UCSF IT Technology

Researchers have disclosed an eight-year-old Linux Kernel vulnerability that could be as impactful as the "Dirty Pipe" vulnerability. Dubbed DirtyCred, an attacker could exploit this vulnerability to escalate privileges to the maximum level.

Mandiant released a vulnerability report about a vulnerability in OmniAuth 1.9.0. An improper encoding or escaping of output vulnerability exists within OmniAuth 1.9.0. For a complete description of the vulnerabilities and affected systems go to CVE-2020-36599 Detail. IT Security

Researchers have disclosed vulnerabilities impacting Ultra-wideband (UWB) Real-time Locating Systems (RTLS). A threat actor could exploit these vulnerabilities to tamper with safety zones designated by RTLS to protect workers in hazardous areas.

Zoom released a security update to address a High actively exploited vulnerability in Zoom.  Local low-privileged users could exploit this vulnerability to escalate their privileges to root.

SAP released a security update in February for a vulnerability that is currently being exploited in several SAP Products. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in a complete compromise of confidentiality, integrity, and availability of the system.

Cisco has released security updates to address vulnerabilities in Cisco Secure Web Appliance. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to:

Apple releases security updates for iOS, iPadOS, and macOS to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Apple Security Updates. IT Security

Mandiant reported multiple vulnerabilities in Nodejs undici for Node.js. For a complete description of the vulnerabilities and affected systems go to:

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC). A remote attacker could exploit this vulnerability to compromise vulnerable devices from various original equipment manufacturers (OEMs), ranging from routers and access points to signal repeaters.  

Splunk released its quarterly patches to address multiple vulnerabilities in Splunk products. For a complete description of the vulnerabilities and affected systems Splunk Product Security. IT Security Read more about IT Security service offerings.