New Alerts for Synology, Mitsubishi Electric, Hikvision, IBM, and Western Digital.
Synology
Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM). CERT Bund rates this CVSSv3 score of 10.
More info.
A DoS vulnerability due to improper resource shutdown or release exists in MELSEC iQ-R, iQ-L series CPU module and MELIPC series. This vulnerability allows a remote attacker to cause a DoS condition in Ethernet communication on the module by sending specially crafted packets. CVSSv3 score of 7.5
More info.
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. CVSSv3 score of 9.1
More info.
Security vulnerabilities in Node.js affect IBM Cloud Pak for Multicloud Management Managed Services. CVSSv3 score of 9.8
More info. And here.
Security vulnerabilities in Apache MINA SSHD and Scala affect IBM Tivoli Netcool Impact. CVSSv3 score of 9.8
More info. And here.
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an information disclosure that could allow an unauthenticated attacker to gain access to user data.
More info.