CND News and Blog

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Phoenix Contact, Synology, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Siemens Monthly Patches are out, with 11 new bulletins and 11 updated bulletins. Of the new bulletins, highest CVSSv3 score of 10More info.RUGGEDCOM...

New Alerts for Dell, HPE, and Digi. Tomorrow is Patch Tuesday. Dell  Dell NetWorker vProxy remediation is available for multiple security vulnerabilities that could be exploited. Dell rates this Critical.More info. HPE  Vulnerabilities have been identified in HPE Unified OSS Console Assurance Monitoring that could allow a remote attacker ...

New Alerts for Apple (Exploit), Chirp Systems, Microsoft Edge, QNAP, NetApp, and Linux. Apple Exploit Apple has published updates for Safari, macOS, tvOS, watchOS, and visionOS. At least one vulnerability in each of these products is being actively exploited.More info. Chirp Systems  Chirp Access contains a Hard-coded Credentials vulnerability...

New Alerts for Cisco, Pilz, IBM, Artica, Bosch, and Linux. Cisco  Cisco has published 7 new bulletins, Highest CVSSv3 score of 8.2More info.A vulnerability in the SAML authentication process of Cisco Secure Client could allow a remote attacker to conduct a CRLF injection attack against a user. CVSSv3 score of 8.2More info. Pilz  The PITre...

New Alerts for Apple (0-Day), Nice, Sophos, Moxa, Bosch, Google Chrome, HPE Aruba, and Linux. Apple 0-Day Apple has published updates for iOS fixing 4 vulnerabilities that allow privilege escalation, 2 of which have been exploited.More info. And here. Nice  Linear eMerge E3-Series contains multiple vulnerabilities, including OS command injecti...

Monthly Patches are out for Google Android, Google Pixel, and Samsung Android. New Alerts for Mozilla, Squid, and Linux. Google  Google Monthly Patches for Android are out, with 13 vulnerabilities with 2 rated Critical and 11 rated High, as well as patches for AMLogic, Arm, MediaTek, and Qualcomm. Highest CVSSv3 score of 9.8More info.Google Mo...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Hikvision, Dell, Xerox, and IBM. Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 2 rated Critical, 12 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include 21 vulnerabilities, 12 rated High and ...

New Alerts for SolarWinds, Microsoft Edge, NetApp, Ivanti, and Linux. SolarWinds  SolarWinds has updated Security Event Manager (SEM) to fix vulnerabilities in third-party software as well as one vulnerability in SEM. Highest CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge with the latest chromium patches and one patch...

New Alerts for Cisco, Juniper Networks, BD, Dell, Mitel, IBM, and Linux. Happy Leap Day! Cisco  Cisco has published 5 new bulletins. Highest CVSSv3 score of 8.6More info.Vulnerabilities in the eBGP implementation and handling of MPLS traffic of Cisco NX-OS Software could allow a remote attacker to cause a DoS condition. CVSSv3 score of 8.6More...

New Alerts for Festo, Google Chrome, Meinberg, Hitachi Energy, and HPE/Aruba. Festo  MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 vulnerabilities. Replace XAMPP with Festo Didactic's Factory Control Panel application. Highest CVSSv3 score of 9.8More info. Google  Google has updated Chrome for Desktop t...

New Alerts for Microsoft Azure, Eclipse, SMA, Mitsubishi Electric, and Linux. Microsoft  Microsoft Azure could allow a remote attacker to execute arbitrary code on the system, caused by a search path element flaw in the installation of MCR VSTS CLI. CVSSv3 score of 9.8More info. And here. Eclipse  A vulnerability in Jetty allows a remote ...

New Alerts for Microsoft Edge, WithSecure, HPE, HP, F5, IBM, and Linux. Microsoft  Edge has been updated to fix the latest chromium-based vulnerabilities.Note the normal Edge announcement page doesn't yet show this update.More info. And (maybe) here. WithSecure  A DoS vulnerability was discovered in WithSecure products where the engine sc...

New Alerts for Semtech, Dell, NetApp, WAGO, and Linux. Semtech  Three vulnerabilities affect the Sierra Wireless EM919x and EM929x cellular modules. These vulnerabilities were announced as part of Qualcomm's December Security Bulletin. Highest CVSSv3 score of 7.5More info. Dell  Dell Avamar server, Dell Avamar Virtual Edition and Dell Int...

New Alerts for Progress Kemp, B&R Automation, IBM, HP, Tenable, and Linux. Progress Kemp  LoadMaster and ECS Connection Manager cointain a security vulnerability that allows a remote attacker to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication. CVSSv3 score of 10.More inf...

New Alerts for VMware, CISA ICSNPP, Atlassian, UI, Mozilla, Google Chrome, and Linux. VMware  Arbitrary Authentication Relay and Session Hijack vulnerabilities exist in the deprecated VMware Enhanced Authentication Plug-in. Remove plugin. CVSSv3 score of 9.6More info. CISA  ICSNPP - Ethercat Plugin for Zeek put out by CISA contains 2 vuln...

New Alerts for PostgreSQL (pgjdbc), Mitsubishi Electric, ConnectWise, HPE, Zyxel, and Linux. PostgreSQL  pgjdbc, the PostgreSQL JDBC driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. CVSSv3 score of 10.More info. Mitsubishi Electric  A RCE vulnerability due to Microsoft Message Queuing service on Microsoft Windows exi...

New Alert for BD. BD  BD has updated Care Coordination Engine and Identity Provider Manager to fix vulnerabilities in third-party software.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Securi...

New Alerts for B&R, IBM, Dell, NetApp, Tenable, and Linux. B&R  A vulnerability exists in B&R APROL that allows a remote attacker, with MitM capabilities to manipulate SSH messages and compromise the integrity of connections. CVSSv3 score of 5.9More info. IBM  QRadar Suite Software includes components with known vulnerabilitie...

Monthly Patches are out for Palo Alto Networks. New Alerts for Node.js, Contiki-NG, BD, Squid, HPE, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches include 6 bulletins, 5 rated Medium and 1 rated Informational. Highest CVSSv3 score of 6.3More info. Node.js  A security update for Node.js is available, that includes fixes ...

Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for ISC, Intel, HPE, F5, Google Chrome, and Linux. The Node.js patch publication was pushed off until later today. Microsoft Exploit Microsoft Monthly Patches include 80 patches, 5 rated Critical and 2 being exploited. Highest CVSSv3 score of 9.8More info. And here.Windows SmartS...