New Vulnerabilities Wednesday 29 June

New Alerts for Advantech, Dell, IBM, Omron, Motorola, NETGEAR, and Node.js. Advantech  Advantech iView contains several vulnerabilities, including SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, and Command Injection. Successful exploitation of these vulnerabilities could allow an attacker to read or modif...

0
  89 Hits

New Vulnerabilities Tuesday 28 June

New Alerts for Hitachi Energy, Google Chrome, Google ChromeOS, IBM, HPE, and Linux. Hitachi Energy A vulnerability exists in the HCI Modbus TCP function included in RTU500 series firmware. An attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The v...

0
  103 Hits

New Vulnerabilities Monday 27 June

New Alerts for curl, NetApp, and Linux. curl  When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a MitM attack to go unnoticed and allows it to inject data to the client.More info.curl supports "chained" HTTP compression algorithms, with an unbounded number of accepta...

0
  103 Hits

New Vulnerabilities Friday 24 June

New Alerts for Secheron, Pyramid Solutions, Microsoft Edge, Hitachi, Brocade, WatchGuard, and Linux. Secheron  Secheron SEPCOS Control and Protection Relay contains multiple security vulnerabilities, including Improper Enforcement of Behavioral Workflow, Lack of Administrator Control over Security, Improper Privilege Management, Insufficiently...

0
  163 Hits

New Vulnerabilities Thursday 23 June

New Alerts for SMA Technologies, IBM, Hikvision, Bosch, CODESYS, and Linux. SMA Technologies  SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.More info. IBM  IBM CICS TX Advanced could allow a remote at...

0
  187 Hits

New Vulnerabilities Wednesday 22 June

New Alerts for JTEKT, QNAP, Google, Siemens, Xerox, and HPE. JTEKT  JTEKT TOYOPUC Products contains a Missing Authentication for Critical Function vulnerability, known as "OT:ICEFALL". The vulnerabilities could allow an attacker to change controller configurations, manipulate data, cause a DoS or execute arbitrary machine code. CVSSv3 score of...

0
  194 Hits

New Vulnerabilities Tuesday 21 June

New Alerts for IBM, Squid, Phoenix Contact, and Weidmüller. IBM  IBM Cloud Pak for Business Automation has been updated to address several security vulnerabilities. Highest CVSSv3 score of 9.8More info. Squid Due to improper buffer management Squid is vulnerable to a DoS attack when processing Gopher server responses. CVSSv3 score of 9.8More i...

0
  194 Hits

New Vulnerabilities Monday 20 June

New Alerts for IBM and Linux. IBM IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift. Highest CVSSv3 score of 9.8More info.IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema. CVSSv3 score of 9.8More info. Linux  OpenSUSE has updated the kernel. More info.Ubuntu has updated the microcode...

0
  215 Hits

New Vulnerabilities Friday 17 June

New Alerts for AutomationDirect, HPE, Dell, IBM, NetApp, and Linux. AutomationDirect  AutomationDirect's DirectLOGIC with Ethernet Communication Modules contain several vulnerabilities, including Uncontrolled Resource Consumption and Cleartext Transmission of Sensitive Information. Successful exploitation of these vulnerabilities could cause a...

0
  279 Hits

New Vulnerabilities Thursday 16 June

New Alerts for Cisco and IBM. Cisco  Cisco has published 7 new bulletins, 2 rated Critical, 1 High, and 4 Medium.More info.A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, and Cisco Email Security Appliance could allow an unauthenticated, remote attacker to bypass authentication and log in to ...

0
  279 Hits

New Vulnerabilities Wednesday 15 June

Monthly Patches are out for Microsoft and Adobe. New Alerts for AUMA, Hitachi Energy, Citrix, Salt, and Linux. Palo Alto Monthly Patches are expected out this afternoon. Microsoft  Microsoft Monthly Patches are out, with 60 patched vulnerabilities, 3 rated Critical. This includes a patch for the "Follina" MSDT vulnerability. Highest CVSSv3 sco...

0
  257 Hits

New Vulnerabilities Tuesday 14 June

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Mitsubishi Electric and Linux. Monthly Patches for Microsoft and Adobe are expected out this afternoon, and Monthly Patches for Palo Alto Networks are out tomorrow. SAP  SAP Security Patch Day includes 10 new Security Notes and 2 updated Security Notes. Of the new...

0
  300 Hits

New Vulnerabilities Monday 13 June

New Alerts for PHP, SICK, IBM, and Linux. PHP  A remote attacker can exploit several vulnerabilities in PHP to execute arbitrary code or cause a DoS.More info. And here. SICK  Multiple vulnerabilities in MySQL affect SICK Package Analytics, including Buffer-Overflow, Improper Access Control, and Improper Certification Validation. Highest ...

0
  289 Hits

New Vulnerabilities Friday 10 June

New Alerts for Google Chrome, Microsoft Edge, Moxa, Medtronic, and NetApp.  Google  Google has published an update for Chrome for Desktop, with 7 security fixes.More info. Microsoft  Microsoft has released the latest Microsoft Edge Stable Channel, which incorporates the latest security updates of the Chromium project.More info. Moxa&...

0
  324 Hits

New Vulnerabilities Thursday 09 June

New Alerts for Festo, IBM, and Linux. Festo  The Festo controller CECC-X-M1 product family is affected by a preauthentication command injection vulnerability. CVSSv3 score of 9.8A fix is expected by the end of the month.More info. IBM  IBM Cognos Command Center is affected by multiple vulnerabilities in third-party software included with ...

0
  325 Hits

New Vulnerabilities Wednesday 08 June

Monthly Patches for Fortinet are out. New Alerts for GE Grid Solutions, HPE, Apache, InfiRay, and Linux. Fortinet  Fortinet Monthly Patches are out, with 7 new bulletins, 1 rated Critical, 3 rated High, and 3 Medium. Highest CVSSv3 score of 9.More info.Fortinet has updated Apache Airflow library to address security vulnerabilities that affect ...

0
  315 Hits

New Vulnerabilities Tuesday 07 June

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Dell, Mitsubishi Electric, Dräger, IBM, and Linux. Qualcomm  Qualcomm Monthly Patches are out with 19 vulnerabilities, 4 rated Critical and 15 rated High. Rhere are an additional 4 vulnerabilities in open source software, all rated Medium. Highest C...

0
  363 Hits

New Vulnerabilities Monday 06 June

New Alerts for Atlassian and Dell.                   Tomorrow is Mobile Monthly Patch day. Atlassian  Atlassian has patched the critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server.More info. Dell  Dell has published security updates for thi...

0
  301 Hits

New Vulnerabilities Friday 03 June

New Alerts for Confluence (Exploited 0-Day), Carrier LenelS2, Illumina, CODESYS, NetApp, and Linux. Atlassian 0-Day Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Patches are expected out today.More info. Carrier LenelS2&nb...

0
  393 Hits

New Vulnerabilities Thursday 02 June

New Alerts for Mitsubishi Electric, IBM, Dell, and Linux. Mitsubishi Electric  DoS and RCE vulnerabilities exist in the Web function on MELSEC-Q and MELSEC-L Ethernet Interface Modules, and in the REST Server function on MELSEC iQ-R MES Interface Module. A remote attacker may cause a DoS or execute malicious code on target products by sending ...

0
  421 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022