This week we have 22 vendor disclosures from ABB, Beckhoff, BD (2), Bosch (2), Cisco, FortiGuard (3), Frauscher, HPE (3), JTEKT, and Palo Alto Networks (7).
Advisories
ABB Advisory - ABB published an advisory that discusses
the Apache ActiveMQ deserialization of untrusted data vulnerability that is
listed on the CISA Known Exploited Vulnerabilities Catalog.
Beckhoff Advisory – CERT-VDE published an advisory that describes
an open redirect vulnerability in the Beckhoff TwinCAT/BSD product.
BD Advisory #1 - BD published an
advisory that discusses the Windows 7 Operating System End of Life Notice.
BD Advisory #2 - BD published an
advisory that discusses an out-of-bounds
write vulnerability that is listed in the CISA KEV catalog.
Bosch Advisory #1 - Bosch published an
advisory that describes two improper handling of a malformed API request vulnerabilities
in their BT software products
Bosch Advisory #2 - Bosch published an
advisory that describes a command injection vulnerability in their Bosch IP
Cameras.
Cisco Advisory - Cisco published an
advisory that discusses the recent Apache
Struts vulnerability.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes
a use of externally controlled format string vulnerability in their FortiOS,
FortiProxy and FortiPAM products.
FortiGuard Advisory #2 - FortiGuard published an advisory that
describes an improper access control vulnerability in their FortiOS and
FortiProxy products.
FortiGuard Advisory #3 - FortiGuard published an advisory that describes
a double free vulnerability in their FortiOS and FortiPAM HTTPSd daemon.
Frauscher Advisory - CERT-VDE published an advisory
that describes a code injection vulnerability in the Frauscher FDS102 for
FAdC/FAdCi.
HPE Advisory #1 - HPE published an
advisory that discusses seven vulnerabilities in their Cray Programming
Environment.
HPE Advisory #2 - HPE published an
advisory that discusses six vulnerabilities in their Intelligent Management
Center (iMC) product.
HPE Advisory #3 - HPE published an
advisory that discusses 14 vulnerabilities in their Virtualized
Telecommunication Management Information Platform (vTeMIP) application.
JTEKT Advisory - JTEKT published an advisory
that describes four uncontrolled resource consumption vulnerabilities in their HMI
GC-A2 series products.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their
PAN-OS products.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes a weakness introduced during design vulnerability
in their PAN-OS product.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an unrestricted upload of file with dangerous type
vulnerability in their PAN-OS product.
Palo Alto Networks Advisory #4 - Palo Alto Networks
published an
advisory that describes an argument injection vulnerability in their PAN-OS
product.
Palo Alto Networks Advisory #5 - Palo Alto Networks
published an
advisory that describes an OS command injection vulnerability in their PAS-OS
product.
Palo Alto Networks Advisory #6 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their PAN-OS product.
Palo Alto Networks Adviosry #7 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their
PAN-OS product.
For more details about these disclosures, including links to 3rd party advisories, vendor advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-9fa https://tinyurl.com/yty8yuyt- subscription required.
Posts
No comments:
Post a Comment