Announcements

Microsoft has released the latest Microsoft Edge Stable Channel (Version 120.0.2210.61) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security, gain elevated privileges, or disclose sensitive information on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Elevation of Privilege (CVE-2023-35618): CVSS: 9.6 Attack […]

Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Assets Discovery Remote Code Execution (CVE-2023-22523): CVSS: 9.8

Tenable has released a security update to fix multiple vulnerabilities in Tenable’s third-party components (OpenSSL, HandlebarsJS, jquery-file-upload) across Nessus Network Monitor 6.3.0 and earlier versions. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of

VMware has released a security update to address a critical vulnerability in the VMware Cloud Director Appliance (VCD Appliance). The addressed vulnerability could allow the remote attacker to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console) to the affected system. VMware Cloud Director Appliance Security Bypass (CVE-2023-34060): CVSS:

Citrix has released security recommendations for a critical vulnerability that affects customer-managed NetScaler ADC and NetScaler Gateway. Referring to report 253/2023 “Citrix Security Updates – 11 October 2023”, Security researchers revealed that CVE-2023-4966 has been under active exploitation and Citrix encourages administrators after upgrading to remove any active or persistent sessions. Citrix NetScaler ADC and

Fortinet has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain privilege, obtain sensitive information, or trigger a denial of services attack on the affected products. Sample of the addressed vulnerabilities: 1. Fortinet FortiSIEM – OS Command Injection (CVE-2023-36553): CVSS: 9.3 Attack

Adobe has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or trigger denial of services attacks on the affected products. Sample of the Addressed Vulnerabilities: 1. Adobe ColdFusion Code Execution Vulnerability (CVE-2023-44351): CVSS: 9.8 Attack

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP CommonCryptoLib, SAP Content Server, SAP Business One, SAP SQL Anywhere, SAP ASE Cluster Edition, SAP NetWeaver, SAP Event Stream Processor, and SAP Replication Server. The attacker could

FreeBSD systems have released a security update to address multiple vulnerabilities in FreeBSD libc and FreeBSD libcap_net. The addressed vulnerabilities could allow the remote attacker to overflow a buffer, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: FreeBSD buffer overflow (CVE-2023-5941): CVSS:

WS_FTP has released a security update to address a critical vulnerability affecting WS_FTP Server. The addressed vulnerability could allow the remote attacker to bypass security restrictions and upload a file to a specified location on the operating system hosting the WS_FTP Server application. WS_FTP Server Arbitrary File Upload (CVE-2023-42659): CVSS: 9.1 Attack Vector: Network Attack

Veeam has released a security update to fix several vulnerabilities in Veeam ONE IT infrastructure monitoring and analytics platform versions 11, 11a, and 12. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform cross-site scripting attacks, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1.

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, conduct cross-site scripting or perform denial of service attacks, execute arbitrary commands, and gain access to the affected system by sending a specially crafted HTTP request. Sample of the

Atlassian has released a security update to address a critical vulnerability across all versions of Confluence Data Center and Confluence Server products. The addressed vulnerability could allow the unauthenticated remote attacker to cause significant data loss on the vulnerable Confluence Data Center and Server but there is no impact to confidentiality as the attacker cannot

F5 has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, launch SQL injection attacks, execute arbitrary commands, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: 1. F5 BIG-IP Command Execution

VMware has released security updates to fix multiple vulnerabilities affecting VMware vCenter Server, and VMware Cloud Foundation. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending specially crafted requests. Sample of the addressed vulnerabilities: VMware vCenter Server Out-of-Bounds Write Vulnerability

Cisco has released a security recommendation to address a critical vulnerability in the web UI feature of Cisco IOS XE software when exposed to the internet or to untrusted networks. The addressed vulnerability could allow the remote unauthenticated attacker to create accounts on the affected system with privilege level 15 access. The attacker can then

Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, perform cross-site scripting attacks, steal the victim’s cookie-based authentication credentials, or traverse directories on the affected systems by sending specially crafted URL requests. Sample of the addressed vulnerabilities: 1. Fortinet FortiSIEM Directory Traversal Vulnerability

F5 has released security updates to fix several vulnerabilities across multiple versions of F5 BIG-IP, BIG-IP (APM), and F5 BIG-IP Next SPK. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary commands, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or gain elevated privileges on the affected systems by

Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to cause a denial of service, gain elevated privileges, disclose information, execute arbitrary commands, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiSIEM – Remote Unauthenticated OS Command Injection Vulnerability (CVE-2023-34992): CVSS:

Citrix has released security updates to address multiple vulnerabilities across Citrix NetScaler ADC and NetScaler Gateway. The addressed vulnerabilities could allow the remote unauthenticated attacker to trigger a denial of service attack or obtain sensitive information from the affected product if configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an