New Alerts for Nessus, Google Chrome, HPE, WatchGuard, Dover Fueling, Alisonic, OMNTEC, RAISECOM, and Linux.
Nessus
Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 core of 9.8
More info.
Google has updated Chrome for Desktop to fix 5 security vulnerabilities.
More info.
HPE Aruba Networking has released AOS software patches for ArubaAccess Points that address multiple security vulnerabilities. CVSSv3 score of 9.8
More info.
An incorrect authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows a remote attacker to execute restricted management commands. CVSSv3 score of 9.1
More info.
An incorrect authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows a remote attacker to forge communications to affected components. CVSSv3 score of 9.1
More info.
An improper handling of exceptional conditions vulnerability in the WatchGuard Single Sign-On Client on Windows allows a remote attacker to cause a DoS forr the Single Sign-On client, preventing the computer from completing the SSO process by repeatedly issuing malformed commands. CVSSv3 score of 7.5
More info.
ProGauge MAGLINK LX CONSOLE contains several vulnerabilities, including Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, and Authentication Bypass Using an Alternate Path or Channel. Highest CVSSv3 score of 10
More info.
OPW Fuel Management Systems (a subsidiary of Dover Fueling), SiteSentinel contains a missing authentication vulnerability that allows a remote attacker to bypass authentication to the server and obtain full admin privileges. CVSSv4 score of 9.3
More info.
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. CVSSv4 score of 9.3
No patch.
More info.
Proteus Tank Monitoring contains a Missing Authentication vulnerability that allows a remote attacker to perform administrative actions without proper authentication. CVSSv4 score of 9.3
No patch.
More info.
A command injection vulnerability has been identified in the RAISECOM Gateway devices that allows remote attackers to execute arbitrary commands on the system via the web interface.
No patch.
More info. And here.
Ubuntu has updated the kernel. More info.
Comments