Vulnerability Risk Service

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager.

https://t.co/xzioJvzES1

Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users.

https://t.co/A8lurxG5Fr

Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.

https://t.co/j4HQIeJL5u

Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity.

https://t.co/XOJBqbKegm

Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.

https://t.co/V9JkfM0IJ6

Cisco doesn’t yet have a fix for a zero-day vulnerability in the Linux, MacOS, and Windows versions of its virtual private network (VPN) software, AnyConnect Secure Mobility Client.

https://t.co/DWJGtF1vOM

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows.

https://t.co/gNcFgTZaY1

A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape.

https://t.co/b0jGnwNVCt

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products.

https://t.co/kkl5rPDA7r

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.

https://t.co/JeXfbUff9E