Skip to main content

CND News and Blog

New Vulnerabilities Thursday 23 March


New Alerts for Microsoft (0-Day, Acropalypse), Cisco, Varta Storage, Meinberg, OpenSSL, and Philips. 

Microsoft 0-Day

The vulnerability dubbed "Acropalypse" originally identified and fixed in Pixel has now cropped up (see what we did there) in Windows 11's Snipping Tool and Windows 10's Snip & Sketch tool. When editing a saved screenshot and resaving, parts of the original image are recoverable.
More info. And here.

Cisco 

Cisco has published 18 new bulletins, 9 rated High and 11 rated Medium. Highest CVSSv3 score of 8.6
More info.

A remote attacker can cause a DoS through various functions of the XE Software. Highest CVSSv3 score of 8.6
More info. And here. And here. And here.

Varta Storage 

Hard-coded credentials in Web-UI of multiple VARTA Storage products allows an unauthorized attacker to gain administrative access to the Web-UI via network. CVSSv3 score of 9.1
No patch yet.
More info.

Meinberg 

LANTIME firmware has been updated to fix vulnerabilities in third-party software.
More info.

OpenSSL 

A DoS vulnerability in certificate chains has been patched.
More info.

Philips 

Philips has identified 5 products that are vulnerable to the recently patched RCE vulnerabilities in Microsoft. They are working on mitigation.
More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, 25 June 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/