Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

CoreOS Security Update 38.20230918.3.0 (MINDBREEZE28907)

ID: MINDBREEZE28907 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: November 29, 2023 CVEs: CVE-2023-4016, CVE-2023-4563, CVE-2023-4244, CVE-2023-4911 Summaryps buffer overflowUse-after-free in nft_verdict_dump due to a race between set GC and transactionbuffer overflow in ld.so possibly leading to privilege escalation Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Security Update Chromium Component (MINDBREEZE28567)

ID: MINDBREEZE28567 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 30, 2023 CVEs: CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4431, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4357, CVE-2023-4358, CVE-2023-4362, CVE-2023-4572, CVE-2023-4762, CVE-2023-4763, CVE-2023-4863, CVE-2023-4902, CVE-2023-4904, CVE-2023-4905, CVE-2023-4907, CVE-2023-4909 Summary Security Update Chromium Component

Dell Firmware Update (MINDBREEZE28452)

ID: MINDBREEZE28452 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.3 Medium Status: Final First published: February 8, 2024 CVEs: CVE-2022-40982, CVE-2022-43505 SummaryGather Data Sampling (GDS) (also known as “Downfall”) is a transient execution side-channel vulnerability Insufficient control flow management in the BIOS firmware Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Keycloak Update 22.0.1 (MINDBREEZE28058)

ID: MINDBREEZE28058 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.1 Medium Status: Final First published: October 30, 2023 CVEs: CVE-2022-4361 Summary CVE-2022-4361 keycloak cross-site scripting (XSS) vulnerability in the SAML or OIDC providers Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 23.6 Release

Security Update Chromium Component (MINDBREEZE27958)

ID: MINDBREEZE27958 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: September 29, 2023 CVEs: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-3732, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421 Summary Security Update Chromium Component

CoreOS Security Update 38.20230709.3.0 (MINDBREEZE27758)

ID: MINDBREEZE27758 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: September 29, 2023 CVEs: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-28321, CVE-2023-28322, CVE-2023-2124, CVE-2023-35001, CVE-2023-31248

Less Security Update (MINDBREEZE27757)

ID: MINDBREEZE27757 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final CVEs: CVE-2022-46663 Summary Crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 23.4 Release Mindbreeze InSpire SaaS 23.4 Release

Java Security Update (MINDBREEZE27627)

ID: MINDBREEZE27627 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 20, 2023 CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21937 Summary Java Security Update CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation CVE-2023-21937 OpenJDK: missing string checks for NULL characters Hotfix Information

Dell Bios Update 2.18.1 (MINDBREEZE27623)

ID: MINDBREEZE27623 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: November 23, 2023 CVEs: CVE-2021-38578, CVE-2023-25537 SummaryExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSizeOut of Bounds write vulnerability in Dell PowerEdge BIOS Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Security Update Chromium Component (MINDBREEZE27447)

ID: MINDBREEZE27447 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 20, 2023 CVEs: CVE-2023-2721, CVE-2023-2723, CVE-2023-2724, CVE-2023-2929, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421 Summary Security Update Chromium Component

First page
Previous page
…
2
3
4
5
6
7
8
9
10
…
Next page
Last page