New Alerts for JTEKT, QNAP, Google, Siemens, Xerox, and HPE.
JTEKT
JTEKT TOYOPUC Products contains a Missing Authentication for Critical Function vulnerability, known as "OT:ICEFALL". The vulnerabilities could allow an attacker to change controller configurations, manipulate data, cause a DoS or execute arbitrary machine code. CVSSv3 score of 7.7
More info.
QNAP QTS, QuTScloud, and QuTS hero contain insecure versions of PHP, that would allow a remote attacker to gain remote code execution. CVSSv3 score of 9.8
Note that to be vulnerable the customer needed to install nginx, so QNAP rates this Low.
More info. And here.
Google has updated Chrome for Desktop to fix 14 security fixes. at least 1 rated Critical.
More info.
Microsoft is aware and working for Edge. More info.
SIMATIC WinCC OA implements client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. CVSSv3 score of 9.8
More info.
Xerox has updated the Oracle software in FreeFlow Print Servers.
More info.
A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. CVSSv3 score of 3.7
More info.