Announcements

VMware has released a security update to fix multiple vulnerabilities across VMware Aria Operations for Logs (formerly vRealize Log Insight). The addressed vulnerabilities could allow the remote attacker to gain access to the affected appliances via log deserialization and command injection vulnerabilities. 1. VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023- 20864): CVSS: 9.8 Attack […]

Oracle released its critical patch updates for April 2 023, containing (433) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system. This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a

Fortinet has released security updates to address several vulnerabilities in multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, escalate privileges, bypass security restrictions, obtain information, cause crosssite scripting, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. FortiPresence – Unpassworded Remotely Accessible Redis & MongoDB (CVE-2022-41331):

SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Diagnostics Agent, SAP Business Client, SAP NetWeaver Process Integration, SAP BusinessObjects Business Intelligence Platform (Promotion Management, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP NetWeaver (BI CONT ADDON), SAP NetWeaver Enterprise Portal, SAP

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for one actively exploited zero-day vulnerability. Also, Microsoft has released an updated Microsoft Edge version (112.0.1722.34) to fix multiple vulnerabilities.  Microsoft has fixed (97) vulnerabilities, with (7) classified as critical as they could allow the attacker to perform remote code

Sophos has released security updates to fix multiple vulnerabilities in Sophos Web Appliance versions older than 4.3.10.4. The addressed vulnerabilities could allow the remote attacker to gain access, cause a cross-site scripting attack, or execute arbitrary/JavaScript code on the affected versions. Sample of the addressed vulnerabilities: 1. Sophos Pre-auth Command Injection Vulnerability (CVE-2023-1671): CVSS: 9.8 Attack Vector: Network

In March 2023, security researchers uncovered a sophisticated supply chain attack that employed a trojanized version of the 3CX VoIP desktop client. This attack specifically targeted the clients of 3CX, representing a significant threat to the security of businesses that rely on this popular communication software. 3CX is a widely-used communication software that offers a range of features, including

Adobe has released security updates addressing vulnerabilities in ColdFusion 2018 update 15 and below, and ColdFusion 2021 update 5 and below. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or obtain information from the affected systems. Sample of the addressed vulnerabilities: 1. Deserialization of Untrusted Data Vulnerability (CVE-2023-26359): • CVSS: 9.8 • Attack

Aruba has released security updates addressing multiple vulnerabilities in ClearPass Policy Manager. The addressed vulnerabilities could allow the attacker to perform various attacks such as elevate privileges, disclose information, perform cross-site scripting, or gain access and execute arbitrary code on the affected systems. Sample of the addressed vulnerabilities: 1. Unauthenticated Arbitrary User Creation Leads to Complete System Compromise (CVE-2023-25589):

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for two actively exploited zero-day vulnerabilities. Also, this patch includes a release for an updated edge version (111.0.1661.41) to fix multiple vulnerabilities. Microsoft has fixed (83) vulnerabilities, with (9) classified as critical as they could allow the attacker to perform

SAP has released security updates to address several vulnerabilities affecting multiple products. This month’s patch fixes several vulnerabilities affecting multiple SAP products SAP Business Objects Business Intelligence Platform (CMC), SAP NetWeaver, SAP NetWeaver AS for Java, SAP NetWeaver Application Server for ABAP and ABAP Platform, SAP Business Objects (Adaptive Job Server), SAP Solution Manager and ABAP managed systems (ST-PI), SAP

Tenable has released security updates to fix a critical vulnerability in Tenable.sc, tenable.io, and Nessus. The addressed vulnerability could allow the authenticated attacker to modify the scan variables, and manipulate audit policy variables to execute arbitrary commands on credentialed scan targets. Tenable Plugin Arbitrary Code Execution Vulnerability (CVE-2022-4313): • CVSS: 9.1 • Attack Vector: Network • Attack Complexity:

Linux has released security updates to fix vulnerabilities in Linux Kernel and Sudo utility before 1.9.13p2. The addressed vulnerabilities could allow the attacker to execute arbitrary code or cause a denial of service attack on the affected system. Sample of the addressed vulnerabilities: 1. Sudo Code Execution Vulnerability (CVE-2023-27320): • CVSS: 9.8 • Attack Vector: Network •

Cisco has released security updates to address vulnerabilities affecting multiple products. The severity of the addressed vulnerabilities could allow the remote attacker to gain access, obtain information, cause a denial of service, and trigger Cross-site Scripting (XSS) or server-side request forgery (SSRF) attacks on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IP Phone Command Injection Vulnerability

Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, bypass security restrictions, and perform crosssite scripting. Sample of the addressed vulnerabilities: Unauthenticated Command Injections in the PAPI Protocol (CVE-2023-22747): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity:

VMware has released security updates to fix multiple vulnerabilities in multiple VMware products. The addressed vulnerabilities could allow the remote authenticated attacker to read arbitrary files, cause a denial of service attack, conduct an SSRF attack, or execute arbitrary code by using specially-crafted request/XML content to gain access to the affected product. Sample of the addressed vulnerabilities: 1. VMware

Tenable has released security updates to fix multiple vulnerabilities in Tenable.sc versions 5.22.0 to 5.23.1 and 6.0.0. The addressed vulnerabilities could allow the remote attacker to cause a denial of service, obtain information, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Curl libcurl Denial of Service (CVE-2022-42915): • CVSS: 9.8 • Attack

Atlassian has released security updates to address vulnerabilities in the “Git” utility that affects multiple products. The addressed vulnerabilities could allow the remote attacker to gain access to the affected systems. Sample of the addressed vulnerabilities: Git Integer Overflow Vulnerability (CVE-2022-41903): • CVSS: 9.8 • Attack Vector: Network • Attack Complexity: Low • Privileges Required: None •

Fortinet has released security updates to address multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, bypassing security restrictions, executing arbitrary code, or escalating the privileges on the affected products. Sample of the addressed vulnerabilities: 1. FortiNAC – External Control of File Name or Path in

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, perform cross-site scripting attacks, bypass security restrictions, execute arbitrary code, or cause a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1- Cisco ClamAV Buffer Overflow (CVE-2023-20032): • CVSS: