Announcements

FreeBSD systems have released a security update to address multiple vulnerabilities in FreeBSD libc and FreeBSD libcap_net. The addressed vulnerabilities could allow the remote attacker to overflow a buffer, execute arbitrary code, and gain access to the affected system by sending a specially crafted request. Sample of the addressed vulnerabilities: FreeBSD buffer overflow (CVE-2023-5941): CVSS: […]

WS_FTP has released a security update to address a critical vulnerability affecting WS_FTP Server. The addressed vulnerability could allow the remote attacker to bypass security restrictions and upload a file to a specified location on the operating system hosting the WS_FTP Server application. WS_FTP Server Arbitrary File Upload (CVE-2023-42659): CVSS: 9.1 Attack Vector: Network Attack

Veeam has released a security update to fix several vulnerabilities in Veeam ONE IT infrastructure monitoring and analytics platform versions 11, 11a, and 12. The addressed vulnerabilities could allow the attacker to obtain sensitive information, perform cross-site scripting attacks, execute arbitrary code, and gain access to the affected system. Sample of the addressed vulnerabilities: 1.

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, conduct cross-site scripting or perform denial of service attacks, execute arbitrary commands, and gain access to the affected system by sending a specially crafted HTTP request. Sample of the

Atlassian has released a security update to address a critical vulnerability across all versions of Confluence Data Center and Confluence Server products. The addressed vulnerability could allow the unauthenticated remote attacker to cause significant data loss on the vulnerable Confluence Data Center and Server but there is no impact to confidentiality as the attacker cannot

F5 has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to perform denial of service attacks, launch SQL injection attacks, execute arbitrary commands, and gain access to the affected products by sending specially crafted requests. Sample of the addressed vulnerabilities: 1. F5 BIG-IP Command Execution

VMware has released security updates to fix multiple vulnerabilities affecting VMware vCenter Server, and VMware Cloud Foundation. The addressed vulnerabilities could allow the remote attacker to obtain sensitive information, execute arbitrary code, and gain access to the affected system by sending specially crafted requests. Sample of the addressed vulnerabilities: VMware vCenter Server Out-of-Bounds Write Vulnerability

Cisco has released a security recommendation to address a critical vulnerability in the web UI feature of Cisco IOS XE software when exposed to the internet or to untrusted networks. The addressed vulnerability could allow the remote unauthenticated attacker to create accounts on the affected system with privilege level 15 access. The attacker can then

Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to gain access, perform cross-site scripting attacks, steal the victim’s cookie-based authentication credentials, or traverse directories on the affected systems by sending specially crafted URL requests. Sample of the addressed vulnerabilities: 1. Fortinet FortiSIEM Directory Traversal Vulnerability

F5 has released security updates to fix several vulnerabilities across multiple versions of F5 BIG-IP, BIG-IP (APM), and F5 BIG-IP Next SPK. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary commands, perform denial of service attacks, obtain sensitive information, bypass security restrictions, or gain elevated privileges on the affected systems by

Fortinet has released security updates to address vulnerabilities affecting multiple products. The addressed vulnerabilities could allow the attacker to cause a denial of service, gain elevated privileges, disclose information, execute arbitrary commands, and gain access to the affected systems. Sample of the addressed vulnerabilities: 1. FortiSIEM – Remote Unauthenticated OS Command Injection Vulnerability (CVE-2023-34992): CVSS:

Citrix has released security updates to address multiple vulnerabilities across Citrix NetScaler ADC and NetScaler Gateway. The addressed vulnerabilities could allow the remote unauthenticated attacker to trigger a denial of service attack or obtain sensitive information from the affected product if configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or an

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed three actively exploited zero-day vulnerabilities. Microsoft has fixed (104) vulnerabilities, with (12) classified as critical as they could allow the attacker to perform remote code execution on the affected products. October’s Patch Tuesday was released to fix security

Atlassian has released a security update to address a critical vulnerability across multiple products. The addressed vulnerability could allow the remote attacker to gain elevated privileges on the system, caused by an error related to the /setup/* endpoints on Confluence instances allowing the creation of administrator accounts that can be used to access Confluence instances. Atlassian

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, gain elevated privileges, gain access to the affected products, or perform denial of service attacks by sending a specially crafted HTTP request to a specific API. Sample of the addressed vulnerabilities: 1.

WS_FTP has released security updates to address vulnerabilities affecting WS_FTP Server Ad hoc Transfer Module and the WS_FTP Server Manager Interface. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, perform cross-site scripting attacks, or gain access to the affected systems. Sample of the addressed vulnerabilities: 1. WS_FTP Server Command Execution Vulnerability

Cisco has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to execute arbitrary commands, perform denial of service attacks, bypass security restrictions, or gain access to the affected products by various techniques such as sending specially crafted input to the web UI or sending requests directly

Trend Micro has released security updates to address a critical zero-day vulnerability across Trend Micro Apex One (on-premise, SaaS), Trend Micro Worry-Free Business Security, and Trend Micro Worry-Free Business Security SaaS. The addressed vulnerability could allow the remote authenticated attacker toexecute arbitrary code on the affected system. Trend Micro Endpoint Security Products Code Execution (CVE-2023-41179):

SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (5) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP Business Objects Business Intelligence Platform (Promotion Management), SAP CommonCryptoLib, SAP PowerDesignerClient, SAP Quotation Management Insurance

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, bypass security restrictions, gain elevated privileges, or perform denial of service attacks on the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Cisco BroadWorks