New Alerts for Mitsubishi Electric, IBM, Zyxel, D-Link, Siren, ASUS, and Linux.
Mitsubishi Electric
Several MELSEC IQ products have been added to a previous bulletin. A remote attacker can login to FTP server or Web server due to plaintext storage of passwords. CVSSv3 score of 7.5
More info.
IBM Cloud Pak for Network Automation 2.4.7 fixes multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
IBM Spectrum Discover is vulnerable to multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
IBM Copy Services Manager is vulnerable to remote attacks. Highest CVSSv3 score of 9.8
More info.
IBM Cloud Pak for Security includes components with multiple known vulnerabilities. Highest CVSSv3 score of 10
More info.
Zyxel has released patches addressing a pre-authentication command injection vulnerability in some NAS versions. A Remote attacker could execute OS commands. CVSSv3 score of 9.8
More info.
DAP-2622 has a boundary error in the devices DDP service. This vulnerability can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code on the device.
More info.
Siren Investigate could allow a remote attacker to bypass security restrictions, caused by not invalidating the session keys after user logs out. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions. CVSSv3 score of 9.1
More info.
ASUS has updated several router models to fix multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info. And here.
SUSE has updated the kernel. More info.
Mageia has updated the kernel. More info.
Comments