Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of November 28 - December 4. Sign up to get these updates right to your inbox!
December 03, 2021
December 02, 2021
December 01, 2021
CISA
CISA added five more vulnerabilities to its Known Exploited Vulnerabilities Catalog. These are vulnerabilities that are actively being exploited.
Sources:CISA,
CISA
Qualcomm
Qualcomm has an improper input validation vulnerability that can lead to memory corruption due to improper check to return error when a user requests memory allocation of a large size in eight Snapdragon products.
Sources:CISA,
Qualcomm
Apache
Versions 2.4.48 and before of the Apache HTTP server are vulnerable to path traversal and remote code execution vulnerabilities.
Sources:Apache,
NetApp,
NIST
MikroTik
Versions of MikroTik RouterOS through 6.42 have a path traversal vulnerability in the WinBox interface.
Sources:MikroTik,
GitHub,
CISA
Fortinet
Certain versions of FortiClientWindows and FortiClientEMS could allow an attacker to perform a DLL Hijack attack on affected devices due to a search path vulnerability.
Sources:Fortinet,
NIST
November 30, 2021
Trend Micro
Trend Micro Antivirus for Mac 2021 v11 has an improper access control privilege escalation vulnerability.
Sources: