CND News and Blog

New Vulnerabilities Wednesday 20 April


Quarterly Patches are out for Oracle. Alerts for Elcomplus, Bosch, Mitel, QNAP, NetApp, McAfee, and Linux.

Oracle

Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products, 300 of which are remotely exploitable without authentication. Three vulnerabilities have a CVSSv3 score of 10, in Oracle Communications.
More info.

Elcomplus 

Elcomplus SmartPPT SCADA and SmartPPT SCADA Server contain several vulnerabilities, including Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and XSS. Highest CVSSv3 score of 9.8
More info. And here.

Bosch 

Bosch ctrlX CORE XCR and apps are affected by vulnerable versions of expat, libc and OpenSSL. An attacker might be able to escalate privileges, gain system access or cause a denial of service of the device by successfully exploiting one of the vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Mitel 

A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect which could allow a malicious actor to perform remote code execution within the context of the Service Appliance. This is rated Critical.
More info.

QNAP 

QNAP NAS devices are affected by vulnerabilities in Apache HTTP server, including the HTTP Request smuggling vulnerability. Updates are coming.
More info.

NetApp 

NetApp has published 5 new advisories identifying security vulnerabilities in third-party software included in their products. No patches yet.
More info.

McAfee 

A URL redirection vulnerability in Skyhigh Secure Web Gateway (SWG) allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. CVSSv3 score of 6.1
More info.

Linux 

SUSE has updated the kernel, git, and others. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 25 September 2022

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.