CND News and Blog

New Alerts for Google Chrome, VMware, Mozilla, Tenable, SICK, IBM, F5, and OpenSSL. Google  Google has updated Chrome for Desktop with 2 security fixes.More info. VMware  vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. Highest CVSSv3 base score of 9.8.More info. Mozilla  Mozi...

New Alerts for VMware, Bosch, Squid, and Linux. VMware  Aria Operations for Logs contains an authentication bypass vulnerability. CVSSv3 score of 8.1More info. Bosch  The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG, which contained an authentication bypass by capture-replay. Exploiting the vulnerability would allow...

New Alerts for Cisco, Microsoft Edge, IBM, HP, NETGEAR, and Linux. Cisco  Cisco has begun patching their products for the IOS XE Software bug reported 16 October, CVSSv3 score of 10. These patches are in the most current version, older versions are TBD, and then there will be the products that use IOS XE Software as their base.More info. Micro...

New Alerts for VMware, Baker Hughes, Yokogawa, GE Gas Power, NetApp, and Linux. VMware  VMware Aria Operations for Logs contains an authentication bypass vulnerability and a deserialization vulnerability. CVSSv3 score of 8.1More info. Baker Hughes  Baker Hughes – Bently Nevada 3500 System TDI Firmware has a vulnerability in the password r...

New Alerts for Google ChromeOS, Apache HTTP Server, and Dell. Google  Google has updated ChromeOS and ChromeOS Flex to fix an unspecified number of security vulnerabilities, some rated Critical.More info. Apache  Apache HTTP Server has been updated with 3 security fixes, 1 rated Moderate (HTTP/2 Rapid Reset) and 2 rated Low.More info. Del...

New Alerts for Sophos, Atlassian, Google Chrome, Rockwell Automation (Exploit), Dell, and Linux. Sophos  Sophos has fixed a password disclosure vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall when the password type is set to "specified by sender". Sophos has fixed. CVSSv3 score of 6.5More info. Atlassian Atlassian has...

Oracle Quarterly Patches are out today. New Alerts for Cisco (Exploit), Paessler, IBM, and Linux. Cisco Exploit Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet. This vulnerability allows a remote attacker to create an account on an affected syste...

New Alerts for BD, Rockwell Automation, Microsoft Edge, Dell, NetApp, and Linux. Oracle Quarterly Patch Update comes out tomorrow.  The pre-release announcement is available here. BD  BD has published third-party software security updates for Pyxis, Identity Provider Manager, Alaris, Care Coordination Engine, and Data Agent.More info. Roc...

New Alerts for BD, HP, NetApp, Node.js, Yifan (0-Day), and Linux. BD  BD has published third-party software security updates for ViperLT.More info. HP  A security vulnerability has been identified in the HP ThinUpdate utility which may lead to information disclosure. CVSSv3 score of 4.8More info. NetApp  NetApp has published a bullet...

Monthly Patches are out for Juniper Networks. New Alerts for Advantech, Mitsubishi Electric, Weintek, Pilz, SICK, IBM, Dell, Apache Tomcat, and Linux. Advantech  Advantech WebAccess contains an Information Exposure vulnerability that allows a remote attacker to access user credentials. CVSSv3 score of 6.5More info Mitsubishi Electric  Inf...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Apple, Citrix, Google Chrome, HTTP/2 (Exploits), Samba, cURL, and Linux. Microsoft Exploit Microsoft Monthly Patches include 103 fixes, 12 are rated Critical and 3 are actively exploited. One is a fix for the HTTP/2 Rapid Reset DDoS vulnerability. Highest CVSSv3 score of 9.8...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for F5, Extreme Networks, and Linux. Monthly Patches for Microsoft and Adobe are expected later today. Siemens  Siemens has published 23 bulletins in their Monthly Patches, 12 new and 11 updated. Highest CVSSv3 score of 9.8More info.The CPCI85 firmware of SICAM A8000 ...

New Alerts for QNAP, NetApp, Microsoft PC Manager, and Linux. QNAP  Multiple vulnerabilities in ClamAV have been fixed in QTS, QuTS hero, and QuTScloud.More info. NetApp  NetApp has published 15 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10.There are patches for fi...

New Alerts for Sophos (Exploit), IBM, and Linux. Sophos Exploit Sophos Firewall and SG UTM are vulnerable to at least one of the recent CVEs for Exim. Patches for Firewall are available, SG UTM are coming end of next week. Highest CVSSv3 score of 7.5 for the CVEs that are vulnerable.More info. IBM  IBM Security Verify Governance has been updat...

New Alerts for Apple (Exploit), Cisco, Atos, Google, Microsoft (Exploit), Atlassian (Exploit), HP, Wireshark, and Linux  Apple Exploit Apple has published updates for actively exploited vulnerabilties in iOS and iPadOS. CVSSv3 score of 8.8More info. And here. Cisco  A vulnerability in Cisco Emergency Responder could allow a remote attacke...

New Alerts for SICK, Samsung, and Google Chrome.  SICK  SICK SIM1012 has all Ethernet ports are open by factory default. This could potentially allow a remote attacker to impact the availability, confidentiality, and integrity of the SICK SIM1012. CVSSv3 score of 9.8Remediation only, close the ports.More info.Multiple SICK products includ...

Monthly Patches are out for MediaTek and Google Android. New Alerts for IBM and Linux. MediaTek  MediaTek has published their Monthly Patches with 3 vulnerabilities rated High, 9 rated Medium.More info. Google  Google Monthly Patches for Android are out, with 1 Critical vulnerability, and 31 High, with Arm, MediaTek, Unisoc, and Qualcomm ...

Monthly Patches are out for Qualcomm. New Alerts for Exim (0-Day), BD, Microsoft Edge (Exploit), and NetApp. Exim 0-Day A vulnerability in Exim allows remote attackers to execute arbitrary code on affected installations of Exim. CVSSv3 score of 9.8This was released as a 0-day.More info. And here. BD  BD has published security updates for Phoen...

New Alerts for Progress Software, Dell, and Linux. Progress Software  Vulnerabilities in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface have been identified. Highest CVSSv3 score of 10.More info. Dell  Dell Container Storage Modules remediation is available for multiple security vulnerabilities that co...

New Alerts for Cisco, Google Chrome (Exploit), IBM, HPE, and Mozilla (Exploit). Cisco  Cisco has published 15 new bulletins, 1 rated Critical, 7 rated High, and 7 rated Medium. Highest CVSSv3 score of 9.8More info.Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow an attacker to access an affected instance or cause a DoS on ...