Monthly Patches are out for Fortinet. New Alerts for Netgate, Sub-IoT, Commscope RUCKUS, WAGO, NetApp, and Linux.
Netgate
pfSense login protection managed by sshguard, such as preventing brute force attempts, may not be enforced depending on the content of the request headers in GUI authentication attempts, which may allow an attacker to continue GUI ogin attempts indefinitely.
More info.
Sub-IoT project DASH 7 Alliance Protocol stack implementation contains an Out-of-bounds Write vulnerability. CVSSv3 score of 5.3
More info.
Fortinet Monthly Patches are out, with 40 new bulletins, 2 rated Critical, 15 High, 22 Medium, and 1 Low.
More info.
An external control of file name or path vulnerability in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system. CVSSv3 score of 9.8
More info.
Multiple stack-based buffer overflow vulnerabilities in FortiWeb's proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. CVSSv3 score of 9.3
More info.
A critical vulnerability was found in the web services component in earlier RUCKUS AP software. If the affected web services component is enabled on the AP, this vulnerability allows an attacker to perform RCE and CSRF.
More info.
In WAGO Unmanaged Switch firmware an undocumented configuration interface allows a remote attacker to read system information and configure a limited set of parameters. CVSSv3 score of 9.1
More info.
NetApp has published 21 new bulletins identifying security vulnerabilities in third-party software included in their products.
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Comments