Monthly Patches are out for Fortinet. New Alerts for Google Chrome, Moxa, CODESYS, ABB, Apache, Veeam, Ivanti, and Linux.
Google has published a security update for Chrome for desktop that fixes 40 security vulnerabilities.
More info.
Microsoft is aware. More info.
Fortinet Monthy Patches include 15 bulletins, 1 rated Critical, 5 rated High, 8 rated Medium, and 1 Low. Highest CVSSv3 score of 9.3
More info.
A buffer underwrite vulnerability in FortiOS & FortiProxy administrative interface may allow a remote attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests. CVSSv3 score of 9.3
More info.
MXsecurity Series contains Hard-coded Credentials, that would allow a remote attacker to bypass authentication for web-based APIs.
More info.
CODESYS V3 products and V3 Runtime System Toolkit are affected by a DoS where crafted requests can cause the affected products to read internally from an invalid address. CVSSv3 score of 7.5
More info.
ABB Substation Management Unit COM600 contains a vulnerability originally reported in September by Hitachi Energy. A malformed dropped upon receipt, but the TCP connection is left open. This may cause a DoS if multiple malformed packets are sent. CVSSv3 score of 5.3
More info.
Some mod_proxy configurations on Apache HTTP Server allow a HTTP Request Smuggling attack. Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. A second vulnerability includes special characters in the origin response header that can truncate/split the response forwarded to the client. CVSSv3 score of 6.5
More info.
Veeam.Backup.Service.exe allows an unauthenticated user to request encrypted credentials. CVSSv3 score of 7.5
More info.
Avalance Premise contains a vulnerability that allows an atacker to overwrite credentials, giving access to a Web Panel. CVSSv3 score of 6.5
More info.
Oracle Linux has updated the kernel. More info.