New Alerts for Apache Solr and Wicket, Microsoft Edge, Wind River Systems, Supermicro, Canon, NetApp, and Linux.

Apache 

Solr contains 2 vulnerabilities, zipslip and use of arbitrary files. CVSSv3 score of 8.8
More info. And here.

The request handling in the core in Apache Wicket allows an attacker to create a DoS via multiple requests to server resources. CVSSv3 score of 9.8
More info.

Microsoft 

Edge has been updated with the latest chromium updates and to fix 1 Edge-specific vulnerability.
More info.

Wind River Systems 

The password hashing algorithms used in VxWorks are weak and can be cracked efficiently.
No patches, treated as a feature upgrade.
More info.

Supermicro 

Several security issues have been discovered in Supermicro BMC Firmware. CVSSv3 score of 7.5
More info.

Canon 

Multiple buffer overflow vulnerabilities exist in the Canon Laser Printers and Small Office Multifunctional Printers. Highest CVSSv3 score of 9.1
More info.

NetApp 

NetApp has published 14 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8
More info.

Linux 

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated rsync. More info.
Amazon Linux 2 and 2023 have updated the kernel. More info. And here.
AlmaLinux has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts