New Alerts for VMware, OPC Foundation, Apple, Dell, F5, ISC, and Linux.
VMware
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware rates this Critical, CVSSv3 score of 9.8.
More info. And CISA bulletin is here.
A vulnerability in the OPC UA Legacy Java Stack that allows a remote attacker to send messages that prevent a server from accepting new requests, resulting in a DoS. CVSSv3 score of 7.5
More info.
Apple has published a security update for iTunes for Windows.
More info.
Dell Technologies PowerProtect DataDomain has been updated to correct an iDRAC9 VNC Console authentication vulnerability. CVSSv3 score of 9.6
More info.
Dell EMC Enterprise Hybrid Cloud has been updated to correct the latest VMware vulnerability that may be exploited by remote attackers to compromise the affected system. CVSSv3 score of 9.8
More info.
Traffix SDC contains a vulnerability in Cyrus SASL that allows an attacker to run arbitrary SQL commands. CVSSv3 score of 8.6
More info.
ISC BIND is vulnerable to a denial of service, caused by an assertion failure when a TLS connection to a configured http TLS listener with a defined endpoint is ended prematurely. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a DoS. CVSSv3 score of 7.5
More info.
Red Hat has updated the kernel. More info.
Comments