Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481PUBLISHED: 2021-04-10Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020PUBLISHED: 2021-04-10A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194PUBLISHED: 2021-04-09Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195PUBLISHED: 2021-04-09Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
User Rank: Apprentice
1/19/2018 | 5:09:55 AM
One of the issues faced by infra is that some patches are often marked as missing, although a newer one is superseding. This creates headaches.
And risk-based approach is also key. Do you need to patch everything?
Some systems do not need to be patched every month, like MS servers. You can check for new patches every quarter or every six months. Is there a need for automation then?