For Part 2 we have six additional vendor disclosures from MB Connect, Splunk (4), and Westermo. There are four vendor updates from Hitachi Energy, MB Connect, and Palo Alto Networks (2). Finally, we have two exploits for vulnerabilities in products from Faydam and PX4.
Advisories
MB Connect Advisory - MB Connect published an advisory
that describes a missing authentication for critical function vulnerability in
their mymbCONNECT24 product.
Splunk Advisory #1 - Splunk published an advisory
that discusses seven vulnerabilities in their AppDynamics Smart Agent.
Splunk Advisory #2 - Splunk published an advisory
that discusses three vulnerabilities {one on CISA’s Known Exploited
Vulnerabilities (KEV) catalog} in their Operator for Kubernetes.
Splunk Advisory #3 - Splunk published an advisory
that discusses three vulnerabilities (one with publicly available exploit) in
their UniversalForwarder Docker product.
Splunk Advisory #4 - Splunk published an advisory
that discusses three vulnerabilities (one with publicly available exploit) in
their Splunk Docker product.
Westermo Advisory - Westermo published an advisory that discusses the Misfortune Cookies vulnerabilities in their EDW-100 and EDW-120 serial to Ethernet converters.
Updates
Hitachi Energy Update - Hitachi Energy published an
update for their Intel Chipset Software advisory that was originally
published on February 25th, 2025.
MB Connect Update - MB Connect published an update
for their mymbCONNECT24 advisory that was originally published on December 19th,
2024, and most recently updated on May 22nd, 2025.
Palo Alto Networks Update #1 - PAN published an update for
their GlobalProtect advisory that was originally published on June 11th,
2025.
Palo Alto Networks Update #2 - PAN published an update for their Command Injection Vulnerability advisory that was originally published on June 11th, 2025.
Exploits
Faydam Exploit - Serhat Aydın published an exploit
for an SQL injection vulnerability in the Faydam Datalogger.
PX4 Exploit - Mohammed Idrees Banyamer published an
exploit for a stack-based buffer overflow vulnerability in the PX4 open-source
drone autopilot.
Posts
No comments:
Post a Comment