Monthly Patches are out for Microsoft, Adobe, Ivanti, and Fortinet. New Alerts for Google Chrome, Blackberry, Hitachi Energy, HP, Moxa, and Linux.
Microsoft 0-Day
Monthly Patches are out with 209 vulnerabilities, 12 rated Critical, 3 actively exploited, and 5 have been previously disclosed. Highest CVSSv3 score of 9.8
More info. And here.
Microsoft has updated Edge for the chromium vulnerabilities released 08 January.
More info.
Monthly Patches include updates for Photoshop, Substance3D Stager, Illustrator for iPad, Animate, and Substance3D Designer. Highest CVSSv3 score of 7.8
More info.
Ivanti Monthly Patches include 3 new bulletins for Avalanche, Application Control Engine, and EPM. Highest CVSSv3 score of 9.8
More info.
Ivanti has released updates for Ivanti Endpoint Manager (EPM) which addresses critical and high vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Monthly Patches include 30 new bulletins, 3 rated Critical, 12 rated High, 12 rated Medium, and 3 rated Low. Highest CVSSv3 score of 9.6
More info.
A use of hard-coded cryptographic key vulnerability in FortiSwitch may allow a remote attacker in posession of the key to execute unauthorized code via crafted cryptographic requests.CVSSv3 score of 9.6
More info.
An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. CVSSv3 score of 9.6
This is being exploited in the wild.
More info.
An out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. CVSSv3 score of 9.6
This is being exploited in the wild.
More info.
Google has updated Chrome for Desktop to fix 16 security vulnerabilities.
More info.
Multiple vulnerabilities in the TIFF and PCX Image Codecs of the QNX SDP that allow a remote attacker to cause an information disclosure, DoS, or execute code in the context of the process using the image codec. Highest CVSSv3 score of 9.8
More info.
FOXMAN-UN products contain multiple vulnerabilities, including Authentication Bypass, Heap-based Buffer Overflow, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, and Cleartext Storage of Sensitive Information. Successful exploitation of these vulnerabilities could allow a remote attacker to interact with the services and the post-authentication attack surface. Highest CVSSv3 score of 10
Some patches, some mitigations, some pending patches.
More info.
Moxa's Ethernet switch EDS-508A Series is vulnerable to an authentication bypass. CVSSv4 score of 9.2
More info.
ThinPro contains security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Rsync has been updated to fix 6 vulnerabilities.
More info.
SUSE has updated the kernel and rsync. More info.
OpenSUSE has updated the kernel and rsync. More info.
Arch Linux has updated rsync. More info.
Debian has updated rsync. More info.
Ubuntu has updated rsync. More info.
Amazon Linux, Amazon Linux 2, and Amazon Linux 2023 have updated rsync. More info. And here. And here.
AlmaLinux has updated rsync. More info.