This is a busy Saturday after the 2nd Tuesday. For Part 1 this week we have five OpenSSL 3.0 vendor disclosures from Carrier, Draeger, Eurotech, Palo Alto Networks, and QNAP. There are 23 other vendor disclosures from Aiphone, Belden, Broadcom (9), Carrier, Fujitsu, GE Gas Power, HP, and HPE (8).
OpenSSL 3.0 Disclosures
Carrier published an OpenSSL 3.0 advisory.
Carrier reports that no products are affected.
Draeger published an OpenSSL 3.0 advisory.
Draeger reports that their medical devices are not affected.
Eurotech published an OpenSSL 3.0 advisory.
Eurotech reports that none of their products are affected.
Palo Alto Networks updated their OpenSSL 3.0 advisory.
They report that none of their products are affected.
QNAP published an OpenSSL 3.0 advisory. QNAP reports that their products are not affected.
Other Vendor Disclosures
Aiphone Advisory - Aiphone published an advisory that
describes an information disclosure vulnerability in their GT Entrance Station
product.
Belden Advisory - Belden published an
advisory that discusses two unauthorized access vulnerabilities in their
Provise and Hirschmann network management products.
Broadcom Advisory #1 - Broadcom published an
advisory that discusses an off-by-one error vulnerability in their Brocade
SANnav.
Broadcom Advisory #2 - Broadcom published an
advisory that discusses an infinite loop vulnerability in undisclosed
products (probably Brocade SANnav).
Broadcom Advisory #3 - Broadcom published an
advisory that discusses an out-of-bounds write in their Brocade SANnav
product.
Broadcom Advisory #4 - Broadcom published an
advisory that describes an improper storage of sensitive information
vulnerability in their Brocade SANnav product.
Broadcom Advisory #5 - Broadcom published an
advisory that describes an information exposure vulnerability in their Brocade
SANnav product.
Broadcom Advisory #6 - Broadcom published an
advisory that describes an information exposure vulnerability in their
Brocade SANnav product.
Broadcom Advisory #7 - Broadcom published an
advisory that describes weak key exchange vulnerability in their Brocade
SANnav product.
Broadcom Advisory #8 - Broadcom published an
advisory that describes an information exposure vulnerability in their
Brocade SANnav product.
Broadcom Advisory #9 - Broadcom published an
advisory that describes a remote code execution vulnerability in their
Brocade Fabric OS.
Carrier Advisory - Carrier published an advisory that
discusses the Text4Shell
vulnerability.
Fujitsu Advisory - Fujitsu published an
advisory that discusses eight vulnerabilities in a variety of Fujitsu
products.
GE Advisory - GE Gas Power published an advisory that
discusses “Malware Persistence in VMWare ESXi Hypervisor”.
HP Advisory - HP published an
advisory that describes a privilege escalation vulnerability in the BIOS
for a number of HP products.
HPE Advisory #1 - HPE published an
advisory that discusses an authentication bypass vulnerability in their B-series
SAN Switches.
HPE Advisory #2 - HPE published an
advisory that discusses five vulnerabilities in their B-Series SANnav
Management Portal.
HPE Advisory #3 - HPE published an
advisory that discusses an improper input validation vulnerability in their
Synergy Servers.
HPE Advisory #4 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant Moonshot
Servers.
HPE Advisory #5 - HPE published an advisory
that discusses six vulnerabilities in their ProLiant DL/ML Servers.
HPE Advisory #6 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant BL/DL/ML
Servers.
HPE Advisory #7 - HPE published an advisory that discusses an improper input
validation vulnerability in their Apollo Servers.
HPE Advisory #8 - HPE published an
advisory that discusses an improper input validation vulnerability in their
StoreEasy Servers.
For more details about these advisories, including links to
third-party advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-b51
- subscription required.
Posts
No comments:
Post a Comment