Google has released an updated Chrome version (111.0.5563.110/.111) for Windows and (111.0.5563.110) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected […]
Google Chrome Security Update 22 March 2023 Read More »
Adobe has released security updates addressing vulnerabilities in ColdFusion 2018 update 15 and below, and ColdFusion 2021 update 5 and below. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or obtain information from the affected systems. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data Vulnerability (CVE-2023-26359): • CVSS: 9.8 • Attack
Adobe ColdFusion Security Updates 16 March 2023 Read More »
Zoom has released security updates to fix vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to perform remote code execution, gain elevated privileges, or cause a denial of service attack on the affected product. Sample of the addressed vulnerabilities: 1. Improper Trust Boundary Implementation for SMB in Zoom Clients (CVE-2023-22885): • CVSS: 8.3 • Attack
Zoom Security Updates 15 March 2023 Read More »
Aruba has released security updates addressing multiple vulnerabilities in ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to perform various attacks such as elevate privileges, disclose information, perform cross-site scripting, or gain access and execute arbitrary code on the affected systems. Sample of the addressed vulnerabilities: 1. Unauthenticated Arbitrary User Creation Leads to Complete System Compromise (CVE-2023-25589):
Aruba Security Updates 15 March 2023 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 111 and Firefox ESR 102.9. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform a spoofing attack, cause a denial of service attack, or execute arbitrary code and gain access to vulnerable systems. Sample of the addressed vulnerabilities: Mozilla Firefox Code Execution Vulnerability (CVE-2023-28177):
Mozilla FireFox Security Updates 15 March 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for two actively exploited zero-day vulnerabilities. Also, this patch includes a release for an updated edge version (111.0.1661.41) to fix multiple vulnerabilities. Microsoft has fixed (83) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform
Microsoft March 2023 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products SAP Business Objects Business Intelligence Platform (CMC), SAP NetWeaver, SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP Business Objects (Adaptive Job Server), SAP Solution Manager and ABAP managed systems (ST-PI), SAP
SAP March 2023 Security Patch Day Read More »
Tenable has released security updates to fix a critical vulnerability in Tenable.sc, tenable.io, and Nessus. The addressed vulnerability could allow the authenticated attacker to modify the scan variables, and manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. Tenable Plugin Arbitrary Code Execution Vulnerability (CVE-2022-4313): • CVSS: 9.1 • Attack Vector: Network • Attack Complexity:
Tenable Security Updates 14 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. addressed vulnerabilities could allow the attacker to obtain sensitive information, or cause a denial of service attack on the affected products by sending a crafted IPv4 BFD packet to make line card exceptions or hard reset. Sample of the addressed vulnerabilities: Cisco IOS XR Software for
Cisco Security Updates 09 March 2023 Read More »
Veeam has released a security patch to fix a vulnerability that affects all Veeam Backup & Replication versions. The addressed vulnerability could allow the remote attacker to obtain encrypted credentials stored in the configuration database and gain access to the backup infrastructure hosts. It should be highlighted that the patch must be installed on the Veeam Backup & Replication
Veeam Security Update 09 March 2023 Read More »
Google has released an updated Chrome version (111.0.5563.64/.65) for Windows and (111.0.5563.64) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 08 March 2023 Read More »
SonicWall has released security updates to address vulnerabilities in SonicOS which runs on SonicWall firewalls and provides the web management interface for configurations. The addressed vulnerabilities could allow the remote attacker to cause a denial of service attack or bypass security restrictions on the affected products. Sample of the addressed vulnerabilities: SonicOS Unauthenticated Stack-Based Buffer Overflow (CVE-2023-0656): •
SonicWall Security Updates 05 March 2023 Read More »
Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2. The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system. Sample of the addressed vulnerabilities: 1. Sudo Code Execution Vulnerability (CVE-2023-27320): • CVSS: 9.8 • Attack Vector: Network •
Linux Security Updates 02 March 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, obtain information, cause a denial of service, and trigger Cross-site Scripting (XSS) or server-side request forgery (SSRF) attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IP Phone Command Injection Vulnerability
Cisco Security Updates 02 March 2023 Read More »
Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, bypass security restrictions, and perform crosssite scripting. Sample of the addressed vulnerabilities: Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity:
Aruba Security Updates 01 March 2023 Read More »
Microsoft has released an updated Edge version (110.0.1587.56) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system. Sample of the addressed vulnerabilities: 1. Edge
Microsoft Edge Security Update 26 February 2023 Read More »
Google has released an updated Chrome version (110.0.5481.177/.178) for Windows and (110.0.5481.177) for Linux and Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system, cause a denial of service or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected
Google Chrome Security Update 23 February 2023 Read More »
Cisco has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, or cause a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: Cisco APIC and Cisco Cloud Network Controller CSRF (CVE-2023-20011): • CVSS: 8.8 • Attack Vector: Network • Attack
Cisco Security Updates 23 February 2023 Read More »
VMware has released security updates to fix multiple vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the remote authenticated attacker to read arbitrary files, cause a denial of service attack, conduct an SSRF attack, or execute arbitrary code by using specially-crafted request/XML content to gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware
VMware Security Updates 22 February 2023 Read More »
Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Curl libcurl Denial of Service (CVE-2022-42915): • CVSS: 9.8 • Attack
Tenable Security Updates 22 February 2023 Read More »
