UCSF IT Technology

Progress released a security bulletin to address Critical and other vulnerabilities affecting Progress WhatsUp Gold.

Cyberscoop reported about Printer Vulnerabilities impacting Major Linux Distros. The vulnerabilities would allow attackers to run any commands on targeted device without user knowledge under certain conditions.  They cannot exploit the vulnerability unless a print job is sent to it. However, this situation is concerning because future attacks following a similar pattern might not require a print job to trigger and could exploit similar vulnerabilities.

Nvidia has released security updates to address a vulnerability in Nvidia’s Container Toolkit.

Cisco has released security updates to address vulnerabilities in multiple Cisco Products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

Citrix has released security updates to address vulnerabilities in multiple Citrix products. A malicious administrator of a guest VM could exploit this vulnerability to cause the host to crash or become unresponsive. 

What’s Happening:We are upgrading Office 2016/2019 (32 Bit) to Office 2021 (64 Bit) on Windows computers.  Computers with Office 365 are not affected.  Why:Office 2016/2019 will reach the End-of-Support (EOS) on October 14, 2025.  Microsoft will no longer provide updates after this date.  How:

VMware has released security updates to address Critical vulnerabilities affecting the VMware Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

GitLab released  security updates to address a Critical vulnerability in self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). An unauthenticated attacker with access to any signed saml document (by the IdP) can forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as an arbitrary user within the vulnerable system.