UCSF IT Technology

WordPress released  security updates to address Critical vulnerabilities in the WordPress WPLMS and VibeBP Plugins. These vulnerabilities could be exploited to perform unauthorized file uploads, privilege escalation and SQL injection attacks.

Adobe released a security update to address a High Vulnerability in Adobe ColdFusion. Successful exploitation of this vulnerability could lead to arbitrary file system read.For a complete description of the vulnerabilities and affected systems go to Security updates available for Adobe ColdFusion | APSB24-107. IT Security Read more about IT Security service offerings.

Cisco has released security updates to address a High vulnerability in Cisco NX-OS Software. Exploitation of the vulnerability could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification.

Adobe has released security updates to address Critical and High Vulnerabilities in Adobe Acrobat and Reader. Successful exploitation of these vulnerabilities could lead to arbitrary code execution, memory leak, and application denial-of-service.

Apache released a security update to address a Critical 0-day vulnerability in Apache Struts. A remote attacker could exploit this vulnerability to perform Remote Code Execution (RCE).For a complete description of the vulnerabilities and affected systems go to Apache Security Bulletin S2-067. IT Security Read more about IT Security service offerings.

Google has released new versions of Chrome to address vulnerabilities in Google Chrome.For a complete description of the vulnerabilities and affected systems go to Chrome Releases. IT Security Read more about IT Security service offerings.

Apple has released security updates to address vulnerabilities in multiple Apple products.  A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.