New Alerts for Unify, Google Pixel (Exploit), D-Link, curl, and Linux.
Unify
Three command injection vulnerabilities have been identified in the Atos Unify OpenScape 4000 Platform and the Atos Unify OpenScape 4000 Manager Platform. A remote attacker can run arbitrary commands on the platform operating system and get administrative access to the system. Highest CVSSv3 score of 9.8
More info.
Google has published the Monthly Patch Update for Pixel phones. There are 46 patched vulnerabilities, plus Android and Qualcomm. This includes a fix for the Samsung 0-Day reported on Friday.
More info.
D-Link DIR-456U has hardcoded passwords, but was EOL 5 years ago.
More info.
Several vulnerabilities have been identified in curl that allows connection reuse when options have changed that should trigger a new session, as well as improper evaluation of tilde (~) in a path string, and passing TELNET values without input scrubbing. Most are rated Low, 1 is rated Medium.
More info.
SUSE has updated the kernel. More info.
Comments