Cyber Security Advisories – MS-ISAC The latest MS-ISAC cyber security advisories. Feed provided by Center for Internet Security.
- Multiple Vulnerabilities in Sophos Firewall Could Allow for Remote Code Executionon December 20, 2024 at 12:46 am
Multiple Vulnerabilities have been discovered in Sophos Firewall, the most severe of which could allow for remote code execution. Sophos Firewall is a network security solution. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access on the system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.
- A Vulnerability in Multiple Cleo Products Could Allow for Remote Code Executionon December 12, 2024 at 9:44 pm
A vulnerability has been discovered in multiple Cleo products that could allow for remote code execution. Cleoβs LexiCom, VLTransfer, and Harmony is software that is commonly used to manage file transfers. Successful exploitation of this vulnerability could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Executionon December 12, 2024 at 3:14 am
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Multiple Vulnerabilities in Ivanti Cloud Services Application (CSA) Could Allow for Remote Code Executionon December 11, 2024 at 3:51 pm
Multiple vulnerabilities have been discovered in Ivanti Cloud Services Application (CSA), the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Executionon December 11, 2024 at 1:35 am
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.