Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 25 September


New Alerts for Nessus, Google Chrome, HPE, WatchGuard, Dover Fueling, Alisonic, OMNTEC, RAISECOM, and Linux.

Nessus 

Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 core of 9.8
More info.

Google 

Google has updated Chrome for Desktop to fix 5 security vulnerabilities.
More info.

HPE 

HPE Aruba Networking has released AOS software patches for ArubaAccess Points that address multiple security vulnerabilities. CVSSv3 score of 9.8
More info.

WatchGuard 

An incorrect authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows a remote attacker to execute restricted management commands. CVSSv3 score of 9.1
More info.

An incorrect authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows a remote attacker to forge communications to affected components. CVSSv3 score of 9.1
More info.

An improper handling of exceptional conditions vulnerability in the WatchGuard Single Sign-On Client on Windows allows a remote attacker to cause a DoS forr the Single Sign-On client, preventing the computer from completing the SSO process by repeatedly issuing malformed commands. CVSSv3 score of 7.5
More info.

Dover Fueling 

ProGauge MAGLINK LX CONSOLE contains several vulnerabilities, including Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, and Authentication Bypass Using an Alternate Path or Channel. Highest CVSSv3 score of 10
More info.

OPW Fuel Management Systems (a subsidiary of Dover Fueling), SiteSentinel contains a missing authentication vulnerability that allows a remote attacker to bypass authentication to the server and obtain full admin privileges. CVSSv4 score of 9.3
More info.

Alisonic 

Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. CVSSv4 score of 9.3
No patch.
More info.

OMNTEC 

Proteus Tank Monitoring contains a Missing Authentication vulnerability that allows a remote attacker to perform administrative actions without proper authentication. CVSSv4 score of 9.3
No patch.
More info.

RAISECOM Exploit

A command injection vulnerability has been identified in the RAISECOM Gateway devices that allows remote attackers to execute arbitrary commands on the system via the web interface.
No patch.
More info. And here.

Linux 

Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 04 October 2024

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/