New Alerts for Google Chrome, VMware, IBM, Johnson Controls, Aruba, SICK, Haas Automation, Delta Electronics, HEIDENHAIN, curl, and Linux.
Google
Google has updated Chrome for Desktop with fixes for 14 security vulerabilities.
More info.
VMware Cloud Foundation has been updated to correct multiple vulnerabilities, including an RCE in XStream. Highest CVSSv3 score of 9.8
More info.
Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Highest CVSSv3 score of 9.8
More info.
QRadar SIEM includes vulnerable components that may be identified and exploited with automated tools. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8
More info.
Netcool Operations Insight contains fixes for multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Johnson Controls has confirmed a vulnerability impacting CEVAS, a product from CKS. The software does not sufficiently validate user-controllable input and could allow a remote attacker to bypass authentication and retrieve data with specially crafted SQL queries. CVSSv3 score of 10
More info. And here.
Aruba has released patches for ArubaOS that address multiple security vulnerabilities. Highest CVSSv3 score of 9.8
More info.
SICK received a report about a Missing Authentication for Critical Function vulnerability in multiple SICK SIM products. It is possible for remote attacker to invocate the password recovery mechanism to gain access. CVSSv3 score of 9.8
More info.
Haas Controller contains several vulnerabilities that could allow a remote attacker to cause DoS of the production line, damage the tools used in the production line, introduce defects in pieces of the production line, and perform RCE. Highes tCVSSv3 score of 9.8
More info.
Delta Electronics InfraSuite Device Master contains several vulnerabilities, including Deserialization of Untrusted Data, Path Traversal, and Missing Authentication for Critical Function. Successful exploitation of these vulnerabilities could allow a remote attacker to remotely execute code, cause a DoS by remotely deleting files or changing group privileges, and remotely read and write files, all with local administrator privileges. Highest CVSSv3 score of 9.8
More info.
HEIDENHAIN TNC 640 controlling a HARTFORD 5A-65E CNC machine contains an Improper Authentication vulnerability that could allow a remote attacker to cause a loss of sensitive data, manipulation of information, and DoS. CVSSv3 score of 8.1
More info.
curl has published 4 new security bulletins, 2 rated Medium and 2 rated Low.
More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Comments