Atlassian released a security advisory due to a remote code execution vulnerability found in the Confluence server and Data Center products.

Sources: Confluence Support, CISA

Illumina Local Run Manager (LRM) contains multiple vulnerabilities, such as path traversal, unrestricted upload of file with dangerous type, improper access control and cleartext transmission of sensitive information.

Sources: Illumina, CISA Advisory

Carrier LenelS2 HID Mercury access panels contain multiple vulnerabilities, such as protection mechanism failure, forced browsing, classic buffer overflow, path traversal and OS command injection.

Sources: Carrier Support Channel, CISA

Mozilla released security updates for Firefox, Firefox ESR and Thunderbird due to vulnerabilities found that could lead to an attacker gaining control of affected systems.

Sources: Firefox, Firefox ESR, Thunderbird, CISA

CISA, the FBI, the Department of Treasury and Financial Crimes Enforcement Network (FinCEN) released a joint CSA on the Karakurt data extortion group.

Sources: Joint CSA on Karakurt, CISA

Microsoft released workaround guidance for a Microsoft Support Diagnostic Tool (MSDT) in Windows "Follina" vulnerability that has been reported to be actively exploited in the wild.

Sources: Microsoft Guidance Report, CISA

The Fuji Electric Alpha7 PC Loader contains a stack-based buffer overflow vulnerability.

Sources: CISA Advisory

Becton, Dickinson and Company (BD) Pyxis contains a not using password aging vulnerability.

Sources: BD, CISA Advisory

Becton, Dickinson and Company (BD) Synapsys contains an insufficient session expiration vulnerability.

Sources: BD, CISA Advisory

Multiple products from Mitsubishi Electric contain vulnerabilities, such as a predictable exact value from previous values vulnerability, which could lead to an attacker hijacking TCP sessions and remote command execution.

Sources: CISA Advisory