New Alerts for Johnson Controls, Red Lion, Google Chrome (Exploit), HMS Networks, IBM, and Hitachi.
The pre-release for Oracle Quarterly Patches (out next week) is out now. More info.
Johnson Controls
Johnson Controls Metasys ADS/ADX/OAS Servers contain an Incomplete Cleanup vulnerability. Successful exploitation of this vulnerability could allow a remote attacker to use a session token that has not been cleared upon log out of an authenticated user. CVSSv3 score of 8.1
More info. And here.
Red Lion DA50N contains multiple vulnerabilities, including Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, and Insufficiently Protected Credentials. Successful exploitation of these vulnerabilities could result in data compromise, data modification, and a DoS. Highest CVSSv3 score of 9.6
This Product is EOL, no fixes will be provided.
More info. And here.
Google has updated Chrome for Desktop to fix 2 security vulnerabilities, 1 of which is actively being exploited.
More info.
Microsoft is aware and working. More info.
HMS Anybus products are using Interniche's TCP/IP stack version 2.0 in several older product implementations. This TCP/IP stack is affected by the INFRA:HALT security vulnerabilities.
No patches.
More info.
Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution. CVSSv3 score of 9.8
More info.
IBM Security Guardium is affected by multiple vulnerabilities in Apache Thrift. CVSSv3 score of 9.8
More info.
Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics. CVSSv3 score of 9.8
More info.
A vulnerability exists in Cosminexus HTTP Server and Hitachi Web Server. ap_escape_quotes() may write beyond the end of a buffer when given malicious input. CVSSv3 score of 9.8
More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page