UCSF IT Technology

Ubuntu released multiple security updates in January for various Ubuntu products.For a complete description of the vulnerabilities and affected systems go to: Ubuntu January 2024 Archives by date.IT Security

Ivanti has released security updates to address Critical Actively Exploited vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure Gateways. An attacker could exploit this vulnerability to take control of the affected system.

GitLab released a security update to address a Critical vulnerability in GitLab Community  Edition (CE) and Enterprise Edition (EE). Unauthenticated attackers can exploit this vulnerability to write files to arbitrary locations on the GitLab server while creating a workspace.

Juniper Networks released security updates to address High and other vulnerabilities affecting the J-Web component of Junos OS on SRX series firewalls and EX series switches. A cyber threat actor could exploit the most severe of these vulnerabilities to craft a malicious URL that, when visited by a user, could lead to the execution of arbitrary commands with the permissions of the user, including those of an administrator.

Jenkins has released security updates to address Critical and other vulnerabilities in multiple Jenkins products. An attacker could exploit these vulnerabilities to read arbitrary files on the controller file system.For a complete description of the vulnerabilities and affected systems go to: Jenkins Security Advisory 2024-01-24.

WP Engine released a security update to address a Critical Vulnerability in the WordPress Better Search Replace Plugin.  An attacker could exploit this vulnerability to delete arbitrary files, retrieve sensitive data, or execute code.

Mozilla released security updates to address vulnerabilities in multiple Mozilla products. An attacker could exploit some of these vulnerabilities to take control of an affected system.For a complete description of the vulnerabilities and affected systems go to: Mozilla Foundation Security Advisories.IT Security

Splunk released security updates to address High vulnerability in Splunk Enterprise for Windows. A malicious user could exploit this vulnerability to execute malicious code on an affected system.

Google has released new versions of Chrome.For a complete description of the vulnerabilities and affected systems go to: Chrome Releases.IT SecurityRead more about IT Security service offerings.

Juniper Networks released security updates to address a vulnerability affecting Junos OS and Junos OS Evolved.  A cyber threat actor could exploit this vulnerability to cause a Denial if Service (DoS) condition in the backup RE.