This week we have 12 vendor disclosures from Aruba Networks, Commend, Moxa, Omron, QNAP (5), SEL, VMware (2), and Western Digital. There are four vendor updates from Cisco and HP (3). We also have three researcher reports of vulnerabilities for products from Lenovo. Finally, we have five exploits for Petrol Pump (3), RAD, and Solar-Log.
Advisories
Aruba Advisory - Aruba published an
advisory that describes seven vulnerabilities in their ArubaOS products.
Commend Advisory - Commend published an
advisory that describes three vulnerabilities in their WS-TM monitor firmware.
Moxa Advisory - Moxa published an
advisory that describes a stack-based buffer overflow vulnerability in
their NPort W2150A/W2250A Series web server.
Omron Advisory - Omron published an
advisory that describes a path traversal vulnerability in their NJ/NX-series
Machine
Automation Controllers.-
QNAP Advisory #1 - QNAP published an advisory that
describes a path traversal vulnerability in their Photo Station product.
QNAP Advisory #2 - QNAP published an advisory that
describes two vulnerabilities in their QTS, QuTS hero, and QuTScloud products.
QNAP Advisory #3 - QNAP published an advisory that describes
a cross-site scripting vulnerability in their Network & Virtual Switch
products.
QNAP Advisory #4 - QNAP published an advisory that
discusses four vulnerabilities in their QuMagie Mobile 2.2.x for Android
product.
QNAP Advisory #5 - QNAP published an advisory that
describes three vulnerabilities in their QTS, QuTS hero, QuTScloud, and
myQNAPcloud products.
SEL Advisory - SEL published an
announcement that the latest version of their SEL-5030 acSELerator QuickSet
Software addresses a number of undescribed cybersecurity issues.
VMware Advisory #1 - VMware published an
advisory that describes four vulnerabilities in their ESXi, Workstation,
and Fusion products.
VMware Advisory #2 - VMware published an
advisory that describes a partial information disclosure vulnerability in
their VMware Cloud Director product.
Western Digital Advisory - Western Digital published an advisory that describes a DLL hijacking vulnerability in their SanDisk PrivateAccess product.
Updates
Cisco Update - Cisco published an
update for their cURL advisory that was originally published on October 12th,
2023 and most recently updated on February 21st, 2024.
HP Update #1 - HP published an
update for their UC software advisory that was originally published on
January 9th, 2024.
HP Update #2 - HP published an
update for their UC software advisory that was originally published on
January 8th, 2024.
HP Update #3 - HP published an update for their UC Software advisory that was originally published on January 9th, 2023 and most recently updated on February 9th, 2024.
Researcher Reports
Lenovo Report #1 - Binarly published a report
describing an unsanitized arguments vulnerability in the Lenovo J1CN38WW.
Lenovo Report #2 - Binarly published a report
describing an out-of-bounds write vulnerability in the Lenovo J1CN38WW.
Lenovo Report #3 - Binarly published a report describing an out-of-bounds write vulnerability in the Lenovo J1CN38WW.
Exploits
Petrol Pump Exploit #1 - Shubham Pandey published an
exploit for two cross-site scripting vulnerabilities in the Petrol Pump management
software.
Petrol Pump Exploit #2 - Shubham Pandey published an
exploit for an SQL injection vulnerability in the Petrol Pump management
software.
Petrol Pump Exploit #3 - Shubham Pandey published an
exploit for a shell upload vulnerability in the Petrol Pump management
software.
RAD Exploit - Branko Milicevic published an exploit for a directory traversal
vulnerability in the RAD SecFlow-2 devices.
Solar-Log Exploit - Mesut Cetin published an exploit
for a cross-site scripting vulnerability in the Solar-Log 200 PM+ product.
For more details about these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-205 - subscription required.
Posts
No comments:
Post a Comment