Cisco has released a security update to fix a vulnerability in Cisco Identity Services Engine (ISE). The addressed vulnerability could allow the remote authenticated attacker to traverse directories on the system; The attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read or delete arbitrary files on the system. Cisco Identity Services Engine (ISE) directory […]
Cisco Security Update 14 December 2022 Read More »
Mozilla has released security updates to fix vulnerabilities in Firefox 108 and Firefox ESR 102.6. The addressed vulnerabilities could allow the remote attacker to gain access to sensitive information, perform spoofing attacks, bypass security restrictions, execute arbitrary code and cause a denial of service attack on the affected products. Successful exploitation of these vulnerabilities may
Mozilla FireFox Security Updates 14 December 2022 Read More »
VMware has released security updates to fix a zero-day vulnerability across multiple products. The addressed vulnerability could allow the attacker with local administrative privileges on a virtual machine to execute code to gain access to the affected products. Heap out-of-bounds write vulnerability in EHCI controller (CVE-2022-31705) • CVSS: 9.3 • Attack Vector: Local • Attack Complexity:
VMware Security Updates 13 December 2022 Read More »
Citrix has released security updates to fix a critical zero-day vulnerability in Citrix ADC and Citrix Gateway. The severity of the addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected products. Citrix ADC and Gateway code execution (CVE-2022-27518): • CVSS: 9.8
Citrix Security Updates 13 December 2022 Read More »
IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information and cause a denial of service attack on the affected products. Sample of the addressed Vulnerabilities : 1. IBM InfoSphere Information Server Apache Commons Text code execution (CVE-2022-42889) • CVSS: 9.8
IBM Security Updates 13 December 2022 Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (4) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform (Web intelligence) and (Program Objects), SAP NetWeaver Process Integration, SAP Commerce, SAP
SAP December 2022 Security Patch Day Read More »
Fortinet has released security updates to fix a critical zero-day vulnerability in FortiOS and FortiOS-6k7k. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected product. FortiOS heap-based buffer overflow in sslvpnd (CVE-2022-42475): • CVSS: 9.3 • Attack Vector: Network •
Fortinet Security Updates – 13 December 2022 Read More »
VMware has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain information and cause a denial of service attack on the affected products. Samples of the addressed vulnerabilities: 1- VMware ESXi memory corruption vulnerability (CVE-2022-31696): CVSS: 7.5 Attack Vector: Local Attack Complexity: High
VMware Security Updates 11 December 2022 Read More »
DeathStalker targets Financial and legal entities in the Middle East with a new Janicab malware variant. Janicab was introduced as malware that runs on macOS and Windows operating systems. DeathStalker has leveraged several malware strains and delivery chains over the years, from the Python and Visual Basic-based Janicab to the PowerShell-based Powersing and the JavaScript-based Evilnum. The
DeathStalker Newly Janicab Variant – 11 December 2022 Read More »
Silence APT group targets financial institutions in several countries around the world through delivering TrueBot malware which leveraging of Netwrix Auditor critical RCE Bug and Raspberry Robin worm. TrueBot was first identified in 2017 as downloader malware, the main goal is to infect systems, collect information to help triage interesting targets, and deploy additional payloads. Security Researchers
TrueBot Malware 11 December 2022 Read More »
Cisco has released a security update to fix a vulnerability in Cisco IP Phone 7800 and 8800 Series firmware. The addressed vulnerability could allow the unauthenticated attacker to exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to the affected device to cause a stack overflow, resulting in possible remote code execution or a denial
Cisco IP Phone Security Update 11 December 2022 Read More »
Zerobot is a Go-Based Malware that has been observed targeting devices like F5 Big-IP, Zyxel Firewalls, spring4Shell, and phpMyAdmin with almost two dozen vulnerability exploits. The Botnet’s objective is to add compromised devices to its pool to launch DDoS attacks and execute arbitrary commands. The malware targets several system architecures including i386, AMD64, ARM, ARM64,
Zerobot Malware – 08 December 2022 Read More »
Aruba has released security updates to fix vulnerabilities in Aruba ClearPass Policy Manager versions (6.10.x: 6.10.7 and below) and (6.9.x: 6.9.12 and below). The severity of the addressed vulnerabilities could allow the remote attacker to obtain and modify sensitive information, conduct a stored cross-site scripting (XSS) attack, execute arbitrary code and cause a denial of
Aruba Security Updates 07 December 2022 Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to gain access, log manipulation, and retrieve files with specific extensions from the affected products. These security updates fix several vulnerabilities affecting multiple Fortinet products such as FortiADC, FortiProxy, FortiOS, FortiSOAR, FortiDeceptor, and FortiSandbox. Sample
Fortinet Security Updates – 07 December 2022 Read More »
Zoom has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the local attacker to execute arbitrary code or gain privileges. Samples of the addressed vulnerabilities: 1. DLL injection in Zoom Windows Clients (CVE-2022-28766): CVSS: 8.1 Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction:
Zoom Security Updates -16 November 2022 Read More »
Intel releases security updates to address several vulnerabilities in multiple Intel products. The severity of the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges on the system by improper input validation in the BIOS firmware or improper access control. Samples of the addressed vulnerabilities: 1. Intel Privilege Escalation (CVE-2022-26006): • CVSS:
Intel Security Updates – 14 November 2022 Read More »
Grafana has released security updates (Grafana 9.2.4, Grafana 8.5.15) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to gain elevated privileges on the system by sending specially-crafted requests or obtaining sensitive information. Samples of the addressed vulnerabilities: 1. Privilege Escalation: Unauthorized access to arbitrary endpoints (CVE-2022- 39328): •
Grafana Security Updates – 14 November 2022 Read More »
IBM has released a security update to fix a critical vulnerability that affects IBM InfoSphere Information Server. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability. The addressed vulnerability could allow the remote attacker to execute an arbitrary command due to improper neutralization of special elements on the affected system of IBM InfoSphere DataStage.
IBM Security Update -13 November 2022 Read More »
Dell has released a security update to fix a critical vulnerability that affects Connectrix (Brocade) FOS. Brocade Fabric OS versions before v9.1.1_01, v9.0.1e1, v8.2.3c1, and v7.4.2j1 could allow the unauthenticated remote attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Brocade
Dell Security Update -14 November 2022 Read More »
Microsoft has released an updated Microsoft Edge (Version 107.0.1418.42) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to visit a specially crafted webpage. Samples of the addressed vulnerabilities: 1. Chromium V8 Code Execution (CVE-2022-3889): CVSS: 8.8
Microsoft Edge Security Updates -13 November 2022 Read More »
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
