Microsoft Azure Cosmos DB guidance has been released after a misconfiguration had been fixed for the Azure cloud. This page explains how to roll and regenerate certificate keys and how to secure access to data in Azure Cosmos DB.

Sources: docs.microsoft.com

There are multiple cross cite scripting vulnerabilities in Cacti 1.2.12. The affected systems are reports_admin.php, data_queries.php, datat.ph_inpup, graph_templates.php, graphs.php, reports_admin.php and data_input.php.

Sources: nvd.nist.gov

There is a vulnerability to cross-site scripting for IBM Maximo Asset Management 7.6.0 and 7.6.1. This vulnerability could lead to disclosure of private credentials.

Sources: nvd.nist.gov

Cisco released security updates for multiple products that addressed vulnerabilities that could allow a threat actor to take control of an affected system. The products include Cisco Application Policy Infrastructure Controller Arbitrary File, BlackBerry QNX-2021-001, Cisco NX-OS Software VXLAN OAM (NGOAM), Cisco NX-OS Software MPLS OAM, Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP, Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge, Cisco Application Policy Infrastructure Controller and Cisco Application Policy Infrastructure Controller App.

Sources: tools.cisco.com

OpenZepplin has vulnerabilities that affect certain versions of TimelockController that could allow an attacker to escalate privileges.

Sources: github.com

VMware released security updates for multiple products to prevent an attacker from being able to take control of an affected system.

Sources: vmware.com

OpenSSL released a security update for version 1.1.1k to address vulnerabilities that could lead to a denial-of-service condition.

Sources: openssl.org

F5 released a security advisory for multiple versions of BIG-IP and BIG-IQ.

Sources: support.f5.com

CISA released five Pulse Secure-related MARs (malware analysis report).

Sources: us-cert.cisa.gov