Announcements

Ivanti has released security updates to fix two critical vulnerabilities across Ivanti Neurons for ITSM and Ivanti Standalone Sentry. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected systems. The addressed vulnerabilities: 1. Ivanti Neurons for ITSM Code Execution Vulnerability (CVE-2023-46808): CVSS: 9.9 Attack Vector: Network […]

Fortra has released security updates to address several vulnerabilities in multiple Fortra products. The addressed vulnerabilities could allow the remote attacker to conduct crosssite scripting attacks, perform directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allow files to be uploaded outside of the intended ‘uploadtemp’ directory by sending specially crafted POST requests,

ManageEngine has released a security update to address a critical vulnerability across Zoho ManageEngine Desktop Central version 9, build 90055. The addressed vulnerability could allow the remote attacker to upload arbitrary files, execute arbitrary PHP code, and gain access to the affected system by sending a specially crafted HTTP request. ManageEngine Desktop Central Unrestricted File

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS ABAP, SAP NetWeaver WSRM, SAP Fiori Front End Server, and SAP ABAP Platform. The attacker could exploit some of these vulnerabilities to bypass security

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, gain elevated privileges, manipulate data, view, add, modify, or delete information in the back-end database, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (60) vulnerabilities, with (2) classified as critical as they could allow the attacker to gain elevated privileges, perform remote code execution, and gain access to the affected products. March’s Patch Tuesday was released to fix security flaws in several

VMware has released security updates to address several vulnerabilities across multiple VMware products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. VMware Workstation/Fusion Use-after-free Vulnerability in XHCI USBController (CVE-2024-22252): CVSS: 9.3 Attack Vector: Local Attack

Linux has released security updates to address several vulnerabilities in Linux Kernel. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Linux Kernel Information Disclosure Vulnerability (CVE-2024-26594): CVSS:

ConnectWise has released security updates to fix multiple vulnerabilities across ConnectWise ScreenConnect 23.9.7 and prior. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions and obtain administrative access, or traverse directories and obtain sensitive information by sending a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on

VMware has released security updates to address several vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the attacker to bypass security restrictions to request and relay service tickets for arbitrary Active Directory Service Principal Names (SPNs), or hijack the user’s session cookie to hijack a privileged EAP session, or gain elevated privileges to

SolarWinds has released security updates to address several vulnerabilities affecting SolarWinds Platform and SolarWinds Access Rights Manager (ARM). The addressed vulnerabilities could allow the attacker to bypass security restrictions, or execute arbitrary code and gain access to the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. SolarWinds Access Rights

Zoom has released security updates to fix several vulnerabilities in multiple products such as Zoom Clients, Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The addressed vulnerabilities could allow the attacker to obtain sensitive information, trigger denial of service attacks, gain elevated privileges, execute arbitrary code, and

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed two actively exploited zero-day vulnerabilities. Microsoft has fixed (73) vulnerabilities, with (5) classified as critical as they could allow the attacker to perform denial of service attacks, gain elevated privileges, obtain sensitive information, or remote code execution on

Adobe has released security updates to fix several vulnerabilities across multiple Adobe products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, trigger denial of services attacks, execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Adobe Commerce Code Execution Vulnerability (CVE-2024-20719): CVSS:

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP ABA, SAP NetWeaver AS Java, SAP CRM WebClient UI, SAP IDES Systems, SAP Cloud Connector, SAP GUI, SAP Bank Account Management, SAPCompanion, SAP NetWeaver Application Server ABAP

Ivanti has released security updates to a zero-day vulnerability across multiple versions of Ivanti Connect Secure, Policy Secure, and ZTA products. The addressed vulnerability could allow the remote attacker to gain access to restricted resources on unpatched appliances in low-complexity attacks without requiring user interaction or authentication to the affected systems. The addressed vulnerability: Ivanti

Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, conduct cross-site scripting attacks, gain elevated privileges, obtain sensitive information, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests. Sample of

Cisco has released security updates to fix several vulnerabilities across multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to conduct crosssite scripting attacks, cause web cache poisoning by persuading the authenticated user to visit a malicious website, or perform denial of service attacks by submitting a crafted file containing OLE2 content to

Juniper has released security updates to fix multiple vulnerabilities affecting Juniper Secure Analytics (JSA) Applications. The addressed vulnerabilities could allow the attacker to obtain sensitive information, manipulate files, trigger cross-site scripting, perform denial of service attacks, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: Juniper Netlib LAPACK

Symantec has published several critical vulnerabilities in end-of-life versions across multiple products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a buffer overflow and gain access to the affected products by sending specially crafted requests or persuading the victim to open a crafted document. Sample of the addressed vulnerabilities: