This week we have 11 vendor disclosures from ABB, Endress+Hauser, HP (2), HPE (5), Rockwell, and Xerox. We also have eight vendor updates from FortiGuard (2), HP (2), HPE (2), Moxa, and VMware. There are eight researcher reports for vulnerabilities in products from ABB (4), EmbedThis (3), and LAWO. Finally, we have an exploit for products from Rittal.
Advisories
ABB Advisory - ABB published an
advisory that describes an improper verification of cryptographic signature
vulnerability in multiple ABB products.
Endress+Hauser Advisory - CERT-VDE published an advisory that discusses five vulnerabilities in the
Endress+Hauser Netilion Network Insights products.
HP Advisory #1 - HP published an
advisory that discusses six vulnerabilities in their Intel 2024.3 IPU –
Chipset Firmware used in multiple HP product lines.
HP Advisory #2 - HP published an
advisory that discusses the PixieFail vulnerabilities
in the EDK2 NetworkPkg in multiple HP product lines.
HPE Advisory #1 - HPE published an
advisory that discusses 19 vulnerabilities in their HP-UX Common Internet
File System.
HPE Advisory #2 - HPE published an
advisory that discusses an incorrect behavior order vulnerability in their Superdome
Flex and Superdome Flex 280 Servers.
HPE Advisory #3 - HPE published an
advisory that discusses a mirrored regions with different values vulnerability
in their Superdome Flex 280 Servers.
HPE Advisory #4 - HPE published an
advisory that discusses an observable discrepancy vulnerability in their Superdome
Flex 280 Servers.
HPE Advisory #5 - HPE published an
advisory that discusses two improper input valications vulnerabilities in
their HPE Superdome Flex and Superdome Flex 280 servers.
Rockwell Advisory - Rockwell published an
advisory that describes two vulnerabilities in their ThinManager product.
Xerox Advisory - Xerox published an advisory that describes an improper input validation vulnerability in multiple Xerox printers.
Updates
FortiGuard Update #1 - FortiGuard published an update for their SMTP
password ciphertext advisory that was originally published on June 12th,
2024.
FortiGuard Update #2 - FortiGuard published an update for their missing
authentication in fgfmsd advisory that was originally published on October 23rd,
2024.
HP Update #1 - HP published an
update for their PC BIOS Security Updates advisory that was originally
published on August 13th, 2024.
HP Update #2 - HP published an
update for their HP LaserJet Printers advisory that was originally
published on October 2nd, 2024.
HPE Update #1 - HPE published an
update for their Aruba Networking Controller advisory that was originally
published on April 30th, 2024, and most recently updated on June 7th,
2024.
HPE Update #2 - HPE published an
update for their Aruba Networking Controller advisory that was originally
published on February 28th, 2024, and most recently updated on June
7th,l 2024.
Moxa Update - Moxa published an
update for their Cellular Routers, Secure Routers, and Network Security
Appliances advisory that was originally published on October 14th,
2024.
VMware Update - Broadcom published an update for their VMware vCenter Server advisory that was originally published on September 17th, 2024, and most recently updated on September 20th, 2024.
Researcher Reports
ABB Reports - Zero Science Labs published four reports
describing individual vulnerabilities (with publicly available exploits) in the
ABB Cylon Aspect building energy management product.
EmbedThis Reports - Nozomi Networks published three reports
describing vulnerabilities in the EmbedThis GoAhead Web Server.
LAWO Report - SEC Consult published a report that describes a path traversal vulnerability in the LAWO LTC Time Sync device.
Exploits
Rittal Exploit - Johannes Kruchem published an
exploit for improper signature verification and predictable session
identifier vulnerabilities in the Rittal IoT Interface and CMC III Processing
Unit.
Posts
No comments:
Post a Comment