This week we have 19 vendor disclosures from ABB, Broadcom, Delta, HP (4), HPE (4), Meinberg, Moxa (2), Supermicro, WAGO (2), WithSecure, and Zyxel. We have two vendor updates from Broadcom and HP. Finally, there are also eleven researcher reports of vulnerabilities in products from ABB (8), Four-Faith (2), and Sensaphone.
Advisories
ABB Advisory - ABB
published an
advisory that describes a use of hard-coded credentials vulnerability (with
publicly available exploit) in their ASPECT Energy Management System.
Broadcom Advisory -
Broadcom published an
advisory that discusses 25 Ivanti product vulnerabilities.
Delta Advisory - Delta published an
advisory that describes a heap-based buffer overflow vulnerability in their
CNCSoft-G2 product.
HP Advisory #1 - HP published an
advisory that describes an improper handling of unexpected data type
vulnerability in their LaserJet Pro Printers.
HP Advisory #2 - HP published an
advisory that discusses two vulnerabilities in their Business Notebook
products.
HP Advisory #3 - HP published an
advisory that describes a path traversal vulnerability in their Poly Edge E
devices.
HP Advisory #4 - HP published an
advisory that describes an improper check for dropped privileges
vulnerability in their Anyware Agent for Linux product.
HPE Advisory #1 - HPE published an
advisory that discusses the BadRAM
vulnerability in their HPE ProLiant Servers. This is a third-party (AMD)
vulnerability.
HPE Advisory #2 - HPE published an
advisory that discusses a protection measure failure vulnerability in their
ProLiant DX Servers.
HPE Advisory #3 - HPE published an
advisory that discusses an incorrect behavior order vulnerability in their ProLiant
DX Servers.
HPE Advisory #4 - HPE published an
advisory that discusses an improper verification of cryptographic signature
vulnerability (with publicly available exploit) in their ProLiant AMD Servers.
Meinberg Advisory -
Meinberg published an
advisory that discusses four vulnerabilities in their LANTIME firmware.
Moxa Advisory #1 - Moxa published an
advisory that describes an improper validation of specified type of input
vulnerability in multiple Moxa switches.
Moxa Advisory #2 - Moxa published an advisory that describes
an out-of-bounds write vulnerability in multiple Moxa switches.
Supermicro Advisory -
Supermicro published an
advisory that discusses an improper verification of cryptographic signature
vulnerability (with publicly available exploit) in unnamed Supermicro products.
WAGO advisory #1 - CERT-VDE published an advisory that discusses
an OS command injection vulnerability in multiple WAGO products.
WAGO Advisory #2 - CERT-VDE published an advisory that
discusses an incorrect calculation of buffer size vulnerability in multiple
WAGO products.
WithSecure Advisory -
WithSecure published an
advisory that describes a denial of service vulnerability in multiple WithSecure
products.
Zyxel Advisory - Zyxel published an advisory that describes three vulnerabilities in multiple legacy DSL CPE models.
Updates
Broadcom Update -
Broadcom published an update for their GridGain Security
advisory that was originally published on October 16th, 2024.
HP Update - HP published an update for their AMD Graphics Driver advisory that was originally published on August 13th, 2024, and most recently updated on October 10th, 2024.
Researcher Report
ABB Reports - Zero
Science published eight
reports about vulnerabilities in the ABB Cylon FLXeon BACnet controller.
Four-Faith Report #1 - VulnCheck published a report
about a use of hard-coded credentials vulnerability in the Four-Faith F3x36
router.
Four-Faith Report #2 - VulnCheck published a report
about a hidden functionality vulnerability in the Four-Faith F3x36 router.
Sensaphone Report - Tyler Butler published a report
that describes a stored cross-site scripting vulnerability (with a publicly
available exploit) in the Sensaphone WEB600 Monitoring System.
Posts
No comments:
Post a Comment