Announcements

Juniper has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to obtain sensitive information, cause a denial of service attack, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Juniper Junos OS […]

Ivanti has released security updates to fix two zero-day vulnerabilities across Ivanti Connect Secure (ICS) and Ivanti Policy Secure. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and bypass security restrictions on the affected systems by sending a specially crafted request. The addressed vulnerabilities: 1. Ivanti ICS and Ivanti Policy Secure

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. Microsoft has fixed (49) vulnerabilities, with (2) classified as critical as they could allow the attacker to perform remote code execution, bypass security restrictions, gain elevated privilege, spoofing attacks, or gain access to the affected products. January’s Patch Tuesday was released to

ManageEngine has released security updates to address a critical vulnerability across multiple product builds till 127259. The addressed vulnerability could allow the remote authenticated attacker to traverse directories by sending a specially crafted URL request containing “dot dot” sequences (/../) to create arbitrary files on the affected systems. ManageEngine OpManager Directory Traversal Vulnerability (CVE-2023-47211): CVSS:

Ivanti has released security updates to address a critical flaw that affects Ivanti Endpoint Manager (EPM) version 2022 SU4 and all prior versions. The addressed vulnerability could allow the attacker to execute arbitrary SQL queries, retrieve output without the need for authentication, and control machines running the EPM agent. This applies to all instances of

Apache has released security updates to address several vulnerabilities across multiple versions of Apache OFBiz. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: Apache Pre-authentication Remote Code Execution (CVE-2023-51467): CVSS: 9.8 Attack Vector:

Barracuda has released a security update to address two zero-day vulnerabilities across multiple versions of Email Security Gateway (ESG) appliances. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code within a third-party library “Spreadsheet::ParseExcel” on the affected system of Barracuda ESG Appliance by deploying a specially crafted Excel email attachment. Sample of

Ivanti has released security updates to fix multiple vulnerabilities affecting all supported versions of Ivanti Avalanche. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, gain access, perform server-side request forgery (SSRF), or trigger denial of services attacks on the affected products. Sample of the addressed vulnerabilities: 1. Ivanti Wavelink Avalanche Premise

Fortinet has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. FortiMail Remote Wildcard RADIUS Login Bypass (CVE-2023-47539): CVSS: 9 Attack Vector: Network

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP Business Client, SAP ECC and SAP S/4HANA (IS-OIL), SAP Commerce Cloud, Business Objects BI Platform SAP GUI for Windows and SAP GUI for Java, SAP BusinessObjects Web

Cisco has released a security update to fix two vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions or execute arbitrary code to manipulate file upload parameters and enable path traversal, this can lead to uploading a malicious file used to perform a remote code execution attack on

Apple has released security updates to address multiple vulnerabilities across macOS Monterey, Ventura, Sonoma and Safari. The addressed vulnerabilities could allow the attacker to bypass security restrictions, gain elevated privileges, obtain sensitive information, execute arbitrary code, and gain access to the affected systems by persuading the victim to visit a specially crafted website. Sample of

Microsoft has released the latest Microsoft Edge Stable Channel (Version 120.0.2210.61) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security, gain elevated privileges, or disclose sensitive information on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge (Chromium-based) Elevation of Privilege (CVE-2023-35618): CVSS: 9.6 Attack

Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to conduct denial of service attacks, obtain sensitive information, or execute arbitrary code, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Assets Discovery Remote Code Execution (CVE-2023-22523): CVSS: 9.8

Tenable has released a security update to fix multiple vulnerabilities in Tenable’s third-party components (OpenSSL, HandlebarsJS, jquery-file-upload) across Nessus Network Monitor 6.3.0 and earlier versions. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of

VMware has released a security update to address a critical vulnerability in the VMware Cloud Director Appliance (VCD Appliance). The addressed vulnerability could allow the remote attacker to bypass login restrictions when authenticating on port 22 (SSH) or port 5480 (appliance management console) to the affected system. VMware Cloud Director Appliance Security Bypass (CVE-2023-34060): CVSS:

Citrix has released security recommendations for a critical vulnerability that affects customer-managed NetScaler ADC and NetScaler Gateway. Referring to report 253/2023 “Citrix Security Updates – 11 October 2023”, Security researchers revealed that CVE-2023-4966 has been under active exploitation and Citrix encourages administrators after upgrading to remove any active or persistent sessions. Citrix NetScaler ADC and

Fortinet has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain privilege, obtain sensitive information, or trigger a denial of services attack on the affected products. Sample of the addressed vulnerabilities: 1. Fortinet FortiSIEM – OS Command Injection (CVE-2023-36553): CVSS: 9.3 Attack

Adobe has released security updates to fix multiple vulnerabilities across several products. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or trigger denial of services attacks on the affected products. Sample of the Addressed Vulnerabilities: 1. Adobe ColdFusion Code Execution Vulnerability (CVE-2023-44351): CVSS: 9.8 Attack

SAP has released security updates to address several vulnerabilities affecting multiple products. SAP has released a patch that fixes several vulnerabilities affecting multiple SAP products such as SAP CommonCryptoLib, SAP Content Server, SAP Business One, SAP SQL Anywhere, SAP ASE Cluster Edition, SAP NetWeaver, SAP Event Stream Processor, and SAP Replication Server. The attacker could