Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 15 January


Monthly Patches are out for Microsoft, Adobe, Ivanti, and Fortinet. New Alerts for Google Chrome, Blackberry, Hitachi Energy, HP, Moxa, and Linux. 

Microsoft 0-Day

Monthly Patches are out with 209 vulnerabilities, 12 rated Critical, 3 actively exploited, and 5 have been previously disclosed. Highest CVSSv3 score of 9.8
More info. And here.

Microsoft has updated Edge for the chromium vulnerabilities released 08 January.
More info.

Adobe 

Monthly Patches include updates for Photoshop, Substance3D Stager, Illustrator for iPad, Animate, and Substance3D Designer. Highest CVSSv3 score of 7.8
More info.

Ivanti 

Ivanti Monthly Patches include 3 new bulletins for Avalanche, Application Control Engine, and EPM. Highest CVSSv3 score of 9.8
More info.

Ivanti has released updates for Ivanti Endpoint Manager (EPM) which addresses critical and high vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Fortinet 0-Day

Monthly Patches include 30 new bulletins, 3 rated Critical, 12 rated High, 12 rated Medium, and 3 rated Low. Highest CVSSv3 score of 9.6
More info.

A use of hard-coded cryptographic key vulnerability in FortiSwitch may allow a remote attacker in posession of the key to execute unauthorized code via crafted cryptographic requests.CVSSv3 score of 9.6
More info.

An Authentication Bypass Using an Alternate Path or Channel vulnerability affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. CVSSv3 score of 9.6
This is being exploited in the wild.
More info.

An out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. CVSSv3 score of 9.6
This is being exploited in the wild.
More info.

Google 

Google has updated Chrome for Desktop to fix 16 security vulnerabilities.
More info.

Blackberry 

Multiple vulnerabilities in the TIFF and PCX Image Codecs of the QNX SDP that allow a remote attacker to cause an information disclosure, DoS, or execute code in the context of the process using the image codec. Highest CVSSv3 score of 9.8
More info.

Hitachi Energy 

FOXMAN-UN products contain multiple vulnerabilities, including Authentication Bypass, Heap-based Buffer Overflow, Improper Certificate Validation, Improper Restriction of Excessive Authentication Attempts, Use of Hard-coded Password, and Cleartext Storage of Sensitive Information. Successful exploitation of these vulnerabilities could allow a remote attacker to interact with the services and the post-authentication attack surface. Highest CVSSv3 score of 10
Some patches, some mitigations, some pending patches.
More info.

Moxa 

Moxa's Ethernet switch EDS-508A Series is vulnerable to an authentication bypass. CVSSv4 score of 9.2
More info.

HP 

ThinPro contains security vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Linux 

Rsync has been updated to fix 6 vulnerabilities.
More info.

SUSE has updated the kernel and rsync. More info.
OpenSUSE has updated the kernel and rsync. More info.
Arch Linux has updated rsync. More info.
Debian has updated rsync. More info.
Ubuntu has updated rsync. More info.
Amazon Linux, Amazon Linux 2, and Amazon Linux 2023 have updated rsync. More info. And here. And here.
AlmaLinux has updated rsync. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/