New Alerts for Cisco, PaperCut (Exploit), TIBCO, Microsoft Edge (Exploit), NetApp, and HCL Software.
Cisco
Cisco has published 6 new bulletins and 2 updated bulletins. Of the new bulletins, 2 are rated Critical, 2 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.9
More info.
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. CVSSv3 score of 9.1
More info.
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a DoS condition. CVSSv3 score of 8.6
More info.
PaperCut MF/NG has two vulnerabilities that are currently being exploited, one being an unauthenticated RCE vulnerability. Highest CVSSv3 score of 9.8
More info. And here.
TIBCO Spotfire Splus Server contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. CVSSv3 score of 9.8
More info.
Microsoft has updated Edge to include the fix for the exploited CVE fixed in chromium yesterday.
More info.
NetApp has published 12 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8, 6 have patches.
More info.
HCL Connections includes IBM Security Directory Integrator, which contains several vulnerabilities. Highest CVSSv3 score of 9.8
More info.
HCL Commerce includes IBM Db2, which contains several vulnerabilities. Highest CVSSv3 score of 9.8
More info.