New Alerts for Cisco, D-Link (0-Day), Google Chrome (Exploit), Phoenix Contact, Wireshark, F5, and Linux.
Cisco
Cisco has published 8 new bulletins, three rated High and four rated Medium. Highest CVSSv3 score of 7.8
More info.
Multiple vulnerabilities in the web-based management interface of AsyncOS Software for Secure Email and Web Manager; Secure Email Gateway; and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. CVSSv3 score of 6.1
More info.
A vulnerability in the web-based management API of AsyncOS Software for Secure Email Gateway could allow a remote attacker to conduct an HTTP response splitting attack. CVSSv3 score of 6.1
More info.
A vulnerability in the web-based management interface of Cisco Crosswork NSO could allow a remote attacker to redirect a user to a malicious web page. CVSSv3 score of 4.7
More info.
More info. And here.
A vulnerability in D-View allows remote attackers to bypass authentication. CVSSv3 score of 9.8
More info.
Google has patched 9 vulnerabilities in Chrome for Desktop, including one that is actively exploited.
More info.
Microsoft is aware. More info.
Multiple vulnerabilities have been discovered in the Firmware of CHARX SEC charge controllers. One vulnerability allows a MitM attack. Highest CVSSv3 score of 7.8
More info. And here.
Wireshark has been updated to patch 3 vulnerabilities that could result in a DoS.
More info.
A vulnerability in libxml2 allows a remote attacker to cause memory corruption that can lead to access to restricted information, data modification, or a DoS on the BIG-IP, BIG-IQ and Traffix SDC. Highest CVSSv3 score of 6.4
More info. And here.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
