New Vulnerabilities Wednesday 15 June


Monthly Patches are out for Microsoft and Adobe. New Alerts for AUMA, Hitachi Energy, Citrix, Salt, and Linux. Palo Alto Monthly Patches are expected out this afternoon.

Microsoft 

Microsoft Monthly Patches are out, with 60 patched vulnerabilities, 3 rated Critical. This includes a patch for the "Follina" MSDT vulnerability. Highest CVSSv3 score of 9.8
More info. And here. And here.

A vulnerability affecting Windows Network File System allows a remote attacker to perform remote code execution. This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. CVSSv3 score of 9.8
More info.

Microsoft has also updated Edge with the latest Chromium security fixes.
More info.

Adobe 

Adobe has published their Monthly Patches, with bulletins for Animate, Bridge, Illustrator, InCopy, InDesign, and RoboHelp Server. All the updates but RoboHelp Server patch Critical vulnerabilities that allow arbitrary code execution. Highest CVSSv3 score of 7.8
More info.

AUMA 

Improper buffer restrictions in the webserver used in SIMA Master Station software may allow a remote attacker to stop the cyclic program on the device and cause a DoS. CVSSv3 score of 8.6
More info.

Hitachi Energy 

Hitachi Energy has fixed a vulnerability in the Actbar2.ocx module that affects the PROMOD IV product. An attacker who successfully exploited this vulnerability could delete arbitrary files once the system is compromised. CVSSv3 score of 9.3
Note the CVE is from 2010.
More info.

Citrix 

Vulnerabilities have been discovered in Citrix Application Delivery Management that could result in corruption of the system by a remote attacker leading to the reset of the administrator password at the next device reboot and temporary disruption of the ADM license service.
More info.

Salt

A critical vulnerability has been discovered in Salt, with expected patches available on June 21st.
More info.

Linux 

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel and microcode. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Find Out More

© Computer Network Defence Limited 2022