Announcements

Fortinet has released security updates to fix two vulnerabilities in FortiNAC affecting multiple versions. The addressed critical vulnerability could allow the remote attacker to execute unauthorized code or commands via specifically crafted requests to the TCP/1050 service. Sample of the addressed vulnerabilities: FortiNAC – Java Untrusted Object Deserialization RCE (CVE-2023-33299): CVSS: 9.6 Attack Vector: Network […]

Ivanti has released security update to address a vulnerability in Ivanti Endpoint Manager (EPM). The addressed vulnerability could allow the unauthenticated attacker to execute arbitrary code on Ivanti EPM 2022 SU3 and all previous versions to escalate privileges on the affected machine or to be used as a stepping stone to get to other network

MOVEit Transfer has released a security update to address a critical vulnerability. The addressed vulnerability could allow the remote attacker to submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content. The addressed vulnerability: Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-35708): CVSS: 9.8 Attack

Citrix has released security updates to address several vulnerabilities in CVAD, Citrix DaaS, and ShareFile StorageZones Controller. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, and obtain administrative access by sending a specially crafted request to the affected system. The addressed vulnerabilities: 1. ShareFile StorageZones Controller Vulnerability (CVE-2023-24489): CVSS: 9.1 Attack

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (78) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform denial of service attacks, remote code execution, and privilege elevation on the affected products. June’s Patch Tuesday was released to fix security flaws in

Fortinet has released a security update to fix a critical SSL-VPN RCE vulnerability in multiple FortiOS firmware versions. The addressed vulnerability could allow the attacker to execute arbitrary code, and gain access by sending a specially crafted request to the affected products. The addressed vulnerability: Fortinet FortiGate and FortiOS Code Execution (CVE-2023-27997): CVSS: 9.8 Attack

Cisco released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access, escalate privileges, cause a denial of service, or perform cross-site scripting on the affected products. Sample of the addressed vulnerabilities: 1. Cisco Expressway Series and Cisco TelePresence VCS Privilege Escalation

VMware has released a security update to fix multiple vulnerabilities across Aria Operations for Networks (Formerly vRealize Network Insight). The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Aria Operations for Networks Command Injection (CVE-2023-20887): CVSS:

MOVEit Transfer has released a security update to address a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to gain unauthorized access to the application’s database and execute arbitrary commands, disclose information, and alter/delete database elements. the addressed vulnerability: Progress MOVEit Transfer SQL Injection Vulnerability (CVE-2023-34362): CVSS: 9.8 Attack Vector: Network Attack Complexity:

Barracuda has released a security update to address a zero-day vulnerability across Email Security Gateway (ESG) appliances versions 5.1.3.001-9.2.0.006. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system with the privileges of the Email Security Gateway product by attaching a specially crafted TAR archive file in the email and gain

Cisco released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain access, bypass security restrictions, escalate privileges, obtain sensitive information, or cause a denial of service attack on the affected systems. Sample of the addressed vulnerabilities: Cisco Small Business Series Switches Buffer

Trend Micro has released security updates to fix multiple vulnerabilities across Apex One and Apex Central. The addressed vulnerabilities could allow the attacker to gain access, gain elevated privileges, or obtain sensitive information from the affected products. Sample of the addressed vulnerabilities: 1. Management Server Path Traversal Unauthenticated RCE Vulnerability (CVE-2023-32557): CVSS: 9.8 Attack Vector:

Aruba has released security updates to fix multiple vulnerabilities in Aruba Networks ArubaOS, and Aruba Networks InstantOS. The addressed vulnerabilities could allow the remote attacker to overflow a buffer by sending a specially crafted packet to PAPI UDP port, execute arbitrary code, obtain sensitive information, cause a denial of service attack, or gain access to the

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for three zero-day vulnerabilities. Microsoft has fixed (38) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform remote code execution on the affected products. May’s Patch Tuesday was released to fix security flaws in some

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (6) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP 3D Visual Enterprise License Manager, SAP BusinessObjects Intelligence Platform, SAP AS NetWeaver JAVA, SAP IBP

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port phone adapters. The addressed vulnerability could allow the remote attacker to execute arbitrary code on the affected device with full privileges by upgrading the affected device to a crafted version of the firmware. The addressed vulnerability: Cisco SPA112 2-Port Phone Adapters

VMware has released a security update to fix multiple vulnerabilities across  VMwareWorkstation Pro / Player and VMware Fusion. The addressed vulnerabilities could allow the local attacker to gain access, gain root privilege, or obtain sensitive information from the affected products. Sample of the addressed vulnerabilities: 1. VMware Workstation and Fusion Buffer Overflow (CVE-2023-20869): CVSS: 9.3

Cisco released security updates to address several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, escalate privileges, gain access, or cause a denial of service attack on the affected systems. Samples of the addressed vulnerabilities: 1. Cisco Modeling Labs External Authentication Bypass Vulnerability (CVE-2023-20154): CVSS: 9.1

VMware has released a security update to fix multiple vulnerabilities across VMware Aria Operations for Logs (formerly vRealize Log Insight). The addressed vulnerabilities could allow the remote attacker to gain access to the affected appliances via log deserialization and command injection vulnerabilities. 1. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023- 20864): CVSS: 9.8 Attack

Oracle released its critical patch updates for April 2 023, containing (433) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a