New Alerts for TRUMPF, IBM, Lenovo, and Linux. Splunk Quarterly Patches are expected out today.


TRUMPF 

A number of TRUMPF software tools use the OPC UA Server, which contains several vulnerabilities that would allow a remote attacker to send malicious data to the application, resulting in a DoS. CVSSv3 score of 7.5
More info.

IBM 

Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Highest CVSSv3 score of 9.8
More info.

A vulnerability in Apache Commons Configuration affects IBM SPSS Modeler. CVSSv3 score of 9.8
More info.

Lenovo 

Lenovo (IBM) Storage products are affected by a vulnerability in the challenge/response authentication mechanism used for remote support which, under specific conditions, may allow unauthorized access as credentials can be reused on the product's management GUI. CVSSv3 score of 5.6
More info.

Linux 

SUSE has updated the kernel. More info.
Red Hat has updated the kernel and kpatch. More info.
CentOS has updated the kernel and microcode_ctl. More info.

Security Wizardry Cyber Threat Intelligence - The Radar Page


https://radar.securitywizardry.com/

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/mobile-radar.htm

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.
https://www.securitywizardry.com/index.php/the-radar-page/alert-details#alerts