UCSF IT Technology

A command injection vulnerability exists within Apache Kylin. For a complete description of the vulnerabilities and affected systems go to Apache Kylin CVE-2022-24697. IT Security Read more about IT Security service offerings.

A classic buffer overflow vulnerability exists within Aruba Networks InstantOS 8.10.0.1. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user.

Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue.

An improper authentication vulnerability exists within Trend Micro Apex One for SaaS. Successful exploitation of this vulnerability could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations. For a complete description of the vulnerabilities and affected systems go to Trend Micro Security Bulletin September 2022. IT Security

Mandiant reveals vulnerability within Moodle 4.0.2. A remote code execution risk when restoring backup files originating from Moodle 1.9 For a complete description of the vulnerabilities and affected systems go to Moodle Security Announcement. IT Security Read more about IT Security service offerings.

IBM released a patch to address a vulnerability in the IBM InfoSphere Information Server on Cloud 11.7. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. For a complete description of the vulnerabilities and affected systems go to IBM Security Bulletin. IT Security Read more about IT Security service offerings.

VMWare has released guidance on protecting vSphere From Specialized Malware. Specialized Malware is being used to exploit and gain persistent access to instances of ESXi.  For a complete description of the vulnerabilities and affected systems go to Protecting vSphere From Specialized Malware. IT Security

Google released Chrome 106.0.5249.61 for Mac/Linux and 106.0.5249.61/62 for Windows. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Chrome Release Note. IT Security

Apple releases security updates to address multiple vulnerabilities in iOS and macOS, including a zero-day flaw that is being actively exploited in the wild. An attacker could exploit some of these vulnerabilities to take control of an affected device. For a complete description of the vulnerabilities and affected systems go to Apple Security Updates. IT Security

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild. Exploitation of some of this vulnerability could allow a remote attacker to take control of an affected website. For a complete description of the vulnerabilities and affected systems go to Over 280,000 WordPress Sites Attacked. IT Security