CND News and Blog

New Alerts for Atlassian, ownCloud, Dell, and Linux. Atlassian  Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian. Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server. Highest C...

New Alerts for Sophos (Exploit), Synology, Phoenix Contact, Mozilla, WithSecure, and Linux. Sophos Exploit Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code. Highest CVSSv3 score of 9.8Exploits have been seen in the wild.More info. Synology  Synology Router Manager...

New Alerts for IBM, HPE, Synology, strongSwan, and Tenable. IBM  QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3...

Quarterly Patches are out for Splunk. New Alerts for Hitachi Energy, Microsoft Edge, Xerox, and Linux. Splunk  Splunk has published their Quarterly Patches, with Splunk and third-party software updates. Highest CVSSv3 score of 9.8More info. Hitachi Energy  Network Manager DMS/OMS products are affected by the Apache ActiveMQ vulnerability....

New Alerts for Red Lion, Wireshark, NetApp, IBM, TRENDnet, NetBSD, and Linux. Red Lion  Sixnet RTU contains two vulnerabilities, Authentication Bypass using an Alternative Path or Channel, and Exposed Dangerous Method or Function. Both have CVSSv3 score of 10.Patches and mitigation instructions.More info. And here. Wireshark  Wireshark ha...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for VMware, Aruba, Google Chrome, Google ChromeOS, Intel, and F5. Microsoft  Microsoft Monthly Patches are out, fixing 64 vulnerabilities, 14 vulnerabilities affecting Microsoft Edge, and 5 vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three vulnerabili...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux. Siemens  Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.Siemens OPC UA Modeling Editor is affected by an XXE injection vuln...

New Alerts for BD, NetApp, and Linux. BD  BD has published security updates for Alaris, Data Agent, and FACSymphony A3/A5/A1More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. Linux  SUSE has upd...

New Alerts for SysAid, Weidmüller, Johnson Controls, Microsoft Edge, and Linux. SysAid  A Patch Traversal vulnerability has been exploited as a 0-day in SysAid On-Prem Software. CVSSv3 score of 9.8More info. Weidmüller  Weidmüller products use WIBU CodeMeter Runtime. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network s...

New Alert for Atlassian. Enjoy the break, in my experience tomorrow/next week will make up for it...  Atlassian  The Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server. CVSSv3 score of 10.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber...

New Alerts for Lanaccess, Softing, Dell, WithSecure, Google Chrome, and Linux. Lanaccess  An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM. This vulnerability could allow a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. CVSSv3 sco...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for GE Gas Power, Hitachi, Dell, and Linux. GE GasPower  GE Gas Power products include the vulnerable web UI feature of Cisco IOS XE Software, although the feature is not on by default. If you turned it on, turn it off.More info. Google  Google Monthly Patch...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Samsung, FRRouting, QNAP, NetApp, Veeam, NextGen Healthcare, and Linux. Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 4 rated Critical, 7 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include ...

New Alerts for Weintek, Franklin Fueling System, Crimson, Microsoft Edge, Moxa, and Linux. Weintek  Weintek EasyBuilder Pro has a Use of Hard-coded Credentials vulnerability that could allow a remote attacker to obtain remote control of a victim's computer as a privileged user. CVSSv3 score of 9.8More info. Franklin Fueling System  Frankl...

New Alerts for Cisco, VMware, IBM, Mitsubishi Electric, Moxa, Hitachi Energy, and Linux. Cisco  Cisco has published 24 new bulletins, 1 rated Critical, 9 rated High, and 14 rated Medium. Highest CVSSv3 score of 9.9.More info.Vulnerabilities in Cisco FTD Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8....

New Alerts for Zavio (Exploit), INEA, Tenable, IBM, Google Chrome, and Linux.     Zavio Exploit Zavio IP Cameras contain several vulnerabilities, including Buffer Overflow and OS Command Injection. Highest CVSSv3 score of 9.8EoL, Zavio is out of business, pick another product and replace.More info. INEA  INEA EME RTU contai...

New Alerts for Atlassian, Hitachi, D-Link, and Linux. Atlassian  An Improper Authorization vulnerability exists in Confluence Data Center and Server. CVSSv3 score of 9.1More info. Hitachi  Cosminexus has been updated for Oracle Java.More info. D-Link  D-Link DSVS products contain 2 vulnerabilities that can be used for DDoS or RCE.Mor...

New Alerts for Apache ActiveMQ, ABB, Microsoft Edge, Dell, and NetApp. Apache  Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types. CVSSv3 score of 9.8More info. ABB Exploit COM600 product firm...

New Alerts for Sielco (Exploit), Dingtian (Exploit), F5, BD, and IBM. Sielco Exploit Sielco PolyEco1000 contains several vulnerabilities, including Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control. Highest CVSSv3 score of 9.8No response from vendor, exploit exists.More info.Analog FM Transmitters ...

New Alerts for Apple (Exploit), Tenable, Rockwell Automation, Meinberg, IBM, and Linux. Apple Exploit Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari. One vulnerability is being exploited in older iOS versions. Highest CVSSv3 score of 9.8More info. Tenable  Tenable has updated Nessus Network Monitor with updates f...