CVE-2023-20894 is an out-of-bounds write vulnerability with a CVSS score of 8.1, and CVE-2023-20895 is a memory corruption issue that could allow an attacker to bypass authentication.

Cisco has patched a vulnerability in the client update process of its AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows. Tracked as CVE-2023-20178, the flaw could allow a low-privileged, authenticated, local attacker to execute code with System privileges. The fix is especially urgent because security researcher Filip Dragović has recently dropped a proof-of-concept exploit for the flaw.

Another notable patch includes CVE-2023-20105, which has a CVSS score of 9.6 and is rated as having a critical impact. The flaw in Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an attacker to alter the passwords of any user on the system, including an administrative read-write user, and then impersonate them.

Security firm Fortinet patched a vulnerability in June that it warns is possibly being used in attacks. Tracked as CVE-2023-27997, the heap-based buffer overflow vulnerability may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. The severity of the flaw is reflected in its CVSS score of 9.8, so make sure you patch it as soon as possible.

SAP’s June Patch Day includes fixes for a number of flaws including two rated as having a high severity. The patches include CVE-2021-42063, a cross-site scripting vulnerability in SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50.

The flaw could enable unauthorized adversaries to conduct XSS attacks, which could lead to sensitive data disclosure. “This vulnerability allows an attacker to gain user-level access and compromise the confidentiality, integrity, and availability of the UI5 Varian Management application,” security company Onapsis said.