Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Dell, Mitsubishi Electric, Dräger, IBM, and Linux.

Qualcomm 

Qualcomm Monthly Patches are out with 19 vulnerabilities, 4 rated Critical and 15 rated High. Rhere are an additional 4 vulnerabilities in open source software, all rated Medium. Highest CVSSv3 score of 9.8
More info.

Google 

Google has published the Android Monthly Patches, with 29 vulnerabilities plus third-party software updates. Four are rated Critical, with 2 allowing RCE.
More info.

Google has published the Pixel Monthly Patches, with 75 vulnerabilities plus Android and third-party software updates. Five are rated Critical, with 4 allowing RCE.
More info.

Samsung 

Samsung Monthly Patches are out, with 25 vulnerabilties plus Android and third-party software patches. One is rated High.
More info.

Dell 

Dell has published an update for Precision Workstation 7920 Rack that fixes an Improper Authentication vulnerability in iDRAC9 that may be exploited by remote attackers to gain access to the VNC Console. CVSSv3 score of 9.6.
More info.

Mitsubishi Electric 

Security vulnerabilities exist in encryption communications on Mitsubishi Electric air conditioning systems, including information disclosure, information tampering and DoS. Highest CVSSv3 score of 7.5
More info.

Dräger 

A security vulnerability was identified in the OpenSSL library used by Dräger Clinical Assistance Package 1.0 devices. The vulnerability could allow a remote attacker to carry out a DoS attack on the device. Dräger has deemed the risk acceptable in most instances, and will not patch. CVSSv3 score of 7.5
More info.

IBM 

CP4D Match 360 is vulnerable to remote attacker executing arbitrary code within IBM WebSphere Application Server Liberty. Highest CVSSv3 score of 9.8
More info.

IBM Security SiteProtector System is affected by multiple Apache HTTP Server vulnerabilities. Highest CVSSv3 score of 9.8
More info.

There are multiple vulnerabilities in Liberty, IBM Runtime Environment Java, Dojo and OpenSSL used by IBM MessageGateway/ MessageSight. Highest CVSSv3 score of 9.8
More info.

Security vulnerabilities in 3rd party software have been patched in the IBM MaaS360 Cloud Extender Agent, Mobile Enterprise Gateway and MaaS360 VPN module. Highest CVSSv3 score of 9.8
More info.

Linux 

Red Hat has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts