Monthly Patches are out for Google Android, Google Pixel, Samsung, Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge, Zoom, Phoenix Contact, and Linux.
Microsoft and Adobe Monthly Patches are expected this afternoon.
Google Android Monthly Patches are out, with 37 addressed vulnerabilities, plus Arm, MediaTek, and Qualcomm patches. Three of the vulnerabilities are rated Critical, the rest are rated High.
More info.
Pixel Monthly Patches include Android and Qualcomm patches.
More info.
Samsung Monthly Patches include 35 SVEs, most rated Moderate, plus Android patches.
More info.
Siemens Monthly Patches contain 12 new bulletins and 11 updated bulletins. Highest CVSSv3 score of the new bulletins is 9.8
More info.
An OpenSSL RSA Decryption vulnerability affects several SIMATIC products. CVSSv3 score of 5.9
More info.
A vulnerability was identified in RUGGEDCOM ROS devices with mirror port enabled, that could allow a remte attacker to inject information into the network via the mirror port. CVSSv3 score of 9.1
More info.
A DoS vulnerability could allow a remote attacker to cause total loss of availability in the web server of the RUGGEDCOM ROS devices. CVSSv3 score of 7.5
More info.
The RUGGEDCOM CROSSBOW server application contains multiple vulnerabilities that could allow a remote attacker to execute arbitrary database queries via SQL injection attacks, to create a DoS, or to write arbitrary files to the application's file system. Highest CVSSv3 score of 9.8
More info.
Schneider Electric has published Monthly Patches, with 1 new bulletin and 3 updated bulletins. The new bulletin has a CVSSv3 score of 5.3
More info.
SAP Security Patch Day includes 15 new security notes and 3 updates. Of the new notes, 1 is rated Hot News, 7 rated High, 6 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.8
More info.
WP 6xxx Web panels contain several vulnerabilities that allow an attacker to read arbitrary files, inject commands and bypass authentication or access control. Also, there are hardcoded session and encryption keys, a missing firmware update signature, and a service running with unnecessary privileges. Highest CVSSv3 score of 9.9
More info.
Several vulnerabilities have been discovered in an open-source component used in PLCnextEngineer. A remote attacker could achieve RCE, privilege escalation and tampering. HIghest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities exist in TC ROUTER, TC CLOUD CLIENT and CLOUD CLIENT devices. Highest CVSSv3 score of 9.6
More info.
Microsoft has updated Edge with the latest chromium patches.
More info.
Zoom has patched 16 vulnerabilities, 3 rated Critical, 8 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.6
More info.
SUSE has updated the kernel firmware. More info.
Red Hat has updated the kernel and kpatch. More info.
Alpine Linux has published a new version. More info.
Comments