CND News and Blog

New Vulnerabilities Thursday 03 November


Quarterly Patches are out for Splunk. New Alerts for Cisco, CODESYS, SICK, IBM, PHP, and HCL Software.

Cisco 

Cisco has published 11 new bulletins, 4 rated High and 7 rated Medium. Highest CVSSv3 score of 8.8
More info.

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.

A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. CVSSv3 score of 4.7
More info.

CODESYS 

CODESYS protocol communication servers generate weak channel IDs, which can be guessed by attackers to disrupt ongoing communication. This affects CODESYS V3 products and CODESYS Control V3 Runtime SYstem Toolkit. CVSSv3 score of 7.5
More info.

When the previously enabled anonymous login is deactivated in the security profile settings, it only removes the associated users and groups for one, but not all the registered components. For all others the anonymous access persists. This affects CODESYS V3 products and CODESYS Control V3 Runtime SYstem Toolkit. CVSSv3 score of 6.5
More info.

Specific crafted HTTP or HTTPS requests may cause an internal buffer over-read, which could crash the web server task of the CODESYS Control runtime system. CVSSv3 score of 7.5
More info.

An unauthenticated attacker is able to block all available TCP connections or communication channels, to prevent legitimate users or clients from establishing a new connection to the CODESYS runtime system. CVSSv3 score of 7.5
More info.

SICK 

SICK discovered a vulnerability in the configuration interface of FlexiCompact that can be accessed via Ethernet or USB. This could allow a remote unauthenticated attacker to impact availabiltiy of the FlexiCompact. CVSSv3 score of 5.9
More info.

IBM 

Security vulnerabilities in base image packages affect IBM Voice Gateway. Highest CVSSv3 score of 9.8
More info.

IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. CVSSv3 score of 9.8
More info.

AIX is affected by arbitrary code execution and DoS due to Python. Highest CVSSv3 score of 9.8
More info.

Apache Commons Text is used by IBM SPSS Modeler as part of the spark function. CVSSv3 score of 9.8
More info.

A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8
More info.

PHP 

PHP 7.4 has been updated for OOB read and buffer overflow vulnerabilities. CVSSv3 score of 9.8
More info.

Splunk 

Splunk Quarterly Patches are out, with 12 bulletins, with 9 rated High, 2 rated Medium, and 1 rated Low. Remote attackers can perform DoS or Reflected XSS. Highest CVSSv3 score of 8.8
More info.

HCL Software 

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. CVSSv3 score of 8.6
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 08 December 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.