Search
Close this search box.

Vulnerability Pulse

Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 21 - 27. Sign up to get these updates right to your inbox!

NOVEMBER 24, 2021

VMware

VMware released security updates for multiple vulnerabilities in vCenter Server and Cloud Foundation that could lead to an attacker gaining sensitive information.

Sources: CISA, VMware

NOVEMBER 23, 2021

Huawei

Six versions of Huawei's FusionCompute contain vulnerabilities, such as a command injection and information leakage.

Sources: Huawei, NIST, Huawei

McAfee

Versions of McAfee Policy Auditor before 6.5.2 have a cross-site scripting vulnerability, which could lead to an attacker gaining login credentials and accessing security applications or executing arbitrary cross-domain requests.

Sources: McAfee, NIST

Dell

Multiple Dell products, such as iDRAC9, Dell EMC Networker and Dell EMC CloudLink, contain vulnerabilities such as SQL injection, improper input validation, stack buffer overflow, improper authorization and OS command injection.

Sources: Dell, Dell, Dell

IBM

Versions 3.0, 3.0.1, 4.0 and 4.1 of IBM Security Guardium Key Lifecycle Manager could allow a remote attacker to gain access to sensitive information, which could be used in future attacks against systems.


Sources: IBM Security, IBM, NIST

NOVEMBER 22, 2021

OX App Suite

OX App Suite through 7.10.5 contains multiple vulnerabilities. These could allow an improper input validation, XSS through JavaScript code, code injection through Java classes in a YAML format, incorrect access control and more.

Sources: NIST, Packet Storm, Seclists

PgBouncer

Versions of PgBouncer 1.16.1 and before use "cert" authentication, which could allow an attacker to inject arbitrary SQL queries.

Sources: PgBouncer, NIST

Rapid7

Versions of Rapid7 Nexpose before 6.6.114 are vulnerable to information exposure, which could lead to an attacker viewing sensitive information.


Sources: Rapid7, NIST

SUBSCRIBE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES