Quarterly Patches are out for Splunk. New Alerts for Cisco, CODESYS, SICK, IBM, PHP, and HCL Software.
Cisco
Cisco has published 11 new bulletins, 4 rated High and 7 rated Medium. Highest CVSSv3 score of 8.8
More info.
A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.
A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. CVSSv3 score of 4.7
More info.
CODESYS protocol communication servers generate weak channel IDs, which can be guessed by attackers to disrupt ongoing communication. This affects CODESYS V3 products and CODESYS Control V3 Runtime SYstem Toolkit. CVSSv3 score of 7.5
More info.
When the previously enabled anonymous login is deactivated in the security profile settings, it only removes the associated users and groups for one, but not all the registered components. For all others the anonymous access persists. This affects CODESYS V3 products and CODESYS Control V3 Runtime SYstem Toolkit. CVSSv3 score of 6.5
More info.
Specific crafted HTTP or HTTPS requests may cause an internal buffer over-read, which could crash the web server task of the CODESYS Control runtime system. CVSSv3 score of 7.5
More info.
An unauthenticated attacker is able to block all available TCP connections or communication channels, to prevent legitimate users or clients from establishing a new connection to the CODESYS runtime system. CVSSv3 score of 7.5
More info.
SICK discovered a vulnerability in the configuration interface of FlexiCompact that can be accessed via Ethernet or USB. This could allow a remote unauthenticated attacker to impact availabiltiy of the FlexiCompact. CVSSv3 score of 5.9
More info.
Security vulnerabilities in base image packages affect IBM Voice Gateway. Highest CVSSv3 score of 9.8
More info.
IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. CVSSv3 score of 9.8
More info.
AIX is affected by arbitrary code execution and DoS due to Python. Highest CVSSv3 score of 9.8
More info.
Apache Commons Text is used by IBM SPSS Modeler as part of the spark function. CVSSv3 score of 9.8
More info.
A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8
More info.
PHP 7.4 has been updated for OOB read and buffer overflow vulnerabilities. CVSSv3 score of 9.8
More info.
Splunk Quarterly Patches are out, with 12 bulletins, with 9 rated High, 2 rated Medium, and 1 rated Low. Remote attackers can perform DoS or Reflected XSS. Highest CVSSv3 score of 8.8
More info.
HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. CVSSv3 score of 8.6
More info.