CIS Advisories

CIS Advisories

243 bookmarks
Custom sorting
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files Adobe Reader is used to view, create, print, and manage PDF files Adobe Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms Adobe Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Notepad++ Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Notepad++ Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Notepad++, the most severe of which could result in arbitrary code execution. Notepad++ is a free and open-source text and source code editor for use with Microsoft Windows. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Notepad++ Could Allow for Arbitrary Code Execution
A Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Could Allow for Unauthorized Access
A Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Could Allow for Unauthorized Access
A vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) software that could allow for unauthorized access. Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors for any distributed network environment. Cisco Firepower Threat Defense (FTD) Software is an integrative software image combining CISCO ASA and Firepower feature into one hardware and software inclusive system to assist in flagging specific network traffic patterns, create alerts and better control your network. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. Utilizing the brute force attack to obtain valid credentials, an attacker could use this to establish unauthorized VPN sessions and then install ransomware.
·cisecurity.org·
A Vulnerability in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Could Allow for Unauthorized Access
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
·cisecurity.org·
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
A Vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Could Allow for Arbitrary Code Execution
A Vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform which could allow for arbitrary code execution. Cisco BroadWorks Application Delivery Platform and Xtended Services Platform is an enterprise-grade calling and collaboration platform that integrates with Cisco Webex to meet the full range of enterprise communications and collaboration needs. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
A Vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in VMware Aria Operations for Networks Could Allow for Remote Code Execution
Multiple Vulnerabilities in VMware Aria Operations for Networks Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered within VMware Aria Operations for Networks, the most severe of which could allow for remote code execution. VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes metrics, APIs, configurations, metadata, integrations, telemetry netflow, sFlow, and IPFIX flow traffic, which traverses the infrastructure. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
·cisecurity.org·
Multiple Vulnerabilities in VMware Aria Operations for Networks Could Allow for Remote Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in ChromeOS Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in ChromeOS Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in ChromeOS, the most severe of which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in ChromeOS Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Junos OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in Junos OS Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Junos OS, which. when chained together. could allow for remote code execution. Junos OS is an operating system that runs across all Juniper routing, switching, and security infrastructure. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Junos OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is used to view, create, print, and manage PDF files. Adobe Reader is used to view, create, print, and manage PDF files Adobe Commerce is an offering that provides companies with a flexible and scalable end-to-end plate form to manage commerce experiences of their customers. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Critical Patches Issued for Microsoft Products, August 08, 2023
Critical Patches Issued for Microsoft Products, August 08, 2023
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Critical Patches Issued for Microsoft Products, August 08, 2023
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
·cisecurity.org·
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Thunderbird is an email client. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Arbitrary Code Execution
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Ivanti Endpoint Manager (EPMM), formerly known as MobileIron Core; which could allow for arbitrary code execution. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. If successfully exploited, an attacker could perform arbitrary file writes to the EPMM server.
·cisecurity.org·
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Safari is a web browser developed by Apple. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS macOS Monterey is the 18th and release of macOS. macOS Big Sur is the 17th release of macOS. tvOS is the operating system for the Apple TV based on Mac OS X. watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Unauthorized Access to API Paths
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Unauthorized Access to API Paths
A vulnerability has been discovered in Ivanti Endpoint Manager Mobile which could allow for unauthorized access to specific API paths. Ivanti Endpoint Manager Mobile is a mobile management software engine that enables IT to set policies for mobile devices, applications and content. If successfully exploited, an attacker could gain unauthorized access to the database, potentially accessing users’ personally identifiable information such as names and phone numbers. Additionally, the attacker can potentially make configuration changes to the server, including creating an administrative account that can make further changes to a vulnerable system.
·cisecurity.org·
A Vulnerability in Ivanti Endpoint Manager Mobile Could Allow for Unauthorized Access to API Paths
Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution
Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Citrix products, the most severe of which could allow for remote code execution. Citrix ADC performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 - Layer 7 network traffic for web applications. Citrix Gateway is used to consolidate remote access infrastructure and provide single sign-on across all applications whether in a data center, in a cloud, or if the apps are delivered as SaaS apps. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Citrix Products Could Allow for Remote Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe ColdFusion Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe ColdFusion Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe ColdFusion, the most severe of which could allow for arbitrary code execution. Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Adobe ColdFusion Could Allow for Arbitrary Code Execution
A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution
A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Apple products, which could allow for arbitrary code execution. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. iPadOS is the successor to iOS 12 and is a mobile operating system for iPads. macOS Ventura is the 19th and current major release of macOS Safari is a graphical web browser developed by Apple. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
A Vulnerability in Apple Products Could Allow for Arbitrary Code Execution
A Vulnerability in Adobe Coldfusion Could Allow for Arbitrary Code Execution
A Vulnerability in Adobe Coldfusion Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Adobe Coldfusion which could allow for arbitrary code execution. Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications. Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
A Vulnerability in Adobe Coldfusion Could Allow for Arbitrary Code Execution
A Vulnerability in FortiOS and FortiProxy Could Allow for Remote Code Execution
A Vulnerability in FortiOS and FortiProxy Could Allow for Remote Code Execution
A vulnerability has been discovered in Fortinet FortiOS and FortiProxy, which could allow for remote code execution. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web gateway that attempts to protects users against internet-borne attacks, and provides protection and visibility to the network against unauthorized access and threats. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
A Vulnerability in FortiOS and FortiProxy Could Allow for Remote Code Execution
A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass
A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass
A vulnerability has been discovered in Cisco SD-WAN vManage which could allow for security mechanism bypass. Cisco SD-WAN vManage is a centralized network management console for controlling, configuring and monitoring devices in a network. Successful exploitation of this vulnerability could allow an attacker to bypass security mechanisms on the targeted host, granting them to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.
·cisecurity.org·
A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Adobe InDesign is a desktop publishing and page layout designing software. Adobe ColdFusion is a commercial rapid web-application development computing platform. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Critical Patches Issued for Microsoft Products, July 11, 2023
Critical Patches Issued for Microsoft Products, July 11, 2023
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
·cisecurity.org·
Critical Patches Issued for Microsoft Products, July 11, 2023
Multiple Vulnerabilities in Progress MOVEit Transfer Could Allow for Unauthorized Database Access
Multiple Vulnerabilities in Progress MOVEit Transfer Could Allow for Unauthorized Database Access
Multiple vulnerabilities have been discovered in Progress Moveit Transfer, which could allow for unauthorized database access. MOVEit Transfer is a managed file transfer software that allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads. If successfully exploited, an attacker could gain unauthorized access to the database, potentially compromising confidential information, user credentials, and other sensitive data. This unauthorized access could also result in unauthorized modifications and disclosure of the database content.
·cisecurity.org·
Multiple Vulnerabilities in Progress MOVEit Transfer Could Allow for Unauthorized Database Access