Advisories
2023-099: Critical Vulnerabilities in Ivanti Avalanche
On December 20, 2023, Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. These vulnerabilities, if exploited, could lead to Remote Code Execution or Denial of Service. The updates also cover 8 medium- and high-severity bugs
2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway
On December 18, 2023, researchers from SEC Consult released an article about an SMTP Smuggling vulnerability affecting products from several vendors such as Microsoft, GMX or Cisco. While the vulnerability was fixed in GMX and Microsoft products, it is considered as a feature in Cisco Secure Email Gateway and Cisco
2023-097: Critical Vulnerabilities in Microsoft Products
On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical. It is recommended updating affected products as soon as possible. Microsoft December 2023 Patch Tuesday Security Updates Microsoft December 2023 Patch
2023-095: Critical Vulnerability in Apache Struts - with Mittre TTPs
On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution. It is recommended to upgrade to a not vulnerable version as soon as possible. Apache Struts Security Vulnerability Apache Struts
2023-092: Critical vulnerability in FortiSIEM
On November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests. FortiSIEM Vulnerability FortiSIEM Vulnerability History * 20/11/2023 - v1.0 - Initial publication * 21/11/2023 - v1.1 - Correction