Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 20 April

Quarterly Patches are out for Oracle. Alerts for Elcomplus, Bosch, Mitel, QNAP, NetApp, McAfee, and Linux.


Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products, 300 of which are remotely exploitable without authentication. Three vulnerabilities have a CVSSv3 score of 10, in Oracle Communications.
More info.


Elcomplus SmartPPT SCADA and SmartPPT SCADA Server contain several vulnerabilities, including Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, and XSS. Highest CVSSv3 score of 9.8
More info. And here.


Bosch ctrlX CORE XCR and apps are affected by vulnerable versions of expat, libc and OpenSSL. An attacker might be able to escalate privileges, gain system access or cause a denial of service of the device by successfully exploiting one of the vulnerabilities. Highest CVSSv3 score of 9.8
More info.


A vulnerability has been identified in the Mitel Service Appliance component of MiVoice Connect which could allow a malicious actor to perform remote code execution within the context of the Service Appliance. This is rated Critical.
More info.


QNAP NAS devices are affected by vulnerabilities in Apache HTTP server, including the HTTP Request smuggling vulnerability. Updates are coming.
More info.


NetApp has published 5 new advisories identifying security vulnerabilities in third-party software included in their products. No patches yet.
More info.


A URL redirection vulnerability in Skyhigh Secure Web Gateway (SWG) allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. CVSSv3 score of 6.1
More info.


SUSE has updated the kernel, git, and others. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.

Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries. - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 25 September 2023

Captcha Image

By accepting you will be accessing a service provided by a third-party external to