CND News and Blog

New Vulnerabilities Wednesday 09 November


Monthly Patches are out for Microsoft. New Alerts for Intel, Citrix, VMware, Google Chrome, Veeam, Brocade, and Linux.        

Adobe had no Monthly Patches this cycle.    

Palo Alto Network Monthly Patches should be out this afternoon.


Microsoft Exploit

Monthly Patches are out, with 68 vulnerabilities, 10 rated Critical, 1 previously disclosed, and 4 are being exploited in the wild. Highest CVSSv3 score of 8.8
More info. And here. And here.

Intel 

Intel has published 24 new bulletins, highest CVSSv3 score of 8.7
More info.

Improper authentication in the Intel(R) SDP Tool may allow a remote attacker to potentially enable information disclosure. CVSSv3 score of 4.3
More info.

Improper buffer restrictions in the Hyperscan library may allow a remote attacker to potentially enable escalation of privilege. CVSSv3 score of 4.3
More info.

Potential security vulnerabilities in some Intel Chipset Firmware in Intel CSME, Intel AMT and Intel SPS may allow escalation of privilege or DoS. Highest CVSSv3 score of 8.7
More info.

Citrix 

Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC that could allow authenticaion bypass, remote desktop takeover, and brute force of logins. Highest CVSSv3 score of 9.8
More info.

VMware 

Multiple vulnerabilities in VMware Workspace ONE Assist could allow authentication bypass. Highest CVSSv3 score of 9.8
More info.

Google 

Google has updated Chrome for Desktop to fix 10 security vulnerabilities.
More info.

Microsoft is aware and working on Edge. More info.

Veeam 

A vulnerability was discovered within the Backup Appliance component of Veeam Backup for Google Cloud that allows users to bypass authentication mechanisms. CVSSv3 score of 10.
More info.

Brocade 

A vulnerability in Brocade Fabric OS software could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address. CVSSv3 score of 9.4
More info.

Linux 

Red Hat has updated the firmware and kpatch. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 08 December 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.