Skip to content

Advisories

2023-099: Critical Vulnerabilities in Ivanti Avalanche

2023-099: Critical Vulnerabilities in Ivanti Avalanche

On December 20, 2023, Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. These vulnerabilities, if exploited, could lead to Remote Code Execution or Denial of Service. The updates also cover 8 medium- and high-severity bugs

Members Public
2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway

2023-098: SMTP Smuggling Vulnerability in CISCO Secure Email Gateway

On December 18, 2023, researchers from SEC Consult released an article about an SMTP Smuggling vulnerability affecting products from several vendors such as Microsoft, GMX or Cisco. While the vulnerability was fixed in GMX and Microsoft products, it is considered as a feature in Cisco Secure Email Gateway and Cisco

Members Public
2023-097: Critical Vulnerabilities in Microsoft Products

2023-097: Critical Vulnerabilities in Microsoft Products

On December 12, 2023, Microsoft released the December 2023 Patch Tuesday which includes security updates for a total of 35 flaws. Among the vulnerabilities, four were rated as critical. It is recommended updating affected products as soon as possible. Microsoft December 2023 Patch Tuesday Security Updates Microsoft December 2023 Patch

Members Public
2023-095: Critical Vulnerability in Apache Struts - with Mittre TTPs

2023-095: Critical Vulnerability in Apache Struts - with Mittre TTPs

On December 7, 2023, The Apache Struts group released an update addressing a critical security vulnerability in Apache Struts. This vulnerability could lead, under some circumstances, to remote code execution. It is recommended to upgrade to a not vulnerable version as soon as possible. Apache Struts Security Vulnerability Apache Struts

Members Public
2023-092: Critical vulnerability in FortiSIEM

2023-092: Critical vulnerability in FortiSIEM

On November 14, Fortinet released an advisory regarding a critical vulnerability affecting FortiSIEM which may allow a remote unauthenticated attacker to execute unauthorised commands via crafted API requests. FortiSIEM Vulnerability FortiSIEM Vulnerability History * 20/11/2023 - v1.0 - Initial publication * 21/11/2023 - v1.1 - Correction

Members Public