UCSF IT Technology

Android released its January Android update to address multiple vulnerabilities in Android Devices. The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.

Red Hat released multiple security updates in December for various Red Hat products.

Ubuntu released multiple security updates in December for various Ubuntu products.

Suse released multiple security updates in December for various Suse products.

Apache released an advisory to address a vulnerability in CXF before 3.5.5 and 3.4.10. An attacker could exploit this vulnerability to perform SSRF style attacks on webservices that take at least one parameter of any type. For a complete description of the vulnerabilities and affected systems go to CVE-2022-46364: Apache CXF SSRF Vulnerability. IT Security

Netgear has released a security advisory to address a vulnerability in Netgear products. An attacker could exploit this vulnerability to create a pre-authentication buffer overflow. For a complete description of the vulnerabilities and affected systems go to Security Advisory for Pre-Authentication Buffer Overflow on Some Routers, PSV-2019-0208. IT Security

CISA has released advisories to address vulnerabilities in Rockwell Automation Controllers. An attacker could exploit these vulnerabilities to perform remote code execution or launch a denial-of-service (Dos) attack.    For a complete description of the vulnerabilities and affected systems go to ICS-Cert Advisories. IT Security