This week we have 16 vendor disclosures from HP (4), HPE (2), Philips, Splunk (5), TRUMPF (3), and WAGO. We also have a vendor update from HPE. We also have two researcher reports for vulnerabilities in products from Zyxel, and TianoCore.
Advisories
HP Advisory #1 - HP published an
advisory that discusses 81 vulnerabilities in their ThinPro products.
HP Advisory #2 - HP published an
advisory that discusses three vulnerabilities in multiple HP products.
HP Advisory #3 - HP published an advisory that discusses
26 vulnerabilities in their Device Manager product.
HP Advisory #4 - HP published an
advisory that discusses three vulnerabilities in their business notebook
PCs and thin client PCs.
HPE Advisory #1 - HPE published an
advisory that discusses nine vulnerabilities in their Superdome Flex,
Superdome Flex 280 and Compute Scale-up Server 3200 Servers.
HPE Advisory #2 - HPE published an
advisory that discusses 23 vulnerabilities in their Unified Mediation Bus
(UMB) product.
Philips Advisory - Philips published an advisory
that discusses two Citrix
NetScaler vulnerabilities.
Splunk Advisory #1 - Splunk published an advisory that
describes an improper access control vulnerability in their Enterprise product.
Splunk Advisory #2 - Splunk published an advisory that
describes an improper input validation vulnerability in their Enterprise and
Cloud Platform products.
Splunk Advisory #3 - Splunk published an advisory that
describes an insertion of sensitive information into log files vulnerability in
their Enterprise product.
Splunk Advisory #4 - Splunk published an advisory that
describes an improper input validation vulnerability in their Enterprise for
Windows product.
Splunk Advisory #5 - Splunk published an advisory that
discusses multiple vulnerabilities in their Enterprise product.
TRUMPF Advisory #1 - CERT-VDE published an advisory that discusses
an integer overflow or wraparound vulnerability in multiple TRUMPF products.
TRUMPF Advisory #2 - CERT-VDE published an advisory that discusses
four vulnerabilities in the TRUMPF Oseon and True Tops Fab products.
TRUMPF Advisory #3 - CERT-VDE published an advisory that discusses
three vulnerabilities in the TRUMPF Oseon product.
WAGO Advisory - CERT-VDE published an advisory that discusses two vulnerabilities in the WAGO e!COCKPIT and WAGO-I/O-Pro products.
Updates
HPE Update - HPE published an update for their OneView advisory that was originally published on January 9th, 2024.
Researcher Reports
Zyxel Report - SSD Secure Disclosure published a
report describing three remote command execution vulnerabilities in earlier
versions of the Zyxel VPN firewall.
TianoCore Report - Quarks Lab published a report
describing nine vulnerabilities in the TianoCore IPv6 network protocol stack of
EDK II.
For more details about these disclosures, including links to
3rd party advisories, researcher reports, and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-1-189
- subscription required.
Posts
No comments:
Post a Comment