External Control of File Name or Path in

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform cross-site scripting attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Cisco ClamAV Buffer Overflow (CVE-2023-20032): • CVSS: