Palo Alto Networks released security updates due to a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces that could lead to an attacker taking control of an affected system.

Sources: Palo Alto Networks

VMware released a security update due to a vulnerability in Tanzu application service for VMs that would allow an attacker to cause a denial-of-service condition.

Sources: VMware, CISA

Apple released a security update for iCloud for Windows 13 due to multiple vulnerabilities that could lead to an attacker gaining control of an affected system.

Sources: Apple

CISA released an industrial control systems advisory on vulnerabilities in multiple open-source and proprietary object management group data distribution service implementations that could lead to denial-of-service or buffer-overflow conditions.

Sources: CISA

CISA released a joint alert with the help of the FBI and the U.S. Coast Guard Cyber Command about a vulnerability, CVE-2021-40539, in ManageEngine ADSelfService Plus that is being targeted. Palo Alto Networks and Microsoft Threat Intelligence Center (MSTIC) also released their own reports on targeted attacks.

Sources: CISA, Palo Alto Networks, MSTIC

Adobe released security updates for multiple Adobe products, such as RoboHelp, InCopy and Creative Cloud Desktop Application, that have vulnerabilities that could allow an attacker to take control of affected systems.

Sources: Adobe RoboHelp, Adobe InCopy, Adobe Creative Cloud Desktop Application

Citrix released security updates addressing vulnerabilities affecting multiple versions of Citrix Application Delivery Controller, Gateway and SD-WAN WANOP that could lead to a denial-of-service condition.

Sources: Citrix

Microsoft released security updates addressing multiple vulnerabilities that an attacker could use to take control of affected systems.

Sources: Microsoft November update list, Microsoft update guide

Samba released security updates due to vulnerabilities in multiple versions of Samba that an attacker could use to take control of affected systems.

Sources: Samba, CISA

CISA released an ICS advisory explaining multiple vulnerabilities in Siemens Nucleus Real-Time Operating Systems (RTOS) and supporting libraries that could lead an attacker to gain control of an affected system.

Sources: CISA