New Alerts for QNAP, Festo, and ownCloud.
QNAP
QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.
More info.
A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.
More info.
A XSS vulnerability has been reported to affect QuLog Center. The vulnerability could allow a remote attacker to inject malicious code. CVSSv3 score of 8.2
More info.
Festo products include Siemens Simatic S7-1500 CPUs, which has a memory bypass vulnerability. CVSSv3 score of 9.8
Note the vulnerability is from 2020.
More info.
ownCloud has published 5 new bulletins, the wors of which allows request forgery. Highest CVSSv3 score of 8.8
More info.
Improper handling of CSRF protection in the diagnostics app in combination with the `SameSite`-Cookie setting being set to `None` allows cross site invocation of an admin API. CVSSv3 score of 3.1
More info.
Server-Side Request Forgery in federated sharing API may allow a remote attacker to identify internal servers or cause a DoS. CVSSv3 score of 5.3
More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page