New Alerts for Cleo (Exploit), Microsoft, Dell, HPE, Progress, IBM, and Linux.
Cleo Exploit
An unrestricted file upload and download vulnerability could lead to RCE in Harmony, VLTrader, and LexiCom. This is actively exploited.
More info. And here. And here. And here.
Deserialization of untrusted data in Microsoft Update Catalog allows a remote attacker to elevate privileges on the website's webserver. Highest CVSSv3 score of 9.3
More info.
Microsoft has updated Edge with the latest chromium fixes.
More info.
Dell has published new Critical bulletins for PowerFlex Rack, PowerFlex Appliance, and APEX Cloud Platform products.
More info.
Aruba Networking AirWave Management has been updated for multiple vulnerabilities. Highest CVSSv3 score of 7.2
More info.
Telco Service Orchestrator software contains vulnerabilities that allow a remote attackercross-site request forgery, elevation of privilege, and DoS. Highest CVSSv3 score of 8.1
More info.
WhatsUp Gold has been updated to fix several vulnerabilities. Highest CVSSv3 score of 8.8
More info.
IBM has published Critical bulletins for Process Mining, Operations Analytics, Watson Speech Services Cartridge, Guardium Data Security Center, App Connect Enterprise, CloudPak for AIOps, Cognos Dashboards, and QRadar SIEM.
More info.
Ubuntu has updated the kernel. More info.
