Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products. Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions.
FortiClient and FortiOS provide an endpoint detection and response (EDR) solution, a virtual private network (VPN) solution, and other security functionality. In addition to the three vulnerabilities highlighted below, full details for other affected products can be found at the Fortinet Security Advisories website
Read more…
Source: NHS Digital
Related:
- SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity
August 9, 2017
SAP released 19 patches on Tuesday, fixing a trio of vulnerabilities marked high severity in its business management software. The most pressing fixes are for a directory traversal vulnerability in the company’s Netweaver AS Java Web Container, a code injection vulnerability in its Visual Composer design tool, and a cross-site AJAX request vulnerability in its BusinessObjects suite of applications. The ...
- Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug
August 3, 2017
Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists ...
- IBM Patches Reflected XSS in Worklight, MobileFirst
August 2, 2017
BM fixed a cross-site scripting vulnerability in two products last month that could have let an attacker execute malicious JavaScript code in a victim’s browser to steal sensitive information, or user credentials. The vulnerability (CVE-2017-1500) lingered in the products, Worklight and MobileFirst, for almost a year. Gabriele Gristina, a security consultant for the Italian information security ...
- Apple Patches BroadPwn Bug in iOS 10.3.3
July 20, 2017
Apple released iOS 10.3.3 Wednesday, which serves as a cumulative update that includes patches for multiple vulnerabilities including the high-profile BroadPwn bug that allowed an attacker to seize control of a targeted iOS device. BroadPwn was revealed earlier this month as a flaw in Broadcom Wi-Fi chipsets used in Apple and Android devices. Apple said the ...
- Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched
July 18, 2017
Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. System and network admins have never been taxed from a patching ...
- Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!
July 17, 2017
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...