New Vulnerabilities Thursday 28 March

New Alerts for Cisco, Splunk, NVIDIA, Microsoft Edge (Exploit), IBM, DrayTek, Wireshark, and Linux.

Cisco 

Cisco has published 17 new bulletins, 10 rated High and 7 rated Medium. Highest CVSSv3 score of 8.6
More info.

A vulnerability in the LISP feature of IOS Software and IOS XE Software could allow a remote attacker to cause an affected device to reload. CVSSv3 score of 8.6
More info.

A vulnerability in the IPv4 SD-Access fabric edge node feature of IOS XE Software could allow a remote attacker to cause high CPU utilization and stop all traffic processing, resulting in a DoS. CVSSv3 score of 8.6
More info.

Multiple vulnerabilities in the IKEv1 fragmentation feature of IOS Software and IOS XE Software could allow a remote attacker to cause a heap overflow or corruption on an affected system. CVSSv3 score of 8.6
More info.

A vulnerability in the DHCP snooping feature of IOS XE Software could allow a remote attacker to cause an affected device to reload unexpectedly, resulting in a DoS. CVSSv3 score of 8.6
More info.

A vulnerability in the IP packet processing of AP Software could allow a remote attacker to cause a DoS. CVSSv3 score of 8.6
More info.

Splunk has published 2 bulletins, both rated High, and 2 bulletins regarding third-party software, one rated High and one Low. Highest CVSSv3 score of 8.1
More info.

Splunk Enterprise and Splunk Cloud Platform contain a vulnerability that could allow a remote attacker to execuute SPL commands. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. CVSSv3 score of 8.1
More info.

NVIDIA has released a software update for ChatRTX that fixes two security vulnerabilities. Highest CVSSv3 score of 8.2
More info.

Microsoft has updated Edge with the latest chromium fixes, which are reported as exploited in the wild.
More info.

Multiple security vulnerabilities have been identified in IBM MQ which shipped with IBM Intelligent Operations Center.
More info.

IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git. Highest CVSSv3 score of 9.8
More info.

IBM QRadar SIEM includes vulnerable components. Highest CVSSv3 score of 9.1
More info.

IBM Planning Analytics Workspace has addressed multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.

PostgreSQL JDBC Driver is used by IBM Cloud Pak for AIOps for connection configuration. CVSSv3 score of 10.
More info.

Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights. Highest CVSSv3 score of 9.8
More info.

DrayTek routers contain an information disclosure vulnerability. A remote attacker can retrieve the router's information through a specified POST request.
More info.

Wireshark has been updated to fix a T.38 protocol dissector crash that could result in a DoS. CVSSv3 score of 7.5
More info.

SUSE has updated the kernel. More info.
Mageia has updated the kernel. More info.