Advisories

WSO2 released security updates that addresses the ‘unrestricted file upload’ vulnerability affecting WSO2 products: API Manager, Identity Server, Identity Server Analytics, Identity Server as Key Manager and Enterprise Integrator.

Drupal released security updates that address Drupal 9.2 and 9.3. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all Web & Sys admins to review and implement the updates.

Oracle released a critical patch (cumulative) update that addresses multiple vulnerabilities. Malicious actors are actively exploiting these vulnerabilities.

The GitLab team released security updates that address a critical security vulnerability that could be exploited by a malicious actor to seize control of accounts.

Malicious actors are actively exploiting a critical vulnerability in Apache Log4j Version 2.15.0 . This exploit may lead to remote code execution on targeted servers running the vulnerable Log4j version.

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information.

The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all users to review the security advisory.

Cisco published an update that the public exploit code exists for CVE-2020-350 and further notes that the vulnerability is being actively exploited. This affects Cisco products running vulnerable releases of Cisco ASA Software or FTD Software with a vulnerable AnyConnect or WebVPN configuration.

Google published an urgent security update that addresses 14 vulnerabilities for the Chrome browser. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all users and Systems Admins to immediately update to the latest version 91.0.4472.101.

Microsoft released security updates that address various vulnerabilities for a range of its impacted products. Six of the vulnerabilities are already under exploit.

The Adobe security team published security updates for various products including Adobe Acrobat and reader. These updates fix multiple vulnerabilities within the affected Adobe products.

Cisco released software updates to fix the Webex memory corruption vulnerability. An attacker could exploit this vulnerability by sending a user a malicious WRF file through a link or email attachment to executive arbitrary code on an affected system.

Ransomware launched on a system encrypts all user files and locks out the user with a demand note for anonymous online payment to restore access. Cybercriminals are mainly targeting Windows platform users.

Nginx released a security fix to address the ‘nginx DNS Resolver Off-by-One Heap Write’ vulnerability. The severity rating is HIGH. Systems Admins should immediately implement the fix in order to avoid the risk of Denial of Service.

VMware security team published security updates to address a Remote Code Execution flaw in vCenter Server.

Microsoft released a security update to fix the XSS vulnerability in the SSH Terminal page related vulnerability. Systems Admins should upgrade to Nagios XI 5.8.0 or above in order to avoid infrastructure compromise.

Microsoft released a security update to fix the Windows NTFS Remote Code Execution Vulnerability. A local attacker could run a specially crafted application that would elevate the attacker's privileges.

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator. VMware has evaluated this issue to be of 'Important' severity with a maximum CVSSv3 base score of 7.2.

The cPanel security team released an update that addresses the 2FA bypass vulnerability.

The Drupal security team released a security update to address a critical drupal core Remote Code Execution Vulnerability.