New Alerts for Johnson Controls, IBM, NetApp, WithSecure, and PostgreSQL.
Johnson Controls
Johnson Controls has confirmed a vulnerability impacting System Configuration Tool. During a XSS attack, an attacker might access cookies and take over the victim's session.
More info.
Multiple vulnerabilities in the Expat library affect IBM Db2 Net Search Extender may lead to denial of service or arbitrary code execution. Highest CVSSv3 score of 9.8
More info.
NetApp has published 9 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Some have patches.
More info.
A DoS vulnerability was discovered in WithSecure products whereby the aeelf component crashes. This can lead to a possible scanning engine crash that can be triggered remotely by an attacker.
More info.
A client memory disclosure exists when connecting with Kerberos to a modified server. A modified, unauthenticated server can cause an over-read and report an error message containing uninitialized bytes from and following its receive buffer, that may be made accessible to the attacker. CVSSv3 score of 3.7
More info.
Comments