Skip to main content

CND News and Blog

Categories
Teams
Archives
Categories:   All Categories
Suggested keywords
x

New Vulnerabilities Tuesday 10 June

Vulnerabilities 67 Hits

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Bosch, Hitachi, SolarWinds, CoreDNS, Trend Micro, Hugging Face, and Linux. Three more vendors are expected to publish Monthly Patches this afternoon. 

Siemens

Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins. Of the new bulletins Highest CVSSv4 score of 9.5 Three of the new bulletins are remotely exploitable, in Elspec G5DVR, Sematics S7-1500, and RUGGEDCOM APE1808 products.
More info.

Schneider Electric

Monthly Patches for Schneider Electric include 3 new bulletins for Insight Home and Insight Facility, Modicon Controllers, and EVLink WallBox. Highest CVSSv4 score of 7.1
More info.

SAP

SAP Monthly Patch day includes 14 new Security Notes, 1 rated Critical, 5 rated High, 6 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.6
More info.

Bosch

A security vulnerability has been uncovered in Telex Remote Dispatch Console Server and the RTS VLink Virtual Matrix Software that allows a remote attacker to achieve RCE. CVSSv3 score of 10
More info.

Hitachi

JP1/IT Desktop Management 2 has been updated to fix a vulnerability in Apache XMLBeans. CVSSv3 score of 9.1
Note that this vulnerability is from 2021.
More info.

SolarWinds

SolarWinds Platform 2025.2 contains multiple vulnerabilities, including a DoS from OpenSSH. Highest CVSSv3 score of 7.5
More info.

CoreDNS

A Denial of Service (DoS) vulnerability was discovered in the CoreDNS DNS-over-QUIC (DoQ) server implementation.
More info.

Trend Micro

Trend Micro Apex One updates fix several security vulnerabilities, including an uncontrolled search path vulnerability that allows a remote attacker to inject malicious code leading to arbitrary code execution on affected installations. Highest CVSSv3 score of 8.8
More info.

Hugging Face

The LLaVA-NeXT project suffers from a sensitive information disclosure due to a hardcoded HuggingFace token with privileged permissions exposed. By exploiting this information, a remote attacker could conduct supply chain attacks and compromise the affected HuggingFace's organizations to perform malicious operations.
More info.

Linux

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the microcode and systemd. More info.
Mageia has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts
Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

About the author

michele654

michele654

Subscribe to updates from author Unsubscribe to updates from author michele654
Author's recent posts
More posts from author

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/