For Part 2 this week we have 40 additional vendor disclosures from HPE (19), Insyde, Meinberg, Milestone, Palo Alto Networks (9), SEL, Schneider (4), Westermo (3), and Zyxel.
Advisories
HPE Advisory #1 - HPE published an
advisory that describes an unauthorized file access vulnerability in their Cray
Data Virtualization Service (DVS).
HPE Advisory #2 - HPE published an
advisory that describes an unauthorized file access vulnerability in their Cray
Data Virtualization Service (DVS).
HPE Advisory #3 - HPE published an
advisory that discusses an improper access control vulnerability in their Cray
ClusterStor Data Services.
HPE Advisory #4 - HPE published an
advisory that discusses nine vulnerabilities in their HP-UX Using OpenSSL.
HPE Advisory #5 - HPE published an
advisory that discusses five vulnerabilities in their Unified OSS Console.
HPE Advisory #6 - HPE published an
advisory that discusses a privilege escalation vulnerability in their
Ethernet Adapters Using Intel Ethernet Adapter Complete Driver Pack.
HPE Advisory #7 - HPE published an
advisory that discusses a sensitive information in resource not removed
before reuse vulnerability in ProLiant DL/ML, Alletra, Synergy, and Edgeline
Servers.
HPE Advisory #8 - HPE published an
advisory that discusses an improper FMS in hardware logic vulnerability in
their HPE ProLiant DL/ML, Alletra, Synergy, and Edgeline Servers.
HPE Advisory #9 - HPE published an
advisory that discusses an insufficient flow control management
vulnerability in their ProLiant DL/ML, Alletra, Synergy, and Edgeline Servers.
HPE Advisory #10 - HPE published an
advisory that discusses a denial of service vulnerability in their StoreEasy
Servers.
HPE Advisory #11 - HPE published an
advisory that discusses two vulnerabilities in their HPE StoreEasy servers.
HPE Advisory #12 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DL/ML,
Alletra, Synergy, and Edgeline servers.
HPE Advisory #13 - HPE published an
advisory that discusses two vulnerabilities in their ProLiant DL/ML,
Alletra, Synergy, and Edgeline Servers.
HPE Advisory #14 - HPE published an
advisory that discusses five out-of-bounds write vulnerabilities in their HP-UX
NTP Software.
HPE Advisory #15 - HPE published an
advisory that discusses 10 vulnerabilities (3 have publicly available
exploits) in their Telco IP Mediation Application.
HPE Advisory #16 - HPE published an
advisory that discusses two vulnerabilities in their StoreEasy Servers.
HPE Advisory #17 - HPE published an
advisory that discusses a sensitive information in resource not removed
before reuse vulnerability in their StoreEasy Servers.
HPE Advisory #18 - HPE published an
advisory that discusses an improper FMS in hardware logic vulnerability in
their StoreEasy Servers.
HPE Advisory #19 - HPE published an
advisory that discusses the PixieFail vulnerabilities
in their Cray Servers.
Insyde Advisory - Insyde published an advisory that describes
a factory reset vulnerability in their IHISI function.
Meinberg Advisory - Meinberg published an
advisory that describes three vulnerabilities in their Lantime product.
Milestone Advisory - Milestone published an advisory
that discusses a clear-text transmission of sensitive information vulnerability
in their SQL Client.
Palo Alto Networks Advisory #1 - Palo Alto Networks
published an
advisory that discusses 20 vulnerabilities in their Prisma Access Browser.
Palo Alto Networks Advisory #2 - Palo Alto Networks
published an
advisory that describes a cross-site scripting vulnerability in their
PAN-OS product.
Palo Alto Networks Advisory #3 - Palo Alto Networks
published an
advisory that describes a NULL pointer dereference vulnerability in their GlobalProtect
Gateway product.
Palo Alto Networks Advisory #4 - Palo Alto Networks
published an
advisory that describes a NULL pointer dereference vulnerability in multiple
firewall products.
Palo Alto Networks Advisory #5 - Palo Alto Networks
published an
advisory that describes a path traversal vulnerability in multiple Palo Alto
Networks products.4
Palo Alto Networks Advisory #6 - Palo Alto Networks
published an
advisory that describes a server-side request forgery vulnerability in multiple
Palo Alto Network products.
Palo Alto Networks Advisory #7 - Palo Alto Networks
published an
advisory that describes an improper certificate validation vulnerability in
multiple Palo Alto Networks products.
Palo Alto Networks Advisory #8 - Palo Alto Networks
published an
advisory that describes an improper restriction of XML external entity reference
vulnerability in multiple Palo Alto Networks products.
Palo Alto Networks Advisory #9 - Palo Alto Networks
published an
advisory that describes a NULL pointer dereference vulnerability in multiple
Palo Alto Networks products.
SEL Advisory - SEL published a new version notice for
their SEL-5037 SEL Grid Configurator that describes a security enhancement.
Schneider Advisory #1 - Schneider published an
advisory that describes an uncontrolled resource consumption vulnerability
in their PowerLogic PM5300 series products.
Schneider Advisory #2 - Schneider published an
advisory that describes two vulnerabilities in their Modicon Controllers.
Schneider Advisory #3 - Schneider published an
advisory that describes three vulnerabilities in their Modicon Controllers.
Schneider Advisory #4 - Schneider published an advisory
that describes a missing authorization vulnerability in their EcoStruxure IT
Gateway.
Westermo Advisory #1 - Westermo published an
advisory that discusses two vulnerabilities (with publicly available
exploit code) in their WEos product.
Westermo Advisory #2 - Westermo published an
advisory that describes a stack-based overflow vulnerability in their WEos
product.
Westermo Advisory #3 - Westermo published an
advisory that discusses two vulnerabilities (one with publicly available
exploits) in their WeOS product.
Zyxel Advisory - Zyxel published an
advisory that describes two vulnerabilities in their GS1900 series switches.
For more information on these disclosures, including links
to 3rd party advisories, researcher reports and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-11-96b
- subscription required.
Posts
No comments:
Post a Comment