Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Mozilla, SICK, Hikvision, and Linux.
Microsoft Exploit
Microsoft Monthly Patches are out with fixes for 114 vulnerabilities, 7 of which are Critical and 1 EoP vulnerability being exploited. Highest CVSSv3 score of 9.8
More info. And here. And here.
In their Monthly Patches, Adobe has published updates for Digital Editions, InCopy, Acrobat and Reader, Substance 3D Stager, Dimension, and 3D Designer. All are Critical, with remote and arbitrary code execution. Highest CVSSv3 score of 8.6
More info.
Fortinet Monthly Patches include 21 new Bulletins, 1 rated Critical, 9 rated High, 10 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.3.
More info.
A missing authentication for critical function vulnerability in FortiPresence infrastructure server may allow a remote, attacker to access the Redis and MongoDB instances via crafted authentication requests. CVSSv3 score of 9.3
More info.
Mozilla has published updates for Firefox, Firefox for Android, Focus for Android, Firefox ESR, and Thunderbird, all rated High.
More info.
Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, enabled by factory default with no password. If the password is set, a remote attacker could connect via Telnet. CVSSv3 score of 9.8
More info.
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain admin permission. A remote attacker can exploit the vulnerability by sending crafted messages to the affected devices. CVSSv3 score of 9.1
More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Comments