For Part 2 this week we have nine additional vendor disclosures from Dell, HPE (4), Philips, TP-Link (2), and Wireshark. Finally, there are six vendor updates from Broadcom, ELECOM, HP, HPE, and Palo Alto Networks (2).
Advisories
Dell Advisory - Dell published an advisory that discusses 29 vulnerabilities in their ThinOS product. All but two of the vulnerabilities are third-party vulnerabilities.
HPE Advisory #1 - HPE published an advisory that discusses two vulnerabilities in their Telco Universal SLA Management product.
HPE Advisory #2 - HPE published an advisory that discusses the CopyFail vulnerability.
HPE Advisory #3 - HPE published an advisory that discusses eight vulnerabilities (seven have publicly available exploits) in their Unified OSS Console Assurance Monitoring product.
HPE Advisory #4 - HPE published an advisory that describes a privilege escalation vulnerability in their Cray Programming Environment.
Philips Advisory - Philips published an advisory that discusses an F5 Networks heap-based buffer overflow vulnerability.
TP-Link Advisory #1 - TP-Link published an advisory that describes an improper input validation vulnerability in multiple TP-Link Range Extenders products.
TP-Link Advisory #2 - TP-Link published an advisory that describes a generation of error message that contains sensitive information vulnerability in their web management interface of Archer AX72.
Wireshark Advisory - Wireshark published an advisory that describes a dissector crash vulnerability in their ROHC protocol.
Updates
Broadcom Update - Broadcom published an update for their Brocade ASCG advisory that was originally published on January 7th, 2025, and most recently updated on March 3, 2026.
ELECOM Update - JP-CERT published an update for their LAN routers advisory that was originally published on May 12th, 2026.
HP Update - HP published an update for their Intel PROSet/Wireless WiFi Software advisory that was originally published on November 11th, 2025, and most recently updated on April 1st, 2026.
HPE Update - HPE published an update for their Aruba Networking Virtual Intranet Access advisory that was originally published on January 13th, 2026.
PAN Update #1 - PAN published an update for their Cloud Authentication Service advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026.
PAN Update #2 - PAN published an update for their DNS Proxy Server advisory that was originally published on May 13th, 2026, and most recently updated on May15th, 2026.
For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-5-37e - subscription required.
Posts
No comments:
Post a Comment