New Alerts for QNAP, Festo, and ownCloud.

QNAP 

QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.
More info.

A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.
More info.

A XSS vulnerability has been reported to affect QuLog Center. The vulnerability could allow a remote attacker to inject malicious code. CVSSv3 score of 8.2
More info.

Festo 

Festo products include Siemens Simatic S7-1500 CPUs, which has a memory bypass vulnerability. CVSSv3 score of 9.8
Note the vulnerability is from 2020.
More info.

ownCloud 

ownCloud has published 5 new bulletins, the wors of which allows request forgery. Highest CVSSv3 score of 8.8
More info.

Improper handling of CSRF protection in the diagnostics app in combination with the `SameSite`-Cookie setting being set to `None` allows cross site invocation of an admin API. CVSSv3 score of 3.1
More info.

Server-Side Request Forgery in federated sharing API may allow a remote attacker to identify internal servers or cause a DoS. CVSSv3 score of 5.3
More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts