This week is a relatively light disclosure week for cyber week. For Part 1 we have 35 bulk disclosures from Broadcom (8), Dassault Systems (5), FortiGuard (17), and HPE (5). We have additional 10 vendor disclosures from Bosch (2), Delta Electronics, Eaton, HP (3), Moxa, Murrelektronik, and Philips.
Bulk Disclosures
Broadcom Advisories
• Brocade
ASCG Vulnerability Disclosures,
• jwt-go
allows excessive memory allocation during header parsing,
• Rocky
Linux Updates in ASCG 3.3.0a (OVA),
• Libexpat:
expat: improper restriction of xml entity expansion depth in libexpat,
• A
flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing,
• Kernel
OVA security updates in ASCG 3.3.0a
Dassault Advisories
• Stored
Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer,
• OS
Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE
platform,
• Stored
Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer,
FortiGuard Advisories
• Authenticated
Heap Overflow in SSL-VPN bookmarks,
• Domain
fronting protection bypass in explicit web proxy,
• FGFM
protocol allows unauthenticated reset of the connection,
• Heap
buffer overflow in websocket,
• Improper
autorization over static files,
• Insertion
of Sensitive 2FA Information in logs and debug command,
• Insertion
of Sensitive Information Into Sent Data Vulnerability in csfd daemon,
• Insufficient
Session Expiration in SSLVPN using SAML authentication,
• Missing
authentication check in OFTP service,
• Multiple
Unchecked Return Value leading to Null Pointer Dereference,
• Open
Redirect and XSS in Web Filter warning page,
• Race
condion in FortiCloud SSO SAML authentication,
• Restricted
CLI command bypass,
• Stack-based
buffer overflow on fortitoken import feature,
• Weak
authentication in WAD/GUI, and
• ZTNA
Server Improper Certificate Validation
HPE Advisories
• HPESBNW04958
rev.1 - HPE Aruba Networking AOS-8 Instant AP and AOS-10 AP, Multiple
Vulnerabilities,
• HPESBHF04952
rev.1 - HPE ProLiant RL300 Gen11 Server, Out-of-Bound Reads Vulnerability,
and
Advisories
Bosch Advisory #1 - Bosch published an
advisory that describes three vulnerabilities in their ctrlX OS Setup application.
Bosch Advisory #2 - Bosch published an
advisory that discusses an allocation of resources without limits or
throttling vulnerability in their Rexroth Fieldbus Couplers.
Delta Advisory - Delta
published an advisory that describes two stack-based buffer overflow
vulnerabilities in their ASDA-Soft product.
Eaton Advisory - Eaton
published an advisory that describes an uncontrolled search path vulnerability
in their Intelligent Power Protector (IPP) software.
HP Advisory #1 - HP published an
advisory that discusses three vulnerabilities in multiple HP product lines.
HP Advisory #2 - HP published an
advisory that discusses two incorrect privilege assignment vulnerabilities
in multiple product lines using Sound Research SECOMN64 driver.
HP Advisory #3 - HP published an
advisory that discusses an improper access control for register interface
vulnerability in multiple HP product lines.
Moxa Advisory - Moxa
published an
advisory that describes five vulnerabilities in their Network Security
Appliances and Routers.
Murrelektronik
Advisory - CERT-VDE published an advisory that describes
a clear-text transmission of sensitive information vulnerability in the
Murrelektronik IMPACT67 Pro products.
Philips Advisory -
Philips published an
advisory that discusses CISA Emergency
Directive 26-01.
Posts
No comments:
Post a Comment