For Part 2 we have 28 additional vendor disclosures from HPE (15), Insyde, Kunbus, Palo Alto Networks (10), and Philips.
Advisories
HPE Advisory #1 - HPE published an
advisory that discusses an incorrect execution-assigned permissions
vulnerability in their Intel E810 Series Ethernet Controllers.
HPE Advisory #2 - HPE published an
advisory that discusses an uncontrolled search path element vulnerability
in their Ethernet Adapters.
HPE Advisory #3 - HPE published an
advisory that discusses four vulnerabilities in their Unified OSS Console and
HPE Unified OSS Assurance Monitoring software.
HPE Advisory #4 - HPE published an
advisory that discusses three vulnerabilities in their StoreEasy Servers.
HPE Advisory #5 - HPE published an
advisory that discusses three vulnerabilities in their ProLiant DL/ML/XL,
Alletra, Edgeline and Synergy Servers.
HPE Advisory #6 - HPE published an
advisory that discusses a sequence of processor instructions leads to
unexpected behavior vulnerability in their StoreEasy Servers.
HPE Advisory #7 - HPE published an
advisory that discusses an improper FMS in hardware logic vulnerability in
their HPE StoreEasy Servers.
HPE Advisory #8 - HPE published an
advisory that discusses an improper access control vulnerability in their StoreEasy
Servers.
HPE Advisory #9 - HPE published an
advisory that discusses an execution with unnecessary privileges vulnerability
in their SimpliVity AMD Servers.
HPE Advisory #10 - HPE published an
advisory that discusses two improper input validation vulnerabilities in
their SimpliVity AMD Servers.
HPE Advisory #11 - HPE published an
advisory that discusses an improper access control vulnerability in their ProLiant
DL/ML, Alletra, Apollo, Edgeline, MicroServer and Synergy Servers.
HPE Advisory #12 - HPE published an
advisory that discusses an improper FMS in hardware logic vulnerability in
their ProLiant DL/ML, Alletra, Edgeline and Synergy Servers.
HPE Advisory #13 - HPE published an
advisory that discusses a sequence of processor instructions leads to
unexpected behavior vulnerability in their ProLiant DL/ML, Alletra, Edgeline
and Synergy Servers.
HPE Advisory #14 - HPE published an
advisory that discusses two improper input validation vulnerabilities in
their ProLiant AMD Servers.
HPE Advisory #15 - HPE published an
advisory that discusses an execution with unnecessary privileges
vulnerability in their ProLiant AMD Servers.
Insyde Advisory - Insyde published an advisory that
describes a potential memory leak vulnerability in their InsydeH2O product.
Kunbus Advisory - Incibe-CERT published an
advisory that describes two vulnerabilities in the Kunbus Revolution Pi IIoT
gateway.
Palo Alto Networks Advisory #1 - PAN published an advisory that
describes an improper protection of alternate path vulnerability in their Cortex
XDR Broker VM product.
Palo Alto Networks Advisory #2 - PAN published an advisory
that discusses 32 vulnerabilities in their PAN-OS product. These are
third-party vulnerabilities.
Palo Alto Networks Advisory #3 - PAN published an advisory
that describes a configuration issue with their GlobalProtect Clientless VPN
product.
Palo Alto Networks Advisory #4 - PAN published an advisory
that discusses 20 vulnerabilities in their Prisma Access Browser.
Palo Alto Networks Advisory #5 - PAN published an advisory that
discusses an HTTP request/response smuggling vulnerability with a publicly
available exploit in their Cortex XDR Broker VM product.
Palo Alto Networks Advisory #6 - PAN published an advisory that
describes an improper check for unusual or exceptional condition vulnerability
in their Cortex XDR Agent.
Palo Alto Networks Advisory #7 - PAN published an advisory that
describes an external control of file name or path vulnerability in their
PAN-OS product.
Palo Alto Networks Advisory #8 - PAN published an advisory that
describes an OS command injection vulnerability in their PAN-OS OpenConfig
Plugin.
Palo Alto Networks Advisory #9 - PAN published an advisory that
describes an external control of file name or path vulnerability in their PAN-OS
product.
Palo Alto Networks Advisory #10 - PAN published an advisory that
describes a missing authentication for critical function vulnerability in their
PAN-OS product.
Philips Advisory - Philips published an
advisory that discusses the Veeam man-in-the-middle vulnerability (CVE-2025-23114 not CVE-2025-231104
as reported by Philips).
For more information on these disclosures, including links
to 3rd party advisories, researcher reports and exploits, see my article at
CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-2-3aa
- subscription required.
No comments:
Post a Comment