Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 21 August


New Alerts for CPython, Microsoft GitHub, Jira, Bosch, Mitel, and Linux.

CPython 

A vulnerability in the parse_cookie function could be exploited by sending specially crafted cookie values to trigger significant delays, resulting in a DoS. CVSSv3 score of 7.5
More info. And here.

Microsoft 

GitHub Enterprise Server has been patched to fix 3 vulnerabilities, one of which exposed signed federation metadata XML, allowing a remote attacker to forge a SAML response to provision and/or gain access to a user account with site administrator privileges. Highest CVSSv4 score of 9.5
More info.

Jira 

Reflected XSS and CSRF vulnerabilities exist in Confluence Data Center and Server. CVSSv3 score of 7.1
More info.

Bosch 

A vulnerability in Bosch IP cameras of families CPP13 and CPP14, allows a remote attacker to retrieve video analytics event data. CVSSv3 score of 7.5
More info.

Mitel 

An unauthorized access vulnerability exists in the Legacy Chat component of Mitel MiContact Center Business, which could allow a remote attacker to access sensitive information and send unauthorized messages. CVSSv3 score of 8.1
More info. And here.

Linux 

SUSE has updated the kernel firmware. More info.
Red Hat has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 08 December 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/