UCSF IT Technology

Cisco has released a security advisory to address Critical vulnerabilities in the Cisco Small Business RV Series Routers. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

Webmin released a security update to address a vulnerability in Webmin  that has been weaponized.  For a complete description of the vulnerabilities and affected systems WEBMIN UP TO 1.996 UI COMMAND SOFTWARE/APT-LIB.PL CROSS SITE SCRIPTING. IT Security Read more about IT Security service offerings.

Microsoft released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager that has likely been weaponized. These vulnerabilities could allow an attacker to escalate privileges.  For a complete description of the vulnerabilities and affected systems Microsoft Endpoint Configuration Manager Elevation of Privilege Vulnerability.

DrayTek has released security updates to address a Critical vulnerability in DrayTek Vigor routers. These vulnerabilities could allow an unauthenticated attacker to execute arbitrary code and take complete control of a vulnerable device.

F5 has released security updates to address High and Medium vulnerabilities in multiple F5 products. A privileged attacker could exploit some of these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems F5 security advisories. IT Security

Red Hat and Moodle released security updates to address a vulnerability in Moodle and Red Hat Fedora. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. For a complete description of the vulnerabilities and affected systems:  Red Hat Fedora 36

Dell has released Critical updates to address vulnerabilities in the Dell PowerStore Family. Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive Authentication Attempts Vulnerability in PowerStore Manager GUI. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.

Zimbra released security updates to address a vulnerability in Zimbra Enterprise Email Solution that is being actively exploited. An unauthenticated attacker could exploit this vulnerability to steal cleartext credentials from a targeted Zimbra instance without any user interaction. For a complete description of the vulnerabilities and affected systems Zimbra Product Releases. IT Security

Red Hat and Squirrel have released security updates to address a vulnerability in Squirrel impacting Debian and Red Hat Products.  An attacker could exploit this vulnerability to perform an out-of-bounds read (in the core interpreter) that can lead to Code Execution. For a complete description of the vulnerabilities and affected systems: