Announcements

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed three actively exploited zero-day vulnerabilities. Microsoft has fixed (104) vulnerabilities, with (12) classified as critical as they could allow the attacker to perform remote code execution on the affected products. October’s Patch Tuesday was released to fix security […]

Atlassian has released a security update to address a critical vulnerability across multiple products. The addressed vulnerability could allow the remote attacker to gain elevated privileges on the system, caused by an error related to the /setup/* endpoints on Confluence instances allowing the creation of administrator accounts that can be used to access Confluence instances. Atlassian

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, gain elevated privileges, gain access to the affected products, or perform denial of service attacks by sending a specially crafted HTTP request to a specific API. Sample of the addressed vulnerabilities: 1.

WS_FTP has released security updates to address vulnerabilities affecting WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager Interface. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, perform cross-site scripting attacks, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. WS_FTP Server Command Execution Vulnerability

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, perform denial of service attacks, bypass security restrictions, or gain access to the affected products by various techniques such as sending specially crafted input to the web UI or sending requests directly

Trend Micro has released security updates to address a critical zero-day vulnerability across Trend Micro Apex One (on-premise, SaaS), Trend Micro Worry-Free Business Security, and Trend Micro Worry-Free Business Security SaaS. The addressed vulnerability could allow the remote authenticated attacker toexecute arbitrary code on the affected system. Trend Micro Endpoint Security Products Code Execution (CVE-2023-41179):

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (5) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Business Objects Business Intelligence Platform (Promotion Management), SAP CommonCryptoLib, SAP PowerDesignerClient, SAP Quotation Management Insurance

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, bypass security restrictions, gain elevated privileges, or perform denial of service attacks on the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Cisco BroadWorks

VMware has released security updates to fix multiple vulnerabilities in VMware Aria Operations Networks, and VMware Horizon Server. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, or bypass security restrictions by sending a specially crafted request to VMware Aria Operations Networks affected versions. Sample of the addressed vulnerabilities: 1. VMware

Infoblox has released a security update to fix a critical vulnerability in NIOS 8.5.2 and prior. The severity of the addressed vulnerability could allow the remote attacker to execute arbitrary code on the system by sending a specially crafted request. The addressed vulnerability arises due to a flawed component that doesn’t properly sanitize incoming malicious

Ivanti released a security update to fix multiple vulnerabilities affecting Ivanti Avalanche versions 6.4.1.207, 6.4.0, and older. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, and trigger a buffer overflow attack on the affected product by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Ivanti Avalanche

Zoom has released security updates to fix several vulnerabilities in Zoom Rooms,  Zoom Windows Client, and Zoom Client SDK. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, obtain information, and escalate privileges on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom Rooms Improper Neutralization of Special Elements (CVE-2023-39213):

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed two actively exploited zero-day vulnerabilities. Microsoft has fixed (87) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform remote code execution on the affected products. August’s Patch Tuesday was released to fix security

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (3) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP PowerDesigner, SAP ECC and SAP S/4HANA (IS-OIL), SAP Commerce, SAP NetWeaver (BI CONT ADD ON),

Ivanti released a security update to fix a critical vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) version 11.2 and older, formerly known as MobileIron Core. The addressed vulnerability could allow the remote attacker to gain access to specific API paths without requiring authentication, and disclose information related to personally identifiable information (PII) and this vulnerability

Aruba has released security updates to fix several vulnerabilities in multiple versions of Aruba Networks. The addressed vulnerabilities could allow the remote attacker to cause a buffer overflow and execute arbitrary code on the affected systems by sending specially crafted packets to the PAPI UDP port (8211) or obtain sensitive information from the vulnerable product,

Ivanti released a security update to fix a critical vulnerability affecting all supported versions of Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. The addressed vulnerability could allow the remote attacker to gain access to specific API paths without requiring authentication. The API paths can access personally identifiable information (PII) such as names,

Adobe has released security updates to fix multiple vulnerabilities in Adobe ColdFusion. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code on the system via the deserialization of untrusted data or bypass security restrictions by persuading the victim to open a specially crafted file. Sample of the addressed vulnerabilities: 1. Adobe ColdFusion

Oracle released its critical patch updates for July 2023, containing (508) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update includes security updates addressing numerous vulnerabilities that could potentially be exploited remotely without authentication. The affected product

Citrix has released security updates to address several vulnerabilities in Citrix ADC, and Citrix Gateway. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, perform cross-site scripting attacks, or gain elevated privileges on the affected systems. The addressed vulnerabilities: 1. Citrix ADC, Citrix Gateway Unauthenticated Remote Code Execution (CVE- 2023-3519):