Month: December 2020

Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020. Read more

Original release date: December 8, 2020 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s December 2020 Security Update Summary and Deployment Information and… Read more

Original release date: December 8, 2020 Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.… Read more

Original release date: December 8, 2020 The CERT Coordination Center (CERT/CC) has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol (TCP/IP) stacks. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users… Read more

Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom. Read more

Original release date: December 8, 2020 The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Apache Security… Read more

Original release date: December 8, 2020 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include a missing authentication check vulnerability affecting SAP NetWeaver AS JAVA (P2P Cluster Communication). The Cybersecurity and Infrastructure Security Agency (CISA) encourages… Read more

A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns. Read more

Feds are warning that adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products. Read more

Original release date: December 7, 2020 The National Security Agency (NSA) has released a Cybersecurity Advisory on Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. The actors were found exploiting this vulnerability to access protected data on affected systems. The NSA advisory… Read more