Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
3137 Results
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple Apple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. For a complete description of the vulnerabilities and affected systems go to Apple Security Updates. IT Security
Medium and High Vulnerabilities in Multiple Cisco Products
Cisco has released security updates to address Medium and High vulnerabilities in multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Cisco Security Advisories and Alerts. IT Security
Vulnerability in OWASP ModSecurity Core Rule Set
Mandiant has released a vulnerability report to address a vulnerability in OWASP ModSecurity Core Rule Set 3.2.0. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. For a complete description of the vulnerabilities and affected systems go to CVE-2020-22669 Detail.
High Vulnerability in vm2 Impacting Red Hat ACM
Mandiant reported a security update for a High vulnerability in vm2. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. For a complete description of the vulnerabilities and affected systems go to Bug 2124794 (CVE-2022-36067) - CVE-2022-36067 vm2: Sandbox Escape in vm2. IT Security
High Vulnerability in the HP Pre-Installed Support Assistant Tool
HP has released security updates to address a High vulnerability in the HP Pre-Installed Support Assistant Tool. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
Weaponized Vulnerability in Open Web Analytics (OWA)
H-ISAC reported that a Weaponized Vulnerability in Open Web Analytics (OWA). An attacker could exploit this vulnerability to escalate privileges. For a complete description of the vulnerabilities and affected systems go to CVE-2022-24637 Detail. IT Security Read more about IT Security service offerings.
Standard
Ordering Apple Devices (iPads and Macs)
Who Can Order?To order any computers (including iPads and other mobile devices) intended to be UCSF-owned devices, please check with your supervisor, manager or department chair to determine if you are authorized to purchase before placing an order.
Impacted Services: Computer and Accessory Ordering, IT Field Services (ITFS) Desktop Support
Vulnerabilities in Cisco Small Business RV Series Routers will not be patched (End of Life)
Cisco has released a security advisory to announce that they will not patch vulnerabilities in older versions of their Cisco Small Business RV Series Routers. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
Vulnerabilities in Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor
Cisa released an Advisory to address vulnerabilities in Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. Successful exploitation of these vulnerabilities could allow a threat actor to cause a denial-of-service condition, modify firmware with physical access to the device, access a root shell, or employ hard-coded credentials to make configuration changes.
Mirai Variant MooBot Targeting D-Link Devices
Palo Alto Networks Unit 42 created a response report to address attacks leveraging several vulnerabilities in D-Link devices. An attacker could exploit these vulnerabilities to take control of devices and conduct further attacks such as distributed denial-of-service (DDoS) attacks.