New Alerts for Progress Kemp, B&R Automation, IBM, HP, Tenable, and Linux.
Progress Kemp
LoadMaster and ECS Connection Manager cointain a security vulnerability that allows a remote attacker to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication. CVSSv3 score of 10.
More info.
A fix in the B&R web service interface solves a vulnerability that results in an insecure communication channel in the Upgrade Service of B&R. This allows a remote attacker to sniff sensitive data or insert and run arbitrary code.
The support of the insecure communication channel will be disabled on 29th February 2024.
More info.
Vulnerabilities in AIX's Perl could allow an attacker to execute arbitrary commands. Highest CVSSv3 score of 9.8
More info.
IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are vulnerable to information disclosure, buffer overflow, and RCE. Highest CVSSv3 score of 8.8
More info. And here. And here.
Tenable Identity Exposure has been update to fix vulnerabilities in third-party software, ASP.NET Core and Envoy. Highest CVSSv3 score of 9.9
More info. And here.
Ubuntu has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page