This week we have 29 vendor disclosures from Carrier, Dassault Systèmes (4), Eaton, HPE (2), Lenza, Moxa, Palo Alto Networks, QNAP (12), SEL (2), VMware, and Zyxel (2).
Advisories
Carrier Advisory - Carrier published an
advisory that describes an unspecified ‘supply chain’ attack in their LenelS2
products.
Dassault Systèmes Advisory #1 - Dassault Systèmes
published an
advisory that describes a cross-site scripting vulnerability in their
3DExperience product.
Dassault Systèmes Advisory #2 - Dassault Systèmes
published an
advisory that describes a cross-site scripting vulnerability in their
3DExperience product.
Dassault Systèmes Advisory #3 - Dassault Systèmes
published an
advisory that describes a cross-site scripting vulnerability in their
3DExperience product.
Dassault Systèmes Advisory #4 - Dassault Systèmes
published an
advisory that describes a cross-site scripting vulnerability in their 3DExperience
product.
Eaton Advisory - Eaton published an
advisory that discusses the regreSSHion vulnerability.
HPE Advisory #1 - HPE published an
advisory discusses ten vulnerabilities (five with publicly available
exploits) in their UX Secure Shell product.
HPE Advisory #2 - HPE published an
advisory that discusses nine vulnerabilities (four with publicly available
exploits) in their Unified OSS Console Assurance Monitoring (UOCAM) product.
Lenza Advisory - CERT-VDE published an advisory that
discusses an incorrect default permissions vulnerability (with a publicly
available exploit) in their VisiWin 7 Install Directory application.
Moxa Advisory - Moxa published an
advisory that discusses four vulnerabilities (three with publicly available
exploits) in their OnCell 3120-LTE-1 Series advisory.
QNAP Advisory #1 - QNAP published an advisory
that describes a cross-site scripting vulnerability in their Download Station
product.
QNAP Advisory #2 - QNAP published an advisory
that describes an improper certificate validation vulnerability in their QuMagie
product.
QNAP Advisory #3 - QNAP published an advisory
that describes three vulnerabilities in their QTS and QuTS hero products.
QNAP Advisory #4 - QNAP published an advisory
that describes two OS command injection vulnerabilities in their QTS and QuTS
hero products.
QNAP Advisory #5 - QNAP published an advisory
that describes a cross-site scripting vulnerability in their QuLog Center
product.
QNAP Advisory #6 - QNAP published an advisory
that cross-site scripting vulnerability in their Helpdesk product.
QNAP Advisory #7 - QNAP published an advisory
that describes two vulnerabilities in their QTS and QuTS hero products.
QNAP Advisory #8 - QNAP published an advisory
that discusses an out-of-bounds write vulnerability in their QTS and QuTS hero
products.
QNAP Advisory #9 - QNAP published an advisory
that describes an OS command injection vulnerability in their Legacy Versions
of QTS.
QNAP Advisory #10 - QNAP published an advisory
that describes two vulnerabilities in their Video Station product.
QNAP Advisory #11 - QNAP published an advisory
that describes an unquoted search path vulnerability in their QVR Smart Client
product.
QNAP Advisory #12 - QNAP published an advisory
that describes two cross-site scripting vulnerabilities in their Notes Station
3 product.
SEL Advisory #1 - SEL published a new
version announcement that reported three cybersecurity enhancements in
their SEL-5037 SEL Grid Configurator.
SEL Advisory #2 - SEL published a new
version announcement that reported two cybersecurity enhancements in their SEL-5030
acSELerator QuickSet Software.
VMware Advisory - Broadcom published an
advisory that describes an improper input validation vulnerability in the VMware
Fusion product.
Zyxel Advisory #1 - Zyxel published an
advisory that describes seven vulnerabilities in their firewall products.
Zyxel Advisory #2 - Zyxel published an
advisory that describes an OS command injection vulnerability in their APs
and security router devices.
For more information about these disclosures, including
links to 3rd party advisories, researcher reports, and exploits, see my article
at CFSN Detailed Analysis - https://patrickcoyle.substack.com/publish/posts/detail/148616972/share-center
- subscription required.
Posts
No comments:
Post a Comment