CND News and Blog

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Apple, Phoenix Contact, Linksys, and Linux. Microsoft and Adobe Monthly Patches are out this afternoon. SAP  SAP Monthly Patches include 16 new security notes and 2 updated notes. Of the new security notes, highest CVSSv3 score of 9.1More info. Siemens  Sieme...

New Alerts for BD, IBM, Dell, Xerox, NetApp, and Linux. Tomorrow is Patch Tuesday for at least 5 vendors. BD  BD has published Critical updates for Pyxis, Data Agent, and CCE.More info. IBM IBM has published Critical bulletins for Business Automation Workflow, App Connect Enterprise, Planning Analytics, Operational Decision Manager, watsonx, a...

New Alerts for Microsoft Edge, Crestron, Pixmeo, ASUS, Delta, and Jetty. Microsoft  Microsoft has updated Edge with the latest chromium patches.More info. Crestron  Crestron DM-NAX-8ZSA, DM-NAX-4ZSP, DM-NAX-4ZSA-50 are being updated to fix vulnerabilities in AirPlay Audio SDK. Highest CVSSv3 score of 9.8More info. Pixmeo  OsiriX MD c...

Quarterly Patches are out for F5. Monthly Patches are out for Cisco. New Alerts for Mitel, PostgreSQL, RT-LABS, and Django. F5 F5 Quarterly Patches are out with 12 bulletins, 11 rated High and 1 rated Medium. Highest CVSSv4 score of 9.2More info. Cisco  Cisco has published Monthly Patches with 29 bulletins, 1 rated Critical, 14 rated High, and...

Monthly Patches are out for Google Android, Samsung Semiconductor, and Samsung Android. New Alerts for Google Chrome, Optigo Networks, Ubiquiti, Tenable, OpenBSD, and Linux. Google  Monthly Patches are out for Pixel, with 3 vulnerabilities, plus Android updates.More info.Google has updated Chrome for Desktop to fix 2 security vulnerabilities.M...

Monthly Patches are out for Google Android. New Alerts for TCMAN and IBM. Google  Monthly Patches are out for Android, with 29 vulnerabilities, all rated High, plus Imagination Technologies, Arm, MediaTek, and Qualcomm updates.More info. TCMAN  GIM v11 has been updated to fix 6 security vulnerabilities. Highest CVSSv4 score of 9.3More inf...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for IBM, NetApp, and Linux. Qualcomm  Monthly Patches are out for Qualcomm, with 12 vulnerabilities, 1 rated Critical and the rest High, plus open source software updates. Highest CVSSv3 score of 8.2More info. MediaTek  MediaTek has published Monthly Patches with 6 CVEs, 1 rate...

New Alerts for Microsoft Edge, VMware Tanzu, KUNBUS, Sonicwall, MicroDicom, Dell, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. VMware  Tanzu Greenplum hs been updated to fix several vulnerabilities. Highest CVSSv4 score of 9.1.More info. KUNBUS  KUNBUS Revolution Pi contains several vulne...

New Alerts for Dell, IBM, and Linux. Dell  Dell has published Critical bulletins for APEX Cloud Platform and VxRail.More info. IBM  IBM has published a Critical bulletin for Cognos Analytics.More info. Linux  Oracle Linux has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.sec...

New Alerts for Google Chrome, Mozilla, Tenable, Splunk, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 8 security vulnerabilities.More info. Mozilla  Mozilla has published security updates for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR, all rated High.More info. Tenable  Tenable Identity Exposure has...

New Alerts for Apache Tomcat, SICK, PowerDNS, Ribbon Communications, and IBM. Apache  Tomcat contains an incorrect error handling vulnerability for some invalid HTTP priority headers could result in a DoS.More info. SICK  SICK has identified a DoS vulnerability in picoScan and multiScan. CVSSv3 score of 5.3More info.SICK has found two vul...

New Alerts for SAP (Exploit), Weissemann & Theis, NetApp, IBM, and Linux. SAP Exploit SAP has released out-of-band emergency NetWeaver updates to fix a suspected RCE zero-day flaw actively exploited to hijack servers. CVSSv3 score of 10.More info. And here. Wiesemann & Theis  Com-Server firmware supports the insecure TLS 1.0 and TLS 1....

New Alerts for Microsoft Edge, Johnson Controls, Nice, Planet Technology, Bosch, and Mitsubishi Electric. Microsoft  Microsoft has updated Edge with the latest chromium security fixes.More info. Johnson Controls  Johnson Controls has updated Software House iSTAR Configuration Utility (ICU) tool to fix a vulnerability that allows a remote ...

New Alerts for HPE and Linux. HPE  A security vulnerability in Apache Tomcat has been identified in HPE Telco Service Orchestrator software could allow a remote attacker to achieve RCE. CVSSv3 score of 9.8More info.Security vulnerabilities have been identified in "HPE Telco Network Function Virtual Orchestrator" software. Highest CVSSv3 score ...

New Alerts for Google Chrome, XWiki, Spring Security, Trellix, CODESYS, and Linux. Google  Google has updated Chrome for desktop to fix one security vulnerability.More info.Microsoft is aware. More info. XWiki  XWiki contains a vulnerability that allows a remote attacker to escape from the HQL execution context and perform a blind SQL inj...

New Alerts for Hitachi, HPE, PyTorch, TRUMPF, IBM, and Dell. Hitachi  Multiple vulnerabilities have been found in JP1. Highest CVSSv3 score of 8.1More info. HPE  Security vulnerabilities have been identified in HPE UOCAM that could allow a remote attacker to achieve DoS, Remote Buffer Overflow, and RCE. Highest CVSSv3 score of 9.1More inf...

New Alerts for Microsoft Edge, Tenable Nessus, ASUS, Yokogawa, BD, and NetApp. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info.Tenable Nessus has been updated to fix 3rd party software vulnerabilities. Highest CVSSv3 score of 8.1More info. ASUS  An improper authentication control vulnerability exists in ce...

New Alerts for Apple (Exploit), Cisco, Erlang, Commvault, Tenable, Dell, and Linux. Apple Exploit Apple has published patches for two exploited vulnerabilities in iOS, iPadOS, macOS, tvOS, and visionOS.More info. And here.Cisco Cisco has published 3 new bulletins for Webex App, Secure Network Analytics, and Nexus dashboard. Highest CVSSv3 score of ...

New Alerts for Google Chrome, Mozilla, GE Vernova, Siemens, Lantronix, Growatt, and Linux. Google  Google has updated Chrome for Desktop to fix 2 security vunerabilities.More info.Microsoft is aware. More info. Mozilla  Mozilla has published security updates for Firefox, Thunderbird ESR, and Thunderbird. More info. GE Vernova  GE Ver...

Quarterly Patches are out for Oracle. Monthly Patches are out for Atlassian. New Alerts for Microsoft Edge, Arista, Mitsubishi Electric, Delta Electronics, and Linux. Oracle  Quarterly Patches are out, with 380 security vulnerabilities listed in the pre-release document, with 268 remotely exploitable without authentication. Highest CVSSv3 scor...