Alerts

Google has released an updated Chrome version “131.0.6778.108/.109” for Windows and Mac and “131.0.6778.108” for Linux. The addressed vulnerability could allow the remote attacker to execute arbitrary code to gain access to the affected system by persuading the victim to visit a specially crafted website. Google Chrome Code Execution Vulnerability (CVE-2024-12053): CVSS: 8.8 Attack Vector:

Trellix has released a security update to fix several vulnerabilities in Trellix Enterprise Security Manager (ESM) version 11.6.13. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, execute arbitrary code, and gain access to the affected system. The addressed vulnerabilities: 1. Trellix Enterprise Security Manager Code Execution Vulnerability (CVE-2024-11482): CVSS: 9.8 Attack

Mozilla has released an updated Firefox version 133, Firefox ESR versions 128.5, and 115.18 to fix multiple vulnerabilities.  The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, conduct cross-site scripting attacks, obtain sensitive information, perform spoofing attacks, bypass security restrictions or execute arbitrary code and gain access to the affected

Palo Alto has released security update to fix a vulnerability affecting Palo Alto GlobalProtect App. The addressed vulnerability could allow the attacker to gain elevated privileges to the affected product. GlobalProtect App Insufficient Certificate Validation Privilege Escalation Vulnerability (CVE-2024-5921): CVSS v4.0: 5.6 Attack Vector: Adjacent Attack Complexity: Low Privileges Required: None User Interaction: Passive Consequences:

VMware has released security updatesto address multiple vulnerabilities affecting VMware Cloud Foundation and VMware Aria Operations. The addressed vulnerabilities could allow the attacker to gain elevated privileges or conduct stored cross-site scripting attacks on the affected system. Sample of the addressed vulnerabilities: 1. VMware Privilege Escalation Vulnerability (CVE-2024-38830): CVSS: 7.8 Attack Vector: Local Attack Complexity:

Trend Micro has released security updates to address several vulnerabilities affecting Trend Micro Deep Security and Trend Micro Deep Discovery Inspector. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code and gain elevated privilegesto the affected product. Sample of the addressed vulnerabilities: 1. Trend Micro Deep Security Agent Manual

Apple has released security updates to address two vulnerabilities affecting macOS Sequoia and Safari. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks or execute arbitrary code and gain access to the affected systems. The addressed vulnerabilities: 1. Apple macOS Sequoia Code Execution Vulnerability (CVE-2024-44308): CVSS: 8.8 Attack Vector: Network Attack Complexity:

Atlassian has released security updates to fix several vulnerabilities across multiple Atlassian products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, conduct cross-site scripting attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. SourceTree Remote Code Execution Vulnerability

 Google has released an updated Chrome version 131.0.6778.85/.86 for Windows, and Mac and 131.0.6778.85 for Linux The addressed vulnerability could allow the remote attacker to gain access to the affected system, which could be caused by potentially exploiting heap corruption via a crafted HTML page. Google Chrome Heap Exploitation Vulnerability (CVE-2024-11395): CVSS: 8.8 Attack Vector:

 Aruba has released security updates to fix multiple vulnerabilities affecting Aruba HPE StoreEasy, SGI CXFS, and Cray System Management Software. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, or gain elevated privileges and gain unauthorized access to files on the affected products. Sample of the addressed vulnerabilities: HPE Data Management

Microsoft has released an updated version of Microsoft Edge (131.0.2903.48) to address multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, bypass security restrictions, or execute arbitrary code and gain access to the affected system, by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities:

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, obtain sensitive information, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Fortinet FortiClient Windows Privilege Escalation Vulnerability (CVE-2024- 36513):

Intel has released security updates to address several vulnerabilities in multiple Intel products. The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, gain elevated privileges, or obtain sensitive information and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Intel® Xeon® Processor with Intel® SGX Privilege Escalation (CVE-2024-23918): CVSS: 8.8

Google has released an updated Chrome version 131.0.6778.69/.70 for Windows, and Mac and 131.0.6778.69 for Linux The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, or execute arbitrary code and gain access to the affected system by persuading the victim to visit a specially crafted HTML page. Sample of the addressed vulnerabilities:

Ivanti has released security updates to fix several critical vulnerabilities across multiple Ivanti products The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, escalate elevated privileges, conduct cross-site scripting attacks, data manipulation (view, modify, add, delete), bypass security restrictions, or execute arbitrary code and gain access to the affected systems.

Adobe has released security updates to fix two vulnerabilities affecting Adobe Commerce and Adobe Audition. The addressed vulnerabilities could allow the attacker to obtain sensitive information or bypass security restrictions on the affected systems. The addressed vulnerabilities: 1. Adobe Commerce Server-Side Request Forgery Vulnerability (CVE-2024- 49521): CVSS: 7.7 Attack Vector: Network Attack Complexity: Low Privileges

Citrix has released security updates to address several vulnerabilities affecting multiple Citrix products including a zero-day vulnerability. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Citrix Improper Restriction of Operations

Zoom has released security updates to fix several vulnerabilities in multiple Zoom products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, or obtain sensitive information and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Zoom Apps Privilege Escalation Vulnerability (CVE-2024-45421): CVSS: 8.5 Attack