New Alerts for Apple (0-Day), Nice, Sophos, Moxa, Bosch, Google Chrome, HPE Aruba, and Linux.
Apple 0-Day
Apple has published updates for iOS fixing 4 vulnerabilities that allow privilege escalation, 2 of which have been exploited.
More info. And here.
Linear eMerge E3-Series contains multiple vulnerabilities, including OS command injection, Unrestricted Upload of File with Dangerous Type, Incorrect Authorization, Insufficiently Protected Credentials, Use of Hard-coded Credentials, and Out-of-bounds Write, among others. Highest CVSSv3 score of 10.
More info.
UTM has been updated to fix a Tinyproxy vulnerability and several curl vulnerabilities, dating back to 2021. Highest CVSSv3 score of 7.5
More info.
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service, resulting in DoS. CVSSv3 score of 8.2
More info.
BVMS contains a Device Adapter service that uses an OpenSSL library containing multiple vulnerabilities. These vulnerabilities could lead to command injection or denial of service. Highest CVSSv3 score of 9.8
More info.
Google has updated Chrome for Desktop to fix 3 security vulnerabilities, all rated High.
More info.
HPE ArubaOS and SD-WAN software contain vulnerabilities that allow a remote attacker to conduct DoS or disclose sensitive information, as well as other vulnerabilities requiring authentication. Highest CVSSv3 score of 7.2
More info. And here.
SUSE has updated the linux firmware. More info.
Red Hat has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page