Trend Micro has released a security update to address a vulnerability affecting Trend Micro Maximum Security version 2022 (v17.7). The severity of the addressed vulnerability could allow the low-privileged attacker to write a malicious executable to a specific location and in the process of removal and restoral, the attacker could replace an original folder with a mount point […]
Trend Micro Security Update 02 January 2023 Read More »
Juniper Networks has released a security update to address a high-severity vulnerability affecting Junos OS 22.3R1 and Junos OS Evolved 22.3R1-EVO. The addressed vulnerability is caused by improper input validation in the Routing Protocol Daemon (rpd). The remote attacker could exploit this vulnerability by sending a specially-crafted BGP update message to cause a denial of service attack on the
Juniper Networks Security Update 25 November 2022 Read More »
Linux kernel is affected by a critical issue in ksmbd before version 5.19.2. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. The severity of the mentioned vulnerability could allow the remote attacker to execute code on the affected systems. Linux Kernel Ksmbd Use-After-Free Remote Code Execution
Linux Kernel Security Update 25 December 2022 Read More »
Referring to EG-FinCIRT report “Microsoft November 2022 Patch Tuesday” Number 257/2022, Threat actors and ransomware groups discovered a new exploit method that bypasses Microsoft Exchange “ProxyNotShell” mitigations. Threat actors leveraging a new exploit chain method called “OWASSRF” that bypasses blocking rules for “ProxyNotShell” (CVE-2022-41040 and CVE-2022-41082) vulnerabilities in Microsoft Exchange Server and taking advantage of the privilege escalation vulnerability
New Exploit Method for Microsoft Exchange “OWASSRF” Read More »
IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform a Cross-Site Scripting attack, perform a Server-Side Request Forgery Attack (SSRF) attack, perform a Log Injection attack, execute arbitrary code and cause a denial of service attack on the affected products. Sample of
IBM Security Updates 20 December 2022 Read More »
Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars). The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system. Samples of the addressed vulnerabilities: 1. Moment.js Directory Traversal (CVE-2022-24785): CVSS: 9.8 Attack Vector: Network Attack Complexity:
Tenable Security Updates 19 December 2022 Read More »
Samba has released security updates to fix multiple vulnerabilities in versions 4.17.4, 4.16.8 and 4.15.13. The addressed vulnerabilities could allow the remote attacker to gain elevated privileges and take control of affected systems. Sample of addressed vulnerabilities: 1. Netlogon RPC Privilege Escalation (CVE-2022-38023): • CVSS: 8.1 • Attack Vector: Network • Attack Complexity: High • Privileges Required:
Samba Security Updates 18 December 2022 Read More »
SolarWinds has released security updates to fix multiple vulnerabilities in the Serv-U FTP server. The addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service to the affected systems. Sample of the addressed vulnerabilities: 1. Cross-Site Scripting Vulnerability in Serv-U Web Client (CVE-2022-38106): • CVSS: 7.5 • Attack Vector: Network
SolarWinds Security Updates 18 December 2022 Read More »
Tenable has released a security update to fix a vulnerability in Tenable.ad’s thirdparty component Erlang. The addressed vulnerability could allow the remote attacker to perform a client authentication bypass in certain client-certification situations for SSL, TLS, and DTLS via sending a specially-crafted request. The remote attacker could exploit this vulnerability to gain access to the affected system and bypass
Tenable Security Update 18 December 2022 Read More »
Microsoft has released an updated Microsoft Edge version (108.0.1462.54) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service by persuading the victim to visit a specially crafted webpage on the affected system. Sample of the addressed vulnerabilities: 1. Chromium code execution
Microsoft Edge Security Update 18 December 2022 Read More »
VMware has released security updates to fix vulnerabilities in VMware vRealize Operations (vROps). The severity of the addressed vulnerabilities could allow the remote authenticated attacker to gain privilege or obtain information from the affected products via sending specially-crafted requests. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE- 2022-31707): • CVSS: 7.2 • Attack Vector: Network • Attack Complexity: low
VMware Security Updates 18 December 2022 Read More »
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, and Safari 16.2. In addition, the mentioned updates fix a zero-day vulnerability actively exploited in the wild. The severity of the addressed vulnerabilities could allow the remote attacker to gainaccess to sensitive information, bypass
Apple Security Updates 14 December 2022 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains fixes for two zero-day vulnerabilities. One has been exploited in the wild and the other has been publicly disclosed. Microsoft has fixed (49) vulnerabilities, with (6) classified as critical as they allow remote code execution, denial of service attack, or elevation
Microsoft December 2022 Patch Tuesday Read More »
Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, and bypass security controls. Samples of the addressed vulnerabilities: 1- Privilege Escalation Aruba EdgeConnect Enterprise Orchestrator Web-based Management Interface (CVE-2022-44535): • CVSS: 8.8 • Attack Vector: Network • Attack
Aruba Security Updates 14 December 2022 Read More »
VMware has released security updates to fix vulnerabilities across multiple products. severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary commands via specially crafted requests to gain access and obtain information from the affected products. Sample of the addressed vulnerabilities: 1. VMware vRealize Network Insight command execution (CVE-2022-31702) • CVSS: 9.8 • Attack Vector:
VMware Security Updates 14 December 2022 Read More »
Google has released an updated Chrome version (108.0.5359.124/.125) for Windows and (108.0.5359.124) for Mac and Linux to fix multiple vulnerabilities in its Chrome desktop web browser. The severity of the addressed vulnerability could allow the remote attacker to bypass security restrictions by creating a specially crafted web page to execute arbitrary code on the affected system. Sample of the
Google Chrome Security Updates 14 December 2022 Read More »
Cisco has released a security update to fix a vulnerability in Cisco Identity Services Engine (ISE). The addressed vulnerability could allow the remote authenticated attacker to traverse directories on the system; The attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read or delete arbitrary files on the system. Cisco Identity Services Engine (ISE) directory
Cisco Security Update 14 December 2022 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 108 and Firefox ESR 102.6. The addressed vulnerabilities could allow the remote attacker to gain access to sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code and cause a denial of service attack on the affected products. Successful exploitation of these vulnerabilities may
Mozilla FireFox Security Updates 14 December 2022 Read More »
VMware has released security updates to fix a zero-day vulnerability across multiple products. The addressed vulnerability could allow the attacker with local administrative privileges on a virtual machine to execute code to gain access to the affected products. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705) • CVSS: 9.3 • Attack Vector: Local • Attack Complexity:
VMware Security Updates 13 December 2022 Read More »
Citrix has released security updates to fix a critical zero-day vulnerability in Citrix ADC and Citrix Gateway. The severity of the addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected products. Citrix ADC and Gateway code execution (CVE-2022-27518): • CVSS: 9.8
Citrix Security Updates 13 December 2022 Read More »
