This week we have 23 vendor disclosures from Broadcom (6), FortiGuard Labs (9), HMS, Honeywell, HP, Insyde (2), OPC Foundation (2), and Philips. We have five researcher reports for vulnerabilities in products from Sante. Finally, we have an exploit report for products from FortiGuard.
Advisories
Broadcom Advisory #1 - Broadcom published an
advisory that discusses a cleartext transmission of sensitive information
vulnerabilities in multiple Brocade products.
Broadcom Advisory #2 - Broadcom published an
advisory that discusses an HTTP request/response smuggling vulnerability in
multiple Brocade products.
Broadcom Advisory #3 - Broadcom published an
advisory that discusses an allocation of resources without limit or
throttling vulnerability in multiple Brocade products.
Broadcom Advisory #4 - Broadcom published an
advisory that discusses a data processing error vulnerability in multiple
Brocade products.
Broadcom Advisory #5 - Broadcom published an
advisory that discusses a deserialization of untrusted data vulnerability
in multiple Brocade products.
Broadcom Advisory #6 - Broadcom published an
advisory that discusses a deserialization of untrusted data vulnerability
in multiple Brocade products.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes
an out-of-bounds write vulnerability in their FortiOS and FortiProxy products.
FortiGuard Advisory #2 - FortiGuard published an advisory that describes
an open redirect vulnerability in their FortiNAC product.
FortiGuard Advisory #3 - FortiGuard published an advisory that describes
a use of hard-coded credentials vulnerability in their FortiNAC product.
FortiGuard Advisory #4 - FortiGuard published an advisory that describes
an insufficiently protected credentials vulnerability in their FortiNAC.
FortiGuard Advisory #5 - FortiGuard published an advisory that describes
a weak authentication vulnerability in their FortiNAC product.
FortiGuard Advisory #6 - FortiGuard published an advisory that describes
a cross-site scripting vulnerability in their FortiNAC product.
FortiGuard Advisory #7 - FortiGuard published an advisory that describes
a weak cryptographic algorithm vulnerability in their FortiNAC product.
FortiGuard Advisory #8 - FortiGuard published an advisory that describes
a path traversal vulnerability in their FortiADC product.
FortiGuard Advisory #9 - FortiGuard published an advisory that describes
an OS command injection vulnerability in their FortiADC product.
HMS Advisory - HMS published an
advisory that discusses an authentication bypass by capture replay
vulnerability in their Anybus Wireless Bridge II/Bolt.
Honeywell Advisory - Honeywell published an
end-of-life notice for multiple products.
HP Advisory -HP published an
advisory that discusses eleven vulnerabilities in multiple HP products.
Insyde Advisory #1 - Insyde published an advisory that describes
an out-of-bounds read vulnerability in their InsydeCrPkg.
Insyde Advisory #2 - Insyde published an advisory that
describes an inadequate input validation vulnerability in multiple Intel mobile
platforms.
OPC Foundation Advisory #1 - The OPC Foundation
published an
advisory that describes an improperly controlled sequential memory
allocation vulnerability in their OPC UA .NET Standard Reference Server.
OPC Foundation Advisory #2 - The OPC Foundation
published an
advisory that describes a generation of error message that contains
sensitive information vulnerability in their OPC UA .NET Standard Reference Server.
Philips Advisory - Philips published an advisory that discusses the Windows WinVerifyTrust Signature Validation Vulnerability.
Researcher Reports
Sante Reports - The Zero Day Initiative published reports for five vulnerabilities in the Sante DICOM Viewer Pro.
Exploits
FortiGuard Exploit - Code16 published an exploit for an
unspecified vulnerability in FortiGate-VM64.
For more details about these disclosures, including links to
3rd party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-4-837
- subscription required.
Posts
No comments:
Post a Comment