Advisories, Vulnerabilities, ,
Cyber Security Vulnerabilities

Center for Internet Security

Cyber Security Advisories – MS-ISAC The latest MS-ISAC cyber security advisories. Feed provided by Center for Internet Security.

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on April 24, 2024 at 6:47 pm

    Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Oracle Quarterly Critical Patches Issued April 16, 2024
    on April 17, 2024 at 7:51 pm

    Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.

  • Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Remote Code Execution
    on April 17, 2024 at 4:29 pm

    Multiple vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for remote code execution. Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and authentication), and apply those settings on a schedule throughout the network. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

  • Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution
    on April 17, 2024 at 11:47 am

    Multiple vulnerabilities have been discovered in Google Chrome, which could allow for remote code execution. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
    on April 16, 2024 at 2:56 pm

    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • A Vulnerability in PAN-OS Could Allow for Arbitrary Code Execution
    on April 12, 2024 at 3:55 pm

    A vulnerability has been discovered in PAN-OS that could allow for arbitrary code execution. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the root user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on April 10, 2024 at 10:49 pm

    Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
    on April 9, 2024 at 6:26 pm

    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital visual effects, motion graphics, and compositing application. Adobe Photoshop is a raster graphics editor. Adobe Commerce is a flexible and scalable commerce platform that lets you create personalized B2B and B2C experiences. Adobe InDesign is a desktop publishing and page layout designing software application. Adobe Experience Manager is an all-in-one software suite used for content and asset management. Adobe Media Encoder is an audio/video media processing program that allows users to convert files into other types of files. Adobe Bridge is used to preview, organize, edit, and publish assets. Adobe Illustrator is a vector graphics editor and design software. Adobe Animate is used to create vector graphics and interactive content. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

  • Critical Patches Issued for Microsoft Products, April 09, 2024
    on April 9, 2024 at 6:19 pm

    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • A Vulnerability in Broadcom Brocade Fabric OS Could Allow for Arbitrary Code Execution
    on April 5, 2024 at 9:08 am

    A vulnerability has been discovered in Broadcom Brocade Fabric OS that could allow for arbitrary code execution. Broadcom Brocade Fabric OS is the storage area networking firmware for Brocade Communications Systems’ Fibre Channel switch and Fibre Channel directors. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user or obtain root level privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Websitecyber related posts:

Landscape for Ransomware Attacks

This report aims to bring new insights into the reality of ransomware incidents through mapping and studying ransomware incidents from May 2021 to June 2022.

Zero Day Initiative Published Advisories

Zero Day Initiative Published Advisories.

Slackware Linux Security

Slackware Linux Security is the community's central source for information on Linux and open source security.

FTC Business Blog

The latest news and information from the FTC Business Blog.

ASIO Annual Threat Assessment 2024

The Australian Security Intelligence Organisation (ASIO) has released its Annual Threat Assessment for 2024. Threats to Australia's national security.

How Cybercriminals Use Social Media

How Cybercriminals Can Use Your Social Media Activity Against You. What you do on your social media channels can put your company at risk.

New Hampshire Lottery Cyberattack

New Hampshire Lottery officials warned of a cyberattack on its website on Friday.

Technology Cyberscoop

The latest technology news and information from Cyberscoop.

The Digital Threat To Nations

Singapore aims to be a “Smart Digital Nation” but the more it depends on I.T., the more it opens itself to cyber threats. This is the cyber security dilemma.

Secure the Cloud

Secure the Cloud – Palo Alto Networks Blog

Cybersecurity and Medical Devices

After years of debate, the FDA recently issued guidance for cybersecurity in lifesaving medical devices like pacemakers and insulin pumps as they can be hacked.

Xfinity Data Breach

Xfinity, owned by Comcast, announced this week that hackers had gained unauthorized access to the personal information of its customers following a data breach.
Share Websitecyber