COOKIES

To enhance our website and services, we use Google Analytics, which requires your consent below to gather data about your device and site usage. Your data may be transferred outside the EU by Google, where regulations may differ. Consent is voluntary and revocable by contacting us.

Essential cookies are strictly necessary for site operation. For details on cookie usage as well as how we process your data, please read our policy.

Skip to main content

CND News and Blog

Categories
Teams
Archives
Categories:   All Categories
Suggested keywords
x

New Vulnerabilities Thursday 12 October

Vulnerabilities 1085 Hits

Monthly Patches are out for Juniper Networks. New Alerts for Advantech, Mitsubishi Electric, Weintek, Pilz, SICK, IBM, Dell, Apache Tomcat, and Linux.

Advantech 

Advantech WebAccess contains an Information Exposure vulnerability that allows a remote attacker to access user credentials. CVSSv3 score of 6.5
More info

Mitsubishi Electric 

Information disclosure, information tampering and authentication bypass vulnerabilities exist in the MELSEC-F Series main modules. A remote attacker may be able to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. CVSSv3 score of 9.1
More info. And here.

Weintek 

Weintek cMT3000 CMI Web CGI contains Stack-based Buffer Overflow and OS Command Injection vulnerabilities that allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands. Highest CVSSv3 score of 9.8
More info.

Juniper Networks 

Juniper Monthly Patches are out with 31 bulletins, with 9 rated High and 22 rated Medium. Highest CVSSv3 score of 8.4
More info.

Pilz 

Several Pilz products use CodeMeter Runtime from WIBU, which is affected by two vulnerabilities that allow a remote attacker to gain full control over the system running the software product. Highest CVSSv3 score of 9.8
More info. And here.

SICK 

Security vulnerabilities exist in SICK APU products that can be exploited by a remote attacker. Highest CVSSv3 score of 8.2
More info.

IBM 

Vulnerabilities in third-party software affect Robotic Process Automation for Cloud Pak, QRadar SIEM, Db2 REST, Cloud Pak System, Storage Protect for Virtual Environments: Data Protection for VMware, Business Automation Manager Open Editions, Process Mining, Operations Analytics Predictive Insights, QRadar Use Case Manager, Engineering Lifecycle Optimization - Publishing, Jazz Reporting Service. Highest CVSSv3 score of 9.8
More info. And here. And here. And here. And here. And here. And here. And here. And here. And here. And here. And here.

Dell 

There is a security Update for Dell EMC SRM and Dell EMC Storage Monitoring and Reporting (SMR) for multiple third-party component vulnerabilities. Dell rates this Critical.
More info

Apache 

Tomcat processed HTTP trailer headers incorrectly, leading to request smuggling. Tomcat has also been fixed for Rapid Reset and an Information Disclosure vulnerability.
More info.

Linux 

SUSE has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts
Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

About the author

michele654

michele654

Subscribe to updates from author Unsubscribe to updates from author michele654
Author's recent posts
More posts from author

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/