CND News and Blog

New Vulnerabilities Wednesday 10 August


Monthly Patches are out for Microsoft and Adobe. New Alerts for VMware, Hitachi, Zoom, and Linux.

Microsoft 

Microsoft Monthly Patches are out, with patches for 141 vulnerabilities, 17 rated Critical, 2 previously disclosed, and 1 being exploited. Highest CVSSv3 score of 9.8
More info. And here. And here.

An RCE Windows PPP wormable vulnerability exists, a remote attacker could send a specially crafted connection request to a RAS server, which could lead to RCE on the RAS server machine.CVSSv3 score of 9.8.
More info.

Adobe 

Adobe Monthly Patches are published, with 5 new bulletins for Commerce, Acrobat and Reader, Illustrator, FrameMaker, and Premiere Elements. Highest CVSSv3 score of 9.1
More info.

Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and security feature bypass. Highest CVSSv3 score of 9.1
More info.

VMware 

VMware vRealize Operations contains an authentication bypass vulnerability. A remote attacker may be able to create a user with administrative privileges. CVSSv3 score of 5.6
Note there are other vulnerabilities that require privileges in this bulletin.
More info.

Hitachi 

Several vulnerabilities exist in third-party software included in Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor and Ops Center. Highest CVSSv3 score of 9.8
More info.

Zoom 

Zoom On-Premise Meeting Connector Zone Controller fails to properly parse STUN error codes, which can result in memory corruption or arbitrary code execution. CVSSv3 score of 7.5
More info.

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for RCE. CVSSv3 score of 9.7
More info.

Linux 

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 25 September 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.