This week we have 28 vendor disclosures from ABB, Broadcom (2), FortiGuard (5), Hitachi Energy (6), Honeywell, HP (4), HPE (3), Palo Alto Networks (4), Phillips, and Phoenix Contact.
Advisories
ABB Advisory - The ABB security ‘Alerts
and Notifications’ page lists an advisory (or maybe an update) for “ABB
800xA Base 6.0.x, 6.1.x CSLib communication DoS vulnerability”.
Broadcom Advisory #1 - Broadcom published an
advisory that discusses seven vulnerabilities in their Brocade SANnav
product.
Broadcom Advisory #2 - Broadcom published an
advisory that that discusses seven vulnerabilities in their Brocade SANnav
product.
FortiGuard Advisory #1 - FortiGuard published an advisory that describes
a use of password hash with insufficient computational effort vulnerability in
their FortiOS and FortiProxy products.
FortiGuard Advisory #2 - FortiGuard published an advisory that describes
a stack-based buffer overflow vulnerability in their FortiOS product.
FortiGuard Advisory #3 - FortiGuard published an advisory that describes
a stack-based buffer overflow vulnerability in their FortiOS product.
FortiGuard Advisory #4 - FortiGuard published an advisory that describes
a cross-site scripting vulnerability in their FortiOS and FortiProxy products.
FortiGuard Advisory #5 - FortiGuard published an advisory that describes a stack-based buffer
overflow vulnerability in multiple FortiGuard product.
Hitachi Energy Advisory #1 - Hitachi Energy published
an
advisory that describes an improper validation of certificate with host
mismatch vulnerability in their UNEM/ECST product.
Hitachi Energy Advisory #2 - Hitachi Energy published
an
advisory that describes an improper validation of certificate with host
mismatch vulnerability in their FOXMANUN/FOXCST product.
Hitachi Energy Advisory #3 - Hitachi Energy published
an
advisory that describes a relative path traversal vulnerability in their XMC20
product.
Hitachi Energy Advisory #4 - Hitachi Energy published
an
advisory that describes a relative path traversal vulnerability in their FOX61x
product.
Hitachi Energy Advisory #5 - Hitachi Energy published
an
advisory that describes eight vulnerabilities in their UNEM product.
Hitachi Energy Adviosry #6 - Hitachi Energy published
an
advisory that describes eight vulnerabilities in their FOXMAN-UN product.
Honeywell Advisory - Honeywell published an end-of-life
notice for their “T” Series OmniSmart and Signo Readers.
HP Advisory #1 - HP published an
advisory that describes two privilege escalation vulnerabilities in multiple
HP products.
HP Advisory #2 - HP published an
advisory that describes an information disclosure vulnerability in their Advance
Mobile Application.
HP Advisory #3 - HP published an
advisory that discusses two vulnerabilities in multiple HP products.
HP Advisory #4 - HP published an
advisory that discusses an arbitrary code execution vulnerability in multiple
HP products.
HPE Advisory #1 - HPE published an
advisory that discusses two vulnerabilities (one with known exploit) in their
Aruba Networking AirWave Management Platform.
HPE Advisory #2 - HPE published an
advisory that discusses 25 vulnerabilities (17 with known exploits) in
their Unified Topology Manager.
HPE Advisory #3 - HPE published an
advisory that describes an arbitrary code execution vulnerability in their ProLiant
Servers.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their Cortex XDR Agent.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes an insertion of sensitive information into a log
file vulnerability in their GlobalProtect app.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes an improper privilege management vulnerability in
their Cortex XDR Agent.
Palo Alto Networks Advisory #4 - Palo Alto Networks published an advisory that
describes a cross-site scripting vulnerability in their Prisma Cloud Compute
product.
Philips Advisory - Philips published an advisory
that discusses the recent
attacks on the Snowflake cloud platform.
Phoenix Contact Advisory - Phoenix Contact published an
advisory that discusses an unbounded memory growth vulnerability in their FL
MGUARD 1102/1105 products.
For more information on these disclosures, including links
to 3rd party advisories and exploits, see my article at CFSN
Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-6-b93
- subscription required.
No comments:
Post a Comment