New Alerts for Microsoft Edge (Exploit) and Entra ID, SonicWall, Rockwell Automation, SolarWinds, Broadcom, and F5.
Microsoft Exploit
Microsoft has updated Edge to include the latest chromium patches as well as 4 Edge specific patches. Exploits are in the wild.
More info.
Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant. CVSSv3 score of 7.5
More info.
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. CVSSv3 score of 8.6
More info.
ThinManager ThinServer contains Information Disclosure and RCE vulnerabilities. Highest CVSSv4 score of 9.3
More info.
Web Help Desk (WHD) is affected by a hardcoded credential vulnerability, allowing a remote attacker to access internal functionality and modify data. CVSSv3 score of 9.1
More info.
Tanzu has 20 security bulletins published that identify vulnerabilities in third-party software included in their product. 1 is rated High, 18 Medium, and 1 Low.
More info.
BIG-IP (DNS) contains a vulnerability in the BIND process that allows a remote atatcker to cause a DoS. CVSSv3 score of 7.5
No patch yet.
More info.
Comments