CND News and Blog

New Vulnerabilities for Wednesday 21 September


New Alerts for Dataprobe, Bosch, Microsoft, VMware, Mozilla, Dell, Tenable, and Linux.

Dataprobe 

Dataprobe iBoot-PDU FW contains multiple vulnerabilities, including: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SSRF. Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device. Highest CVSSv3 score of 9.8
More info.

Bosch 

BVMS Operator Client application or the VIDEOJET Decoder VJD-7513 may receive an unencrypted live-stream from a camera which allows a MitM attacker to compromise the confidential video streams. CVSSv3 score of 7.4
More info.

Microsoft 

Disabling the Allow connection fallback to NTLM option in Client Push Installation Properties is not honored under certain conditions. CVSSv3 score of 7.5
More info.

VMware 

Applications that allow HTTP PATCH access to resources exposed by Spring Data REST allow a remote attacker who knows about the structure of the underlying domain model to craft HTTP requests that expose hidden entity attributes. CVSSv3 score of 6.5
More info.

Mozilla 

Mozilla has published updates rated High for Firefox and Firefox ESR.
More info.

Dell 

NetWorker vProxy remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Tenable 

Nessus Network Monitor includes third-party software, and has been updated that software to correct security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Linux 

Red Hat has updated the kernel More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 08 December 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.