New Alerts for Google Chrome, Mozilla, MICROSENS, ControlID, Kaleris, GitLab, and Linux.
MICROSENS
MICROSENS NMP Web+ contains several vulnerabilities, including Use of Hard-coded, Security-relevant Constants and Insufficient Session Expiration. These could allow a remote attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. Highest CVSSv4 score of 9.3
More info.
ControlID iDSecure On-premises contains authentication, SQL Injection, and SSRF vulnerabilities. Highest CVSSv4 score of 9.3
More info.
Kaleris Navis N4 contains two vulnerabilities, including Deserialization of Untrusted Data and Cleartext Transmission of Sensitive Information. A remote attacker can make specially crafted requests to execute arbitrary code on the server. Highest CVSSV4 score of 9.3
More info.
Google has updated Chrome for Desktop to fix 11 security vulnerabilities.
More info.
Microsoft is aware. More info.
Mozilla has published 3 bulletins rated High for Firefox and Firefox ESR.
More info.
GitLab has published a patch release that fixes 5 vulnerabilities, 3 rated Medium and 2 rated Low. Highest CVSSv3 score of 6.5
More info.
SUSE has updated the kernel. More info.
Security Wizardry Cyber Threat Intelligence - The Radar Page
Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page