New Alerts for Cisco, Atlassian, Apple, IBM, Dell, and Linux.
Cisco
Cisco has published 7 new bulletins, 1 rated Critical, 1 rated High, 4 rated Medium, and 1 Informational.
More info.
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. CVSSv3 score of 9.8
More info.
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. CVSSv3 score of 7.4
More info.
When the Questions for Confluence app is enabled on Confluence Server or Data Center, it creates a Confluence user account with the username disabledsystemuser, a hardcoded password, and is added to the confluence-users group. A remote attacker with knowledge of the hardcoded password could exploit this to log into Confluence. Atlassian rates this Critical.
More info.
A vulnerability in multiple Atlassian products allows a remote attacker to bypass Servlet Filters used by first and third party apps. Atlassian rates this Critical.
More info.
Apple has released security updates for Safari, watchOS, macOS, tvOS, iOS, and iPadOS.
More info. And here.
IBM Security Verify Information Queue (ISIQ) uses vulnerable Node.js, Wire Schema, and Google gRPC framework versions. Highest CVSSv3 score of 9.8
More info. And here. And here.
IBM PureData System for Operational Analytics contains a vulnerable version of IBM DB2. Highest CVSSv3 score of 9.8
More info.
Dell VNX2 Operating Environment for File contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Highest CVSSv3 score of 9.8
More info.
SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated the kernel. More info.
Comments