Oracle
Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products, 300 of which are remotely exploitable without authentication. Three vulnerabilities have a CVSSv3 score of 10, in Oracle Communications.
More info.
Elcomplus SmartPPT SCADA and SmartPPT SCADA Server contain several vulnerabilities, including Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and XSS. Highest CVSSv3 score of 9.8
More info. And here.
Bosch ctrlX CORE XCR and apps are affected by vulnerable versions of expat, libc and OpenSSL. An attacker might be able to escalate privileges, gain system access or cause a denial of service of the device by successfully exploiting one of the vulnerabilities. Highest CVSSv3 score of 9.8
More info.
A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect which could allow a malicious actor to perform remote code execution within the context of the Service Appliance. This is rated Critical.
More info.
QNAP NAS devices are affected by vulnerabilities in Apache HTTP server, including the HTTP Request smuggling vulnerability. Updates are coming.
More info.
NetApp has published 5 new advisories identifying security vulnerabilities in third-party software included in their products. No patches yet.
More info.
A URL redirection vulnerability in Skyhigh Secure Web Gateway (SWG) allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. CVSSv3 score of 6.1
More info.
SUSE has updated the kernel, git, and others. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.
Comments