CND News and Blog

New Alerts for BeyondTrust, Rockwell Automation, BD, Xerox, IBM, and Linux. BeyondTrust  A critical vulnerability has been discovered in Privileged Remote Access and Remote Support products which can allow a remote attacker to inject commands that are run as a site user. CVSSv3 score of 9.8More info. Rockwell Automation  PowerMonitor 1000...

New Alerts for Hitachi, SHARP, Apache Tomcat, and Linux. Hitachi  Hitachi has published updates for Infrastructure Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint. Highest CVSSv3 score of 9.4More info. SHARP  SHARP routers contain multiple vulnerabilities. Highest CVSSv3 score of 9.8It appears this is also resold by other...

Monthly Patches are out for PaperCut. New Alerts for Siemens, Dell, NetApp, and Linux.  Siemens  Siemens has published an OOB bulletin for a heap-based buffer overflow in Opcenter, SIMATIC PCS, SINEC NMS, and TIA Portal allowing a remote attacker to conduct RCE. CVSSv4 score of 9.3Not everything is patched.More info. Dell  Dell has p...

New Alerts for Cleo (Exploit), Microsoft, Dell, HPE, Progress, IBM, and Linux. Cleo Exploit An unrestricted file upload and download vulnerability could lead to RCE in Harmony, VLTrader, and LexiCom. This is actively exploited.More info. And here. And here. And here. Microsoft  Deserialization of untrusted data in Microsoft Update Catalog allo...

Quarterly Patches are out for Splunk. Monthly Patches are out for Ivanti. New Alerts for Apple, Tenable, Palo Alto Networks, GitLab, and Linux. Ivanti  Ivanti has joined the second Tuesday Monthly Patch club. Monthly Patches are out with five bulletins, for Cloud Service Application, Desktop and Server Management, Connect Secure and Policy Sec...

Monthly Patches are out for Microsoft, Adobe, and Atlassian. New Alerts for Google Chrome, MOBATIME, Apache Struts, and Linux. Microsoft Exploit Monthly Patches are out with fixes for 71 vulnerabilities, 16 are considered Critical, 1 is being exploited with details publicly available. Highest CVSSv3 score of 9.8More info. And here.Microsoft is awar...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Check Point, Broadcom, and Dell. Monthly Patches for Microsoft and Adobe are expected this afternoon. SAP  Monthly Patches are out, with 9 new Notes and 3 updated Notes. Of the new Notes, 1 is rated Hot News, 2 are rated High, 4 are rated Medium, and 2 are Low. Hi...

New Alerts for Phoenix Contact, SICK, QNAP, Python, IBM, Dell, and Linux. Phoenix Contact  PLCnext Firmware has been updated for Critical vulnerabilities in third-party software. Highest CVSSv3 score of 9.8Moreinfo. And here. SICK  Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. T...

Monthly Patches are out for Google Pixel. New Alerts for Microsoft Edge, Planet Technology, Tenable, NetApp, and Dell. Microsoft  Microsoft has updated Edge with the latest chromium updates and 1 Edge-specific fix.More info. Google  Monthly Patches for Pixel are out, with 14 vulnerabilities, 2 rated Critical, 4 rated High, and 8 rated Mod...

New Alerts for Django, IBM, and Linux. Django  Django has published an update with fixes for 2 security vulnerabilities.More info. IBM  IBM has published a Critical security bulletin for Sterling Secure Proxy. CVSSv3 score of 9.1More info. Linux  Alpine Linux has released 3.21.0. More info. Security Wizardry Cyber Threat Intelligence...

New Alerts for Google Chrome, Moxa, IBM, Dell, Ruijie, and Linux. Google  Google has updated Chrome for Desktop with 4 security fixes.More info. Moxa  Moxa MDS-G4028-L3 and EDS-G512E series are affected by vulnerabilities that could allow unauthorized access. The EDS-G512E series is impacted by a weak SSL/TLS key exchange. Highest CVSSv3 ...

Monthly Patches are out for Google Android and Samsung. New Alerts for Zyxel, ASUS, F5, WAGO, and Linux. Google  Android Monthly Patches are out with 6 vulnerabilities, all rated High, plus patches for Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung  Monthly Patches are out with 8 vulnerabilities, plus Android patches....

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alerts for Acronis and Linux. Qualcomm  Qualcomm Monthly Patches are out with 7 vulnerabilities, all rated High, plus open source software patches. Highest CVSSv3 score of 8.4More info. MediaTek  Monthly Patches are out with 15 vulnerabilities, 1 rated High and...

New Alerts for IBM, B&R Automation, Squid, Jenkins, NetApp, GE Vernova, and Linux. IBM  IBM has published a Critical security bulletin for Security Verify Access Appliance.More info. B&R Automation  An authentication bypass vulnerability exists in several mapp components. CVSSv4 score of 8.4More info. Squid  Squid is vulnerab...

New Alerts for IBM, GitLab, and Linux. IBM  IBM has published Critical security bulletins for Cloud Pak for Network Automation, Maximo Predict, and Analytics Content Hub.More info. GitLab  GitLab has put out an update for 6 security vulnerabities, 1 rated High and 5 rated Medium.More info. Linux  SUSE has updated the kernel. More inf...

New Alerts for HPE, F5, and Synology. HPE  A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. This vulnerability could allow a user to repeatedly fail a password attempt more than the specified number of times. CVSSv3 score of 3.7More info. F5  Vulnerabilities in Qt affect...

New Alerts for HPE, F5, Mozilla, Sprecher Automation, Hitachi Energy, IBM, and Linux. HPE  Security vulnerabilities have been identified in HPE AutoPass License Server (APLS) that could allow a remote attacker to disclose information, bypass authentication, and execute remote code. Highest CVSSv3 score of 8.0More info. F5  F5 has publishe...

New Alerts for Siemens, Trellix, Moxa, IBM, and Linux. Siemens  RUGGEDCOM APE1808 uses Palo Alto Networks PAN-OS. Highest CVSSv4 score of 9.3No patches yet.More info. Trellix  Enterprise Security Manager has been updated to resolve several security vulnerabilities.More info. Moxa  Multiple Moxa Ethernet switches are affected by the s...

New Alerts for Microsoft Edge, BD, Automated Logic, QNAP, mySCADA, NetApp, and Linux.  Microsoft  Microsoft has updated Edge with the latest chromium updates and one Edge-specific fix.More info. BD  BD has implemented October patches from Microsoft into IDM, Pyxis, Data Agent, CCE, and Alaris.More info. Automated Logic  WebCTRL ...

New Alerts for Wireshark, PHP, IBM, and Linux. Wireshark  Two DoS vulnerabilities have been patched in Wireshark.More info. PHP  Several security vulnerabilities have been fixed in the latest versions of PHP.More info. IBM  Critical bulletins have been published for QRadar SIEM, Robotic Process Automation, Planning Analytics Workspac...