This is a busy cyber disclosure week. For Part 1 we have bulk vendor disclosures from FortiGuard (11), and Splunk (13). There are 15 additional vendor disclosures from ABB (2), CODESYS, Eaton, GE Vernova, Hitachi, HMS (2), HP (3), and HPE (4).
Advisories
Bulk Vendor Disclosures – FortiGuard
• Authentication Lockout
Bypass via Race Condition,
• Buffer Overflow in LLDP
OUI field,
• Buffer overflow via
fgtupdates service,
• Format string
vulnerability in fazsvcd,
• Lack of TLS Certificate
Validation during initial SSO Authentication,
• OS command injection on
vmimages update feature,
• Privilege escalation using
undocumented CLI command,
• SQL injection in jsonrpc
api,
• XSS in LDAP server option,
and
• Shell command limitation
bypass by SSH local config overriding.
Bulk Vendor Disclosures – Splunk
• Third-Party Package
Updates in Splunk AppDynamics Analytics Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics Database Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics NodeJS Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics Java Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics Private Synthetic Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics Machine Agent - March 2026,
• Third-Party Package
Updates in Splunk AppDynamics On-Premises Enterprise Console - March 2026,
• Third-Party Package
Updates in Splunk Enterprise - March 2026,
• Sensitive
Information Disclosure in Discover Splunk Observability Cloud app for Splunk
Enterprise,
• Sensitive
Information Disclosure in MongoClient logging channel in Splunk Enterprise,
• Sensitive
Information Disclosure through Improper Access Control in Splunk Enterprise,
• Stored Cross-Site
Scripting (XSS) through Path Traversal in Splunk Enterprise.
ABB Advisory #1 - ABB published an
advisory that describes three vulnerabilities in their AWIN Gateways
products.
ABB Advisory #2 - ABB published an
advisory that discusses an out-of-bounds write vulnerability in their AC500
V3 product.
CODESYS Advisory -
CODESYS published an
advisory that describes a TOCTOU race condition vulnerability in their
Installer product.
Eaton Advisory - Eaton
published an
advisory that describes a storing passwords in a recoverable format
vulnerability in their EasySoft product.
GE Vernova Advisory -
GE published a security
statement on the US-Iran conflict.
Hitachi Advisory -
Hitachi published an
advisory that discusses an allocation of resources without limit or
throttling vulnerability in their Command Suite product.
HMS Advisory #1 -
HMS published an
advisory that describes four vulnerabilities in their Ewon Flexy and Ewon
Cosy+ gateways.
HMS Advisory #2 - HMS published an
advisory that addresses HMS compliance with the EU
Radio Equipment Directive 3.3.
HP Advisory #1 - HP published an
advisory that discusses six vulnerabilities in multiple HP product lines.
HP Advisory #2 - HP published an
advisory that discusses 43 vulnerabilities in their Device Manager product.
HP Advisory #3 - HP published an
advisory that discusses two vulnerabilities in multiple HP product lines.
HPE Advisory #1 - HPE published an
advisory that discusses an improper handling of values vulnerability in
their Compute Scale-up Server 3200 Platform.
HPE Advisory #2 - HPE published an
advisory that discusses eight vulnerabilities in multiple server products.
HPE Advisory #3 - HPE published an
advisory that discusses a code injection vulnerability in their Telco
Intelligent Assurance product.
HPE Advisory #4 - HPE published an
advisory that describes five vulnerabilities in their Aruba Networking
AOS-CX product.
Posts
No comments:
Post a Comment