Monthly Patches are out for Fortinet. New Alerts for Google Chrome, Moxa, CODESYS, ABB, Apache, Veeam, Ivanti, and Linux.

Google 

Google has published a security update for Chrome for desktop that fixes 40 security vulnerabilities.
More info.

Microsoft is aware. More info.

Fortinet 

Fortinet Monthy Patches include 15 bulletins, 1 rated Critical, 5 rated High, 8 rated Medium, and 1 Low. Highest CVSSv3 score of 9.3
More info.

A buffer underwrite vulnerability in FortiOS & FortiProxy administrative interface may allow a remote attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. CVSSv3 score of 9.3
More info.

Moxa 

MXsecurity Series contains Hard-coded Credentials, that would allow a remote attacker to bypass authentication for web-based APIs.
More info.

CODESYS 

CODESYS V3 products and V3 Runtime System Toolkit are affected by a DoS where crafted requests can cause the affected products to read internally from an invalid address. CVSSv3 score of 7.5
More info.

ABB 

ABB Substation Management Unit COM600 contains a vulnerability originally reported in September by Hitachi Energy. A malformed dropped upon receipt, but the TCP connection is left open. This may cause a DoS if multiple malformed packets are sent. CVSSv3 score of 5.3
More info.

Apache 

Some mod_proxy configurations on Apache HTTP Server allow a HTTP Request Smuggling attack. Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. A second vulnerability includes special characters in the origin response header that can truncate/split the response forwarded to the client. CVSSv3 score of 6.5
More info.

Veeam 

Veeam.Backup.Service.exe allows an unauthenticated user to request encrypted credentials. CVSSv3 score of 7.5
More info.

Ivanti 

Avalance Premise contains a vulnerability that allows an atacker to overwrite credentials, giving access to a Web Panel. CVSSv3 score of 6.5
More info.

Linux 

Oracle Linux has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.