CND News and Blog

New Vulnerabilities Wednesday 08 March

Monthly Patches are out for Fortinet. New Alerts for Google Chrome, Moxa, CODESYS, ABB, Apache, Veeam, Ivanti, and Linux.


Google has published a security update for Chrome for desktop that fixes 40 security vulnerabilities.
More info.

Microsoft is aware. More info.


Fortinet Monthy Patches include 15 bulletins, 1 rated Critical, 5 rated High, 8 rated Medium, and 1 Low. Highest CVSSv3 score of 9.3
More info.

A buffer underwrite vulnerability in FortiOS & FortiProxy administrative interface may allow a remote attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. CVSSv3 score of 9.3
More info.


MXsecurity Series contains Hard-coded Credentials, that would allow a remote attacker to bypass authentication for web-based APIs.
More info.


CODESYS V3 products and V3 Runtime System Toolkit are affected by a DoS where crafted requests can cause the affected products to read internally from an invalid address. CVSSv3 score of 7.5
More info.


ABB Substation Management Unit COM600 contains a vulnerability originally reported in September by Hitachi Energy. A malformed dropped upon receipt, but the TCP connection is left open. This may cause a DoS if multiple malformed packets are sent. CVSSv3 score of 5.3
More info.


Some mod_proxy configurations on Apache HTTP Server allow a HTTP Request Smuggling attack. Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. A second vulnerability includes special characters in the origin response header that can truncate/split the response forwarded to the client. CVSSv3 score of 6.5
More info.


Veeam.Backup.Service.exe allows an unauthenticated user to request encrypted credentials. CVSSv3 score of 7.5
More info.


Avalance Premise contains a vulnerability that allows an atacker to overwrite credentials, giving access to a Web Panel. CVSSv3 score of 6.5
More info.


Oracle Linux has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries. - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 24 March 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.