Samba has released a software update and patches for two security vulnerabilities (CVE-2020-170704 and CVE-2020-170700) that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
VMware has released a patch for a High severity Stored cross-site scripting (XSS) vulnerability in VMware ESXi.
Adobe has released security updates to address vulnerabilities in Magento, Bridge and Illustrator products. Successful exploitation could lead to arbitrary code execution or information disclosure.
Juniper has released an out-of-band security update for a Junos OS vulnerability CVE-2020-1631 in J-Web and web based (HTTP/HTTPS) services.
Google has released Chrome 81.0.4044.129 for Windows, Mac and Linux. An attacker could exploit these vulnerabilities to take control of impacted systems.
OpenSSL patched a high severity vulnerability CVE-2020-1967 in certain OpenSSL versions. As a result, a bad actor could exploit and launch a Denial of Service attack against impacted systems.
Microsoft has released a new patch for multiple remote code execution (RCE) vulnerabilities in software that uses the Autodesk FBX library.
Google has released Chrome 81.0.4044.122 for Windows, Mac and Linux, as well as a new beta version of Chrome for Android.
Security researchers have spotted a spearphishing campaign that targets companies in the oil and gas sector to drop Agent Tesla malware.
Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.