For Part 1 this week we have 34 vendor disclosures from Ads-Tec, Aruba, CONTEC, Fujitsu, HP (5), HPE (7), Insyde (2), Milestone (2), Palo Alto Networks (2), Rockwell (2), Tanzu (7), Texas Instruments, VMware, and WatchGuard.
Advisories
Ads-Tec Advisory - CERT-VDE published an advisory
that discusses 18 vulnerabilities in the ads-tec IRF1000, IRF2000, and IRF3000
firewalls and routers.
Aruba Advisory - Aruba published an
advisory that describes 13 vulnerabilities in their Access Points product.
CONTEC Advisory - JP-CERT published an advisory that
describes five vulnerabilities in the CONTEC SolarView Compact product.
Fujitsu Advisory - Fujitsu published an
advisory that discusses two vulnerabilities addressed in the 2023.2 INTEL Platform
Update.
HP Advisory #1 - HP published an
advisory that discusses 18 vulnerabilities in their products utilizing the AMD
Client UEFI Firmware.
HP Advisory #2 - HP published an
advisory that discusses four vulnerabilities in their products utilizing
the Intel Virtual RAID on CPU.
HP Advisory #3 - HP published an
advisory that discusses two vulnerabilities in their products utilizing the
Intel 2023.2 IPU – BIOS.
HP Advisory #4 - HP published an
advisory that discusses two vulnerabilities in their PC Hardware
Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware.
HPE Advisory #1 - HPE published an
advisory that discusses an exposure of information to wrong sphere
vulnerability in their Proliant DX Servers.
HPE Advisory #2 - HPE published an
advisory that discusses an exposure of information to wrong sphere
vulnerability in their Apollo, XL Servers.
HPE Advisory #3 - HPE published an
advisory that discusses an exposure of information to wrong sphere
vulnerability in their Synergy Servers.
HPE Advisory #4 - HPE published an
advisory that discusses an exposure of information to wrong sphere
vulnerability in their StoreEasy Servers.
HPE Advisory #5 - HPE published an
advisory that discusses 15 vulnerabilities in their ProLiant Gen10 and
Gen10 Plus Servers.
HPE Advisory #6 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DL/ML Servers.
HPE Advisory #7 - HPE published an
advisory that discusses an exposure of information to wrong sphere
vulnerability in their Superdome Flex Servers.
Insyde Advisory #1 - Insyde published an advisory that discusses
an unchecked return value vulnerability in their BIOS PNG decoder libs.
Insyde Advisory #2 - Insyde published an advisory that
describes an insufficient input validation vulnerability in various Intel
Mobile Platforms.
Milestone Advisory #1 - Milestone published an
advisory that describes a remote code execution vulnerability in their Management
Server.
Milestone Advisory #2 - Milestone published an
advisory that describes a remote code execution vulnerability in their
Event Server.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes a file disclosure vulnerability in their PAN-OS.
The vulnerability was reported by Alex Hordijk.
Palo Alto Network Advisory #2 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their PAN-OS
software on Panorama appliances.
Rockwell Advisory #1 - Rockwell published an
advisory that describes nine cross-site scripting vulnerabilities in their ArmorStart®
ST 281E, and 284EE products.
Rockwell Advisory #2 - Rockwell published an
advisory that describes a cross-site request forgery vulnerability in their
FactoryTalk Vantagepoint product.
Tanzu Advisory #1 - Tanzu published an advisory that discusses
an out-of-bounds write vulnerability in multiple Tanzu products.
Tanzu Advisory #2 - Tanzu published an advisory that discusses
an off-by-one error vulnerability in multiple Tanzu products.
Tanzu Advisory #3 - Tanzu published an advisory that discusses
an off-by-one error vulnerability in multiple Tanzu products.
Tanzu Advisory #4 - Tanzu published an advisory that discusses
four vulnerabilities in multiple Tanzu products.
Tanzu Advisory #5 - Tanzu published an advisory that discusses
a use of cryptographically weak PRNG vulnerability in multiple Tanzu products.
Tanzu Advisory #6 - Tanzu published an advisory that discusses
six vulnerabilities in multiple Tanzu products.
Tanzu Advisory #7 - Tanzu published an advisory that discusses
two vulnerabilities in multiple Tanzu products.
Texas Instruments Advisory - Texas Instruments
published an advisory that describes
a missing logic check vulnerability in their Wi-SUN® Stack.
VMware Advisory - VMware published an advisory
that describes four vulnerabilities in their Aria Operations product.
WatchGuard Advisory - WatchGuard published an
advisory that describes an arbitrary file read vulnerability in their
Fireware OS products.
For more details on these disclosures, including links to 3rd
party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-ba5
- subscription required.
Posts
No comments:
Post a Comment