Monthly Patches are out for F5 and Fortinet. New Alerts for Yokogawa, Aruba, OpenSSL, Rockwell Automation, Hitachi Energy, Mozilla, Emerson, and Linux.
F5
F5 Monthly Patches are out, with 43 Security Advisories, and another 10 Security Exposures. One advisory is rated Critical, 17 are rated High, 24 are rated Medium, and 1 Low. Highest CVSSv3 score of 9.8
More info.
Fortinet Monthly Patches are out with 9 bulletins, 1 rated Critical, 2 are rated High, and 6 are rated Medium. Highest CVSSv3 score of 9
More info.
Yokogawa has updated a previous bulletin to include the ProSafe-RS product as vulnerable. Highest CVSSv3 score of 7.5
More info.
Multiple heap overflow vulnerabilities exist with various networking vendors, dubbed TLStorm 2.0. ArubaOS-Switch devices are affected by these vulnerabilities. Exploitation allows for attackers to execute arbitrary code on the affected device. CVSSv3 score of 9.0
More info.
HPE's bulletin here.
Several moderate vulnerabilities in OpenSSL have been patched in the latest updates.
More info.
Rockwell Automation Factory Talk Production Center products contain third-party software that has several vulnerabilities. If exploited, these vulnerabilities could allow RCE, information disclosure, and DoS on FTPC products.
More info.
Hitachi Energy Gatway Station and FACTS Control Platform products are affected by multiple open-source software vulnerabilities. An attacker could eavesdrop on the traffic between network source and destination, gain unauthorized access to information or cause a DoS. Highest CVSSv3 score of 8.1
More info. And here.
Mozilla has published security updates for Firefox and Firefox ESR, rated High.
More info.
Emerson AVENTICS AF2 Series flow sensor with Ethernet communication interface has multiple, specific cybersecurity vulnerabilities. The vulnerabilities may allow attackers to disrupt the embedded web server of the device under very specific circumstances and could allow denial of view functions and possibly exposure of system resources. Highest CVSSv3 score of 5.8
More info.
Oracle Linux has updated the kernel. More info.
Comments