New Alerts for Cisco, lighttpd, Progress, BD, and GitLab.
Cisco
Cisco has published 5 new bulletins and 3 updated bulletins. Of the new bulletins, highest CVSSv3 score of 5.8
More info.
A vulnerability in the activation of an ACL on ASA and FTD software could allow a remote attacker to bypass the protection that is offered by a configured ACL on an affected device. CVSSv3 score of 5.8
More info.
Multiple Cisco products are affected by a vulnerability in the Snort IPS rule engine that could allow a remote attacker to bypass the configured rules on an affected system. CVSSv3 score of 5.8
More info.
A vulnerability in the file policy feature that is used to inspect encrypted archive files of FTD software could allow a remote attacker to bypass a configured file policy to block an encrypted archive file. CVSSv3 score of 5.8
More info.
A vulnerability in the Object Groups for ACLs feature of FMC software could allow a remote attacker to bypass configured access controls on managed devices. CVSSv3 score of 5.8
More info.
A vulnerability exists in lighttpd whereby a remote attacker can craft an http request which could result in access to freed memory and allow the attacker to determine the state of memory, resulting in DoS or memory access.
More info.
The Progress MOVEit Automation configuration export function uses a cryptographic method with insufficient bit length. CVSSv3 scoreof 6.1
More info.
BD has published security updates for third-party software used in Pyxis, Alaris, Care Coordination Engine, Identity Provider Manager, and Data Agent.
More info.
GitLab has published a security update that fixes several vulnerabilities. Highest CVSSv3 score of 8.0
More info.
