Eli Kuyamova

VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system.

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. Read more

VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or take control of an affected system. Read more

Mozilla has released security updates to address vulnerabilities in Firefox ESR 115.4 and Firefox 119. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Read more

Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device. Read more

Fortinet has released security advisories addressing vulnerabilities in multiple products. These vulnerabilities may allow cyber threat actors to take control of the affected systems. CERT Bulgaria encourages users and administrators to review the following Fortinet security advisories and apply the recommended updates. Read more

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

Citrix публикува актуализации за сигурност за отстраняване уязвимости, засягащи много продукти. Нападател може да използва една от тези уязвимости, за да поеме контрол над засегната система. CERT България препоръчва потребителите и администраторите да се запознаят със следните бюлетини на Citrixsecurity и да приложат необходимите актуализации: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and … Read more

Разкрита е уязвимост в HTTP/2 протокола при отказ на услуга (DoS). Уязвимостта (CVE-2023-44487) е известна като Rapid Reset. Експлоатация върху уеб сървъри с HTTP/2 води до Layer 7 DoS – denial of service (server resource consumption) атака. Тя се изразява в следното: Генерират се заявки, които биват едностранно спрени от клиента, дори преди да е … Read more