Category Archives: Advisories

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1

Read Time:32 Second

[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.19.0 to 5.21.0: Patch SC-202209.1
Arnie Cabral
Wed, 09/07/2022 – 10:46

Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (moment.js) was found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc Patch SC-202209.1 updates moment.js to version 2.29.4 to address the identified vulnerabilities.

Read More

Dropping security updates for WordPress versions 3.7 through 4.0

Read Time:45 Second

As of December 1, 2022 the WordPress Security Team will no longer provide security updates for WordPress versions 3.7 through 4.0.

These versions of WordPress were first released eight or more years ago so the vast majority of WordPress installations run a more recent version of WordPress. The chances this will affect your site, or sites, is very small.

If you are unsure if you are running an up-to-date version of WordPress, please log in to your site’s dashboard. Out of date versions of WordPress will display a notice that looks like this:

In WordPress versions 3.8 – 4.0, the version you are running is displayed in the bottom of the “At a Glance” section of the dashboard. In WordPress 3.7 this section is titled “Right Now”.

The Make WordPress Security blog has further details about the process to end support.

Read More

CVE-2021-36782

Read Time:16 Second

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Read More

CVE-2021-36783

Read Time:18 Second

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Read More

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Read Time:25 Second

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.

Read More

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:30 Second

A vulnerability has been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Read More