VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review VMware Security Advisory VMSA-2020-0027 and apply the necessary workarounds.

VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN Orchestrator. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0025 and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5 and apply the necessary updates.

Google has released Chrome version 87.0.4280.66 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Advisory SA-CORE-2020-012, apply the necessary updates, and follow the additional recommendation.

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

• Integrated Management Controller Multiple Remote Code Execution Vulnerabilities cisco-sa-ucs-api-rce-UXwpeDHd
• DNA Spaces Connector Command Injection Vulnerability cisco-sa-dna-cmd-injection-rrAYzOwc
• IoT Field Network Director Unauthenticated REST API Vulnerability cisco-sa-FND-BCK-GHkPNZ5F
• Secure Web Appliance Privilege Escalation Vulnerability cisco-sa-wsa-prv-esc-nPzWZrQj
• IoT Field Network Director SOAP API Authorization Bypass Vulnerability cisco-sa-FND-AUTH-vEypBmmR
• IoT Field Network Director Missing API Authentication Vulnerability cisco-sa-FND-APIA-xZntFS2V

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
 

Cisco has released security updates to address vulnerabilities in Cisco Security Manager. A remote attacker could exploit these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

• Cisco Security Manager Path Traversal Vulnerability cisco-sa-csm-path-trav-NgeRnqgR
• Cisco Security Manager Static Credential Vulnerability cisco-sa-csm-rce-8gjUz9fW

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for macOS Big Sur 11.0, 11.0.1; macOS High Sierra 10.13.6, macOS Mojave 10.14.6; and Safari 14.0.1 and apply the necessary updates.

Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates.

• Google Chrome Release
• Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory 2020-154

Adobe has released security updates to address vulnerabilities in multiple products.  An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe security advisories for Adobe Connect and Adobe Reader for Android and apply the necessary updates.