Quarterly Patches are out for Splunk, and will be out shortly for Oracle. New Alerts for TAI, MB Connect, Helmholz, Kubernetes, Mbed TLS, BD, Mozilla Firefox, and Linux.
Oracle
Oracle Quarterly Patches are expected out this afternoon. The pre-release lists 329 new security patches, 204 of which are remotely exploitable without authentication. Highest CVSSv3 score listed in the pre-release is 9.8
More info.
Splunk has published their Quarterly Patches, with 12 bulletins, 4 rated High and 8 rated Medium. Highest CVSSv3 score of 8.8
More info.
An SQL injection vulnerability exists in TAI Smart Factory's QPLANT that could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query. CVSSv3 score of 9.8
No patches yet.
More info.
Multiple vulnerabilities exist in MB Connect products. Highest CVSSv3 score of 9.8
More info. And here. And here.
Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access. Highest CVSSv3 score of 8.4
More info.
A security issue was discovered in Kubernetes where an remote attacker may be able to ssh to a node VM which uses a VM image built with the Kubernetes Image Builder project. For images built with the Proxmox provider, this issue has been rated Critical, CVSSv3 score of 9.8
More info. and here. And here.
BD has published security updates for IDM, Pyxis, CCE, and Alaris, all rated Critical.
More info.
Mbed-TLS contains a buffer underrun vulnerability.
More info.
Mozilla has updated Firefox to fix a vulnerability rated High.
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.