Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Rust, Pepperl+Fuchs, HPE, and Linux.
Microsoft
Microsoft Monthly Patches are out, with 149 vulnerabilities plus chromium vulnerabilities. Three are rated Critical, and 1 is being exploited. Highest CVSSv3 score of 9.0
More info. And here.
Adobe has published updates for After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Animate. Highest CVSSv3 score of 9.
More info. And here.
Fortinet Monthly Patches includes 13 bulletins. Highest CVSSv3 score of 9.4
More info.
A vulnerability in FortiClientLinux may allow a remote attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website. CVSSv3 score of 9.4
More info.
A vulnerability in FortiOS may allow a remote attacker to fingerprint the device version via HTTP requests. CVSSv3 score of 5
More info.
A vulnerability in FortiNAC-F may allow a remote attacker to perform a MitM attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. CVSSv3 score of 4.4
More info.
The Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API. A remote attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands. CVSSv3 score of 10
More info.
Pepperl+Fuchs: ICE2- * and ICE3- * products are affected by multiple vulnerabilities in third-party software. Highest CVSSv3 score of 7.5
No patches yet.
More info.
Security vulnerabilities have been identified in HPE Unified Correlation Analyzer that could be exploited by a remote attacker to allow RCE, DoS, unauthorized access, memory corruption, XML external entity (XXE), and insecure deserialization. Highest CVSSv3 score of 9.8
More info.
SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page