New Alerts for BIND, Medtronic, Philips, Rockwell Automation, Lexmark, ABB, and Linux.

BIND 

A malicious zone can be used to cause a DoS. CVSSv3 score of 7.5
More info.

DNS-over-HTTPS can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. CVSSv3 score of 7.5
More info.

Medtronic 

RemoteView and RemoteControl used by Medtronic representatives to provide remote support for the CareLink 2090 programmer contains a vulnerability in BeyondTrust. CVSSv3 score of 9.8
More info.

Philips 

PICix uses 7-Zip, which has 2 vulnerabilities. Highest CVSSv4 score of 9.8
More info.

Rockwell Automation 

An encryption vulnerability exists in FactoryTalk AssetCentre. Highest CVSSv4 score of 9.3
More info.

Lexmark 

Lexmark has published 6 new security bulletins for Lexmark devices. Highest CVSSv3 score of 9.1
More info.

ABB

ABB has published a bulletin for FLXEON products that identifies vulnerabilities that allow a remote attacker to take remote control of the product and run arbitrary code. Highest CVSSv4 score of 10
These devices are not meant to be Internet-facing.
More info.

Linux 

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts