Monthly Patches are out for Fortinet, Siemens, Schneider Electric, and SAP. New Alerts for HPE, Xerox, Citrix, Phoenix Contact, Apache Struts, and Linux.
Fortinet
Fortinet has published their Monthly Patches with 21 bulletins, 1 rated Critical, 7 rated High, 11 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.2
More info.
A heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN allows a remote attacker to execute arbitrary code or commands via specifically crafted requests. CVSSv3 score of 9.2
This is the bulletin reported yesterday.
More info.
An improper permissions, privileges, and access controls vulnerability in FortiNAC may allow a remote attacker to perform a DoS attack on the device via client-secure renegotiation. CVSSv3 score of 7.2
More info.
A NULL pointer dereference vulnerability in FortiOS may allow a remote attacker to crash the SSL-VPN daemon via specially crafted HTTP requests. CVSSv3 score of 7.3
More info.
An improper restriction of excessive authentication attempts in FortiSIEM may allow a remote attacker with access to several endpoints to perform a brute force attack on these endpoints. CVSSv3 score of 8.1
More info.
Siemens Monthly Patches are out with 12 new bulletins and 8 updated bulletins. Highest CVSSv3 score of 9.9
More info.
Multiple vulnerabilities have been identified in the BIOS and Linux kernel of the SIMATIC S7-1500 TM MFP. Highest CVSSv3 score of 9.8
More info. And here.
Several SINAMICS MV products are affected by multiple vulnerabilities in the integrated SCALANCE S615 device. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities were identified in the webserver of Q200 devices. These include CSRF, session fixation, missing secure flags in HTTP cookies and memory corruption issues due to missing input validation that could lead to remote code execution. Highest CVSSv3 score of 9.9
More info.
Schneider Electric Monthly Patches are out with 4 new bulletins and 1 updated bulletin. Highest CVSSv3 score of 7.8
More info.
SAP Security Patch Day includes 8 new Security Notes and 5 updated Notes. Of the new Notes, 2 are rated High, 5 rated Medium, and 1 rated Low. Highest CVSSv3 score of 8.8
More info.
A security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or RCE when running HP Workpath solutions. CVSSv3 score of 9.8
More info.
Xerox has published a security update for FreeFlow Print Server v9 with updates to third-party software included in the product. CVSSv3 score of 9.8
More info.
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller that could allow a remote attacker to compromise the customer-managed ShareFile storage zones controller. CVSSv3 score of 9.1
More info.
The FL MGUARD family of devices is affected by two vulnerabilities, timing oracle in RSA decryption and MAC filtering is not applied to all forwarded packets. Highest CVSSv3 score of 5.9
More info.
Struts has been updated to fix 2 security vulnerabilities, both allowing DoS.
More info.
Oracle Linux has updated the kernel. More info.
Comments