Announcements

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products. The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary command/code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiWLM Remote Command/Code Execution Vulnerability (CVE-2023- 34990): CVSS: 9.6 Attack Vector: Network Attack Complexity: […]

 Apple has released security updates to address multiple vulnerabilities across macOS Ventura, macOS Sequoia, macOS Sonoma, and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, perform denial of services attacks, elevate privileges, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities:

 Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed one zero-day vulnerability. Microsoft has fixed (72) vulnerabilities, with (1) classified as critical as they could allow the attacker to conduct spoofing attacks, gain elevated privileges, perform denial of service attacks, obtain sensitive information, or execute arbitrary code

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to manipulate data, bypass security restrictions, perform denial of service attacks, or execute arbitrary code and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. Ivanti CSA Administrative Access Vulnerability (CVE-2024-11639): CVSS:

SAP has released security updates to address several vulnerabilities affecting multiple SAP products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP NetWeaver AS for JAVA, SAP Web Dispatcher, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server (ABAP), SAP HCM, SAP Product Lifecycle Costing, SAP NetWeaver Administrator

 Veeam has released security updates to fix several vulnerabilities affecting multiple Veeam products. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, gain elevated privileges, conduct DLL injection attacks, obtain sensitive information, manipulate data or execute arbitrary code, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1.

Palo Alto has released security updatesto fix multiple vulnerabilities affecting Palo Alto PAN-OS. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct SSRF attacks, obtain sensitive information, bypass security restrictions or gain access to the affected system. Sample of the addressed vulnerabilities: 1. PAN-OS Authentication Bypass in

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed four zero-day vulnerabilities. Microsoft has fixed (91) vulnerabilities, with (4) classified as critical as they could allow the attacker to gain elevated privileges or execute arbitrary code and gain access to the affected products by persuading the victim

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to perform denial of services attacks, bypass security restrictions, conduct cross-site scripting attacks, obtain sensitive information, manipulate data, execute arbitrary codes/SQL commands, and gain access to the affected system. Sample of the addressed vulnerabilities: Cisco

Aruba has released security updates to fix multiple vulnerabilities affecting Aruba Access Points running Instant AOS-8 and AOS 10. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands and gain access to the affected product by sending a specially crafted request via UDP port 8211. Sample of the addressed vulnerabilities: HPE Aruba

Cisco has released security updates to fix multiple vulnerabilities affecting several Cisco products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform cross-site request forgery attacks, perform cross-site scripting attacks, obtain sensitive information, perform SQL injection attacks, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access

Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform denial of services attacks, or execute arbitrary code and gain access to the affected product. Sample of the addressed vulnerabilities: 1. FG-IR-24-423 Missing Authentication in Fgfmsd Vulnerability

Grafana has released security updates to address multiple vulnerabilities affecting several Grafana versions. The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: Grafana SQL Expressions Code Execution Vulnerability (CVE-2024-9264): CVSS: 9.9 Attack Vector: Network

Oracle released its critical patch updates for October 2024, containing (334) new security patches for multiple affected products in Oracle code and third-party components. The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, performing denial of service attacks, conducting cross-site scripting attacks, bypassing security restrictions, gaining elevated privileges,

Palo Alto has released security updatesto fix multiple vulnerabilities across several Palo Alto products. The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial of service attacks, conduct reflected XSS attacks, obtain sensitive information, bypass security restrictions or execute arbitrary commands, and gain access to the affected systems. Sample of the addressed

Mozilla has released an updated Firefox version 131.0.2, Firefox ESR versions 128.3.1, and 115.16.1 to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to execute arbitrary code in the content process, and gain access to the affected products by exploiting a use-after-free in Animation timelines. Mozilla Firefox Code Execution Vulnerability (CVE-2024-9680):

Ivanti has released security updates to fix several vulnerabilities across multiple Ivanti products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, bypass security restrictions, gain elevated privileges, perform a denial of service attack, conduct SQL injection attacks, or execute arbitrary code and gain access to the affected system. Sample of the addressed

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed five zero-day vulnerabilities. Microsoft has fixed (118) vulnerabilities, with (2) classified as critical as they could allow the attacker to execute arbitrary code, gain access, which could result in remote code execution, gain access, and gain elevated privileges

Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, gain elevated privilege, perform denial of services attacks, or execute arbitrary commands and gain access to the affected product. Sample of the addressed vulnerabilities: 1. Cisco Nexus Dashboard Fabric Controller Arbitrary

Ivanti has released a security update to fix a critical vulnerability across Ivanti Cloud Services Appliance (CSA) version 4.6. The addressed vulnerability could allow the remote unauthenticated attacker to traverse directories on the system by sending a specially crafted URL request to access restricted functionality and obtain sensitive information. The threat actors could exploit this