Announcements

Citrix has released security updates to fix a critical zero-day vulnerability in Citrix ADC and Citrix Gateway. The severity of the addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected products. Citrix ADC and Gateway code execution (CVE-2022-27518): • CVSS: 9.8 […]

IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information and cause a denial of service attack on the affected products. Sample of the addressed Vulnerabilities : 1. IBM InfoSphere Information Server Apache Commons Text code execution (CVE-2022-42889) • CVSS: 9.8

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (4) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BusinessObjects Business Intelligence Platform (Web intelligence) and (Program Objects), SAP NetWeaver Process Integration, SAP Commerce, SAP

Fortinet has released security updates to fix a critical zero-day vulnerability in FortiOS and FortiOS-6k7k. The addressed vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests to gain access to the affected product. FortiOS heap-based buffer overflow in sslvpnd (CVE-2022-42475): • CVSS: 9.3 • Attack Vector: Network •

Grafana has released security updates (Grafana 9.2.4, Grafana 8.5.15) to fix several vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to gain elevated privileges on the system by sending specially-crafted requests or obtaining sensitive information. Samples of the addressed vulnerabilities: 1. Privilege Escalation: Unauthorized access to arbitrary endpoints (CVE-2022- 39328): •

IBM has released a security update to fix a critical vulnerability that affects IBM InfoSphere Information Server. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability. The addressed vulnerability could allow the remote attacker to execute an arbitrary command due to improper neutralization of special elements on the affected system of IBM InfoSphere DataStage.

Dell has released a security update to fix a critical vulnerability that affects Connectrix (Brocade) FOS. Brocade Fabric OS versions before v9.1.1_01, v9.0.1e1, v8.2.3c1, and v7.4.2j1 could allow the unauthenticated remote attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.Brocade

Redhat has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, leak kernel information, gain Privileges, and cause a denial of service on the affected system. Sample of the addressed vulnerabilities: GnuPG Libksba buffer overflow (CVE-2022-3515): CVSS: 9.8 Attack Vector: Network

Citrix has released security updates for Citrix ADC and Citrix Gateway to fix multiple vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker could exploit these vulnerabilities to take over the administrator’s account, take control of the affected system or bypass the security. Sample of the addressed vulnerabilities: Citrix ADC and Citrix

Microsoft has released its monthly patch of security updates, known as Patch Tuesday, and with it comes fixes for six actively exploited zero-day vulnerabilities, with one being publicly disclosed.Microsoft has fixed (68) vulnerabilities, with (11) classified as Critical as they allow remote code execution, the elevation of privileges, or spoofing. November’s Patch Tuesday was released

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attacker to execute arbitrary code on the system or perform unintentional contact with remote servers by sending a specially-crafted input/configuration.

Tenable Nessus has released an updated version (Nessus 10.3.1) to fix multiple vulnerabilities in the third-party components (moment.js, expat, datatables, libxml2, zlib). The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service condition on the affected products by sending a specially-crafted request. Sample of the addressed

Aruba has released security updates to fix vulnerabilities in multiple productsrelated to WLAN and SD-WAN. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code, cause a denial of service, and obtain information. Samples of the addressed vulnerabilities: 1- Command Injection in the PAPI protocol (CVE-2022-37897): CVSS: 9.8 Attack

VMware has released security updates to fix vulnerabilities in multiple products. The severity of the addressed vulnerabilities could allow the unauthenticated remote attacker to execute arbitrary code or obtain information on the affected products. Samples of the addressed vulnerabilities: 1- VMware XStream command execution (CVE-2021-39144): CVSS: 9.8 Attack Vector: Network Attack Complexity: Low Privileges Required:

Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, and Safari 16.1. The remote attacker could exploit these vulnerabilities to take control of the affected system. The severity of the addressed vulnerabilities could allow the attackers to perform several attacks like bypassing security

F5 has released security updates for October 2022 to address several vulnerabilities across multiple products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system, disclose information, escalate privileges and cause a denial of service. Samples of the addressed vulnerabilities: 1. F5 BIG-IP Advanced WAF and ASM iControl REST

Oracle released its critical patch updates for October 2022, containing (370) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of

Apache has released a security Update to address a critical vulnerability in Apache Commons. The remote attacker could exploit this vulnerability to take control of the affected system. Apache Commons Text is vulnerable to code execution caused by an insecure interpolation defaults flaw. The attacker could exploit this vulnerability by sending a specially-crafted input to execute arbitrary

Aruba has released security updates for Aruba EdgeConnect Enterprise Orchestrator that address multiple critical security vulnerabilities. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. The addressed vulnerabilities could allow the remote attacker to elevate privileges to administrators without credentials and allow arbitrary command execution on the underlying host leading

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (2) updates to the previously released patch day security note. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Manufacturing Execution, SAP Commerce, and SAP BusinessObjects Business Intelligence Platform. The remote attacker could exploit