Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. The severity of the addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service on the affected system. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe Reader […]
Adobe Security Updates 11 January 2023 Read More »
Google has released an updated Chrome version (109.0.5414.74/.75) for Windows, (109.0.5414.74) for Linux, and (109.0.5414.87) for Mac to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial of service on the vulnerable system, by persuading the victim to visit a specially crafted webpage. Sample of the
Google Chrome Security Update 11 January 2023 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for an actively exploited zero-day vulnerability. Microsoft has fixed (98) vulnerabilities, with (11) classified as critical as they allow remote code execution, bypass security features, or elevation of privileges. January’s Patch Tuesday was released to fix security flaws in
Microsoft January 2023 Patch Tuesday Read More »
SAP has released security updates to address several vulnerabilities affecting multiple products. In addition, SAP also announced (3) updates to the previously released patch day security notes. This month’s patch fixes several vulnerabilities affecting multiple SAP products such as SAP BPC MS 10.0, SAP BusinessObjects Business Intelligence platform, SAP NetWeaver Process Integration, SAP NetWeaver AS for Java, SAP NetWeaver
SAP January 2023 Security Patch Day Read More »
Zoom has released security updates to fix vulnerabilities in multiple products. the addressed vulnerabilities could allow the locally authenticated attacker to gain elevated privileges, bypass security restrictions, or traverse directories on the system. Samples of the addressed vulnerabilities: 1. Zoom Rooms for macOS Privilege Escalation (CVE-2022-36926): • CVSS: 8.8 • Attack Vector: Local • Attack Complexity: Low
Zoom Security Updates 09 January 2023 Read More »
Fortinet has released security updates to address multiple vulnerabilities across multiple products. The severity of the addressed vulnerabilities could allow the attacker to gain access, and execute or inject arbitrary code in the management interface or commands via specifically crafted HTTP requests on the affected products. Sample of the addressed vulnerabilities: 1. FortiADC – Command Injection in Web
Fortinet Security Updates 04 January 2023 Read More »
Trend Micro has released a security update to address a vulnerability affecting Trend Micro Maximum Security version 2022 (v17.7). The severity of the addressed vulnerability could allow the low-privileged attacker to write a malicious executable to a specific location and in the process of removal and restoral, the attacker could replace an original folder with a mount point
Trend Micro Security Update 02 January 2023 Read More »
Juniper Networks has released a security update to address a high-severity vulnerability affecting Junos OS 22.3R1 and Junos OS Evolved 22.3R1-EVO. The addressed vulnerability is caused by improper input validation in the Routing Protocol Daemon (rpd). The remote attacker could exploit this vulnerability by sending a specially-crafted BGP update message to cause a denial of service attack on the
Juniper Networks Security Update 25 November 2022 Read More »
Linux kernel is affected by a critical issue in ksmbd before version 5.19.2. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network. The severity of the mentioned vulnerability could allow the remote attacker to execute code on the affected systems. Linux Kernel Ksmbd Use-After-Free Remote Code Execution
Linux Kernel Security Update 25 December 2022 Read More »
Referring to EG-FinCIRT report “Microsoft November 2022 Patch Tuesday” Number 257/2022, Threat actors and ransomware groups discovered a new exploit method that bypasses Microsoft Exchange “ProxyNotShell” mitigations. Threat actors leveraging a new exploit chain method called “OWASSRF” that bypasses blocking rules for “ProxyNotShell” (CVE-2022-41040 and CVE-2022-41082) vulnerabilities in Microsoft Exchange Server and taking advantage of the privilege escalation vulnerability
New Exploit Method for Microsoft Exchange “OWASSRF” Read More »
IBM has released security updates to fix third-party components vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, perform a Cross-Site Scripting attack, perform a Server-Side Request Forgery Attack (SSRF) attack, perform a Log Injection attack, execute arbitrary code and cause a denial of service attack on the affected products. Sample of
IBM Security Updates 20 December 2022 Read More »
Tenable has released security updates to fix multiple vulnerabilities in Tenable’s third-party components (moment.js, handlebars). The severity of the addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service attack on the affected system. Samples of the addressed vulnerabilities: 1. Moment.js Directory Traversal (CVE-2022-24785): CVSS: 9.8 Attack Vector: Network Attack Complexity:
Tenable Security Updates 19 December 2022 Read More »
Samba has released security updates to fix multiple vulnerabilities in versions 4.17.4, 4.16.8 and 4.15.13. The addressed vulnerabilities could allow the remote attacker to gain elevated privileges and take control of affected systems. Sample of addressed vulnerabilities: 1. Netlogon RPC Privilege Escalation (CVE-2022-38023): • CVSS: 8.1 • Attack Vector: Network • Attack Complexity: High • Privileges Required:
Samba Security Updates 18 December 2022 Read More »
SolarWinds has released security updates to fix multiple vulnerabilities in the Serv-U FTP server. The addressed vulnerabilities could allow the remote attacker to gain access or cause a denial of service to the affected systems. Sample of the addressed vulnerabilities: 1. Cross-Site Scripting Vulnerability in Serv-U Web Client (CVE-2022-38106): • CVSS: 7.5 • Attack Vector: Network
SolarWinds Security Updates 18 December 2022 Read More »
Tenable has released a security update to fix a vulnerability in Tenable.ad’s thirdparty component Erlang. The addressed vulnerability could allow the remote attacker to perform a client authentication bypass in certain client-certification situations for SSL, TLS, and DTLS via sending a specially-crafted request. The remote attacker could exploit this vulnerability to gain access to the affected system and bypass
Tenable Security Update 18 December 2022 Read More »
Microsoft has released an updated Microsoft Edge version (108.0.1462.54) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the remote attacker to execute arbitrary code or cause a denial of service by persuading the victim to visit a specially crafted webpage on the affected system. Sample of the addressed vulnerabilities: 1. Chromium code execution
Microsoft Edge Security Update 18 December 2022 Read More »
VMware has released security updates to fix vulnerabilities in VMware vRealize Operations (vROps). The severity of the addressed vulnerabilities could allow the remote authenticated attacker to gain privilege or obtain information from the affected products via sending specially-crafted requests. VMware vRealize Operations (vROps) privilege escalation vulnerability (CVE- 2022-31707): • CVSS: 7.2 • Attack Vector: Network • Attack Complexity: low
VMware Security Updates 18 December 2022 Read More »
Apple has released security updates to address multiple vulnerabilities in the updated version of macOS Big Sur 11.7.2, macOS Monterey 12.6.2, macOS Ventura 13.1, and Safari 16.2. In addition, the mentioned updates fix a zero-day vulnerability actively exploited in the wild. The severity of the addressed vulnerabilities could allow the remote attacker to gainaccess to sensitive information, bypass
Apple Security Updates 14 December 2022 Read More »
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains fixes for two zero-day vulnerabilities. One has been exploited in the wild and the other has been publicly disclosed. Microsoft has fixed (49) vulnerabilities, with (6) classified as critical as they allow remote code execution, denial of service attack, or elevation
Microsoft December 2022 Patch Tuesday Read More »
Aruba has released security updates to fix vulnerabilities across multiple Aruba products. The severity of the addressed vulnerabilities could allow the remote attacker to execute code, obtain information, and bypass security controls. Samples of the addressed vulnerabilities: 1- Privilege Escalation Aruba EdgeConnect Enterprise Orchestrator Web-based Management Interface (CVE-2022-44535): • CVSS: 8.8 • Attack Vector: Network • Attack
Aruba Security Updates 14 December 2022 Read More »
