Center for Internet Security

Cyber Security Advisories – MS-ISAC The latest MS-ISAC cyber security advisories. Feed provided by Center for Internet Security.

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on March 27, 2024 at 6:49 am

    Multiple Vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • A Vulnerability in Multiple Apple Products Could Allow for Arbitrary Code Execution.
    on March 26, 2024 at 7:18 am

    A vulnerability has been discovered in multiple Apple products which could allow for Arbitrary Code Execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
    on March 19, 2024 at 4:16 pm

    Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Fortinet Releases Security Updates for Multiple Products.
    on March 19, 2024 at 10:03 am

    Fortinet has released security updates to address multiple vulnerabilities found in Fortinet products. The vulnerabilities, if exploited could allow unauthenticated attacker to execute arbitrary code on Fortinet products. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service/user account. Depending on the privileges associated with the account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
    on March 12, 2024 at 9:07 pm

    Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Experience Manager is an all-in-one software suite used for content and asset management. Adobe Premiere Pro is a timeline-based and non-linear video editing software application. Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications. Adobe Bridge is used to preview, organize, edit, and publish assets. Adobe Lightroom is a photo editing and storage application available through the Adobe Creative Cloud. Adobe Animate is used to create vector graphics and interactive content. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

  • Critical Patches Issued for Microsoft Products, March 13, 2024
    on March 12, 2024 at 6:21 pm

    Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Apple Products Could Allow for Privilege Escalation.
    on March 5, 2024 at 10:40 pm

    Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
    on March 5, 2024 at 1:43 am

    Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

  • Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
    on February 28, 2024 at 4:11 pm

    Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  • A Vulnerability in Apache OFBiz Could Allow for Remote Code Execution
    on February 23, 2024 at 12:48 pm

    A vulnerability has been discovered in the Apache OFBiz, which could allow for remote code execution. Apache OFBiz is an open source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Management and Manufacturing Resource Planning. Successful exploitation could allow for remote code execution in the context of the Server. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Share Websitecyber