New Alerts for Blackberry, Baxter, Microsoft Edge, Spring, NetApp, IBM, and Linux.
Blackberry
Multiple vulnerabilities in SecuSUITE Server could allow a remote attacker to enroll an attacker-controlled device to the victim's account and telephone number or inject script commands or other executable content into the server that would run with root privilege. Highest CVSSv3 score of 7.3
More info.
Life2000 Ventilation System contains several vulnerabilities including hard-coded credentials, missing authentication, cleartext transmission of sensitive information, improper restriction of authentication attempts, and others. Highest CVSSv4 score of 10
Baxter plans an announcement for Q2 2025, until then watch your ventilators well.
More info. And here.
Microsoft has updated Edge for the latest chromium updates and one Edge-specific vulnerability.
More info.
Spring Framework has been updated to fix a DoS via Spring MVC controller method. CVSSv3 score of 5.4
More info.
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
No patches yet.
More info.
IBM has published several bulletins rated Critical, including updates for IBM CloudPak for AIOps, Tivoli Network Manager IP, CICS TX Advanced, DevOps Code ClearCase, Sterling Secure Proxy, and others.
More info.
Ubuntu has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.