UCSF IT Technology

SAP has released its August Patch Day security updates to address vulnerabilities in multiple SAP Products. An attacker could exploit some of these vulnerabilities to retrieve sensitive information in plaintext over the network.

Cisco released security updates to address High vulnerabilities in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. These vulnerabilities could allow an unauthenticated, remote attacker to retrieve an RSA private key.

Intel has released security updates to address Severe vulnerabilities in multiple Intel products. A remote attacker could exploit these vulnerabilities to perform privilege escalation or information disclosure.  For a complete description of the vulnerabilities and affected systems Intel® Product Security Center Advisories. IT Security

PHP released a security update to address a vulnerability in PHP 8.1.7. In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third-party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. For a complete description of the vulnerabilities and affected systems: 

Palo Alto Networks released a security update to address a vulnerability in Palo Alto Networks PAN-OS Firewall. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. For a complete description of the vulnerabilities and affected systems CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering.   IT Security

Microsoft released their August Security Update to address vulnerabilities in multiple products. An attacker can exploit some of this vulnerability to execute arbitrary code. For a complete description of the vulnerabilities and affected systems Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability. IT Security

Microsoft released their August Security Update to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.   For a complete description of the vulnerabilities and affected systems August 2022 Security Update. IT Security

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.  

AMD released a security bulletin to address vulnerabilities in AMD Processors. By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. For a complete description of the vulnerabilities and affected systems Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors. IT Security

Cisco has released a security advisory to address Critical vulnerabilities in the Cisco Small Business RV Series Routers. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.