New Alerts for Cisco, ClamAV, SonicWall, IBM, NetApp, Django, and Linux.
Cisco
Multiple vulnerabilities in the Cisco Expressway Series could allow a remote attacker to conduct CSRF attacks, which could allow the attacker to perform arbitrary actions on an affected device. CVSSv3 score of 9.6
More info.
Secure Endpoint products are affected by a vulnerability in the OLE2 file format parser of ClamAV that could allow a remote attacker to cause a DoS on an affected device. CVSSv3 score of 7.5
More info.
Two security vulnerabilities have been patched in ClamAV that allowed DoS and command injection.
More info.
An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which could allow a remote attacker to bypass authentication. CVSSv3 score of 8.6
More info.
IBM Sterling Control Center is vulnerable to DoS due to Spring Boot and RCE due to Spring Framework. Highest CVSSv3 score of 9.8
More info.
A vulnerability in Apache Derby affects IBM Cloud Pak System. CVSSv3 score of 9.1
More info.
Vulnerabilities contained within OpenVPN, OpenSSL, and Elipse Jetty and Netty were addressed in MaaS360 Cloud Extender Agent and VPN Modules, and MaaS360 Mobile Enterprise Gateway (MEG). Highest CVSSv3 score of 9.8
More info.
A vulnerability with the Linux kernel affects IBM Cloud Object Storage Systems. CVSSv3 score of 9.8
More info.
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Only one patch is available.
More info.
Django has been updated to fix a vulnerability in the intcomma template filter that could result in a DoS.
More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
