New Alerts for GitLab, PTZOptics and other PTZ camera vendors, Siemens, Mitel, Ricoh, and XWiki.

GitLab

The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7
More info.

PTZOptics

PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcoded Credentials and Improper Authentication. CVSSv4 score of 9.3
PTZOptics has patched, but others have not.
More info.

Mitel

A path traversal vulnerability in the NuPoint Unified Messaging component of Mitel MiCollab could allow a remote attacker to conduct a path traversal attack due to insufficient input validation. CVSSv3 score of 9.8
More info.

Ricoh

Several vulnerabilities have been reported in Ricoh software, including an RCE vulnerability in Ricoh Streamline NX PC client. Highest CVSSv3 score of 9.8
More info. And here.

Siemens

Mendix Studio Pro contains a vulnerability in the module installation process, that could allow a remote attacker to write or modify arbitrary files in directories outside a developer's project directory. CVSSv4 score of 6.1
More info.

XWiki

The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. It's possible to execute any SQL query. CVSSv4 score of 9.3
More info. And here.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts