This week we have five vendor disclosures about the XZ Utils vulnerability from Broadcom, Palo Alto Networks, Philips, QNAP, and WatchGuard. We have fourteen additional vendor disclosures from ABB, BD, Broadcom (2), Cisco, Hikvision, HP, HPE (4), Palo Alto Networks, Philips, and VMWare. There are four vendor updates from Eaton, HP (2), and HPE. We have five researcher reports for vulnerabilities in products from Open Automation Software (4) and Positron. Finally, we have an exploit for products from Petrol Pump.
XZ Utils Advisories
Broadcom published an
advisory that discussed the XZ Utils vulnerability.
Palo Alto Networks published an advisory that
discussed the XZ Utils vulnerability.
Philips published an advisory
that discussed the XZ Utils vulnerability.
QNAP published an advisory
that discussed the XZ Utils vulnerability.
WatchGuard published an advisory that discussed the XZ Utils vulnerability.
Advisories
ABB Advisory - ABB published an
advisory that describes an improper input validation vulnerability in the Virtual
PNI API in their S+ Engineering product.
BD Advisory - BD published an
advisory that discusses an improper privilege management vulnerability in a
number of their products.
Broadcom Advisory #1 - Broadcom published an
advisory that describes an OS command injection vulnerability in their
Brocade Fabric OS product.
Broadcom Advisory #2 - Broadcom published an
advisory that describes an origin validation error vulnerability in their
Brocade Fabric OS product.
Cisco Advisory - Cisco published an
advisory that describes two vulnerabilities in their Emergency Responder
product.
Hikvision Advisory - Hikvision published an advisory
that describes three vulnerabilities in their NVR devices.
HP Advisory - HP published an
advisory that describes an improper access control vulnerability in their CCX
devices.
HPE Advisory #1 - HPE published an
advisory that discusses eight vulnerabilities (three with known exploits)
in their Unified OSS Console Assurance Monitoring product.
HPE Advisory #2 - HPE published an
advisory that discusses ten vulnerabilities in their ProLiant DL/ML/SY/RL/XL/Edgeline
Servers.
HPE Advisory #3 - HPE published an
advisory that describes a privilege escalation vulnerability in their MSA
SAN Storage VSS Provider and CAPI Proxy Software.
HPE Advisory #4 - HPE published an
advisory that describes an unauthorized access to files vulnerability in
their NonStop Web ViewPoint Enterprise software.
Palo Alto Networks Advisory - Palo Alto Networks
published an
advisory that discusses eight third-party vulnerabilities that could be
associated with their Prisma SD-WAN ION product.
Philips Advisory - Philips published an advisory
that discusses a use-after-free vulnerability in multiple Philips products.
VMware Advisory - VMware published an advisory that describes three vulnerabilities in their SD-WAN Edge and SD-WAN Orchestrator products.
Updates
Eaton Update - Eaton published an
update for their Apache Log4j advisory that was originally published on
December 14th, 2021 and most recently updated on January 31st,
2022.
HP Update #1 - HP published an
update for their OfficeJet Pro advisory that was originally published on
March 20th, 2024.
HP Update #2 - HP published an
update for their AMD Graphics Driver advisory that was originally published
on November 21st, 2023.
HPE Update - HPE published an update for their SimpliVity Servers advisory that was originally published on February 15th, 2024.
Researcher Reports
Open Automation Software Reports - Talos published four
reports for individual vulnerabilities in the OAS Platform product.
Positron Report - Zero Science published a report about an authentication bypass vulnerability in the Positron TRA7005 series broadcast signal processor.
Exploits
Petrol Pump Exploit - Sandeep Vishwakarma published an exploit for a file
upload vulnerability in the Petrol Pump Management software.
For more information on these disclosures, including links to 3rd party advisories and exploits, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-3-671 - subscription required.
Posts
No comments:
Post a Comment