New Alerts for Cambium Networks, InHand Networks, IBM, Apache Tomcat, Zyxel, and Linux.

Cambium Networks 

Cambium Networks cnMaestro contains multiple vulnerabilities, including OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function, Successful exploitation of these vulnerabilities could allow a remote attacker to gain RCE, sensitive data exfiltration, and complete takeover of the main multi-tenant cloud infrastructure. Highest CVSSv3 score of 9.8
More info.

InHand Networks 

InHand Networks has confirmed the vulnerabilities impacting the Industrial Router IR302, which will allow attackers to execute arbitrary commands, file uploading, increase privileges or steal cookies via specific request. Highest CVSSv3 score of 9.9
More info.

IBM 

Vulnerability in IBM SDK Java affects IBM Cloud Pak System. CVSSv3 score of 9.8
More info.

IBM Security Guardium has fixed several vulnerabilities by updating the Apache Thrift component. Highest CVSSv3 score of 9.8
More info.

Apache 

Apache Tomcat has a Request Mix-up vulnerability that could result in connections using the same object concurrently which could result in information disclosure. Apache rates this High.
More info.

Zyxel 

Zyxel has released patches for an OS command injection vulnerability. CVSSv3 score of 9.8
More info.

Linux 

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel and rsyslog. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts