CND News and Blog

New Alerts for Baker Hughes, Squid, Apple, Belden, Juniper Networks (Exploit), Mozilla, and Linux. Baker Hughes  Bently Nevada 3500 Rack (TDI Firmware) contains several vulnerabilities including exposure of sensitive information, cleartext transmission of sensitive information, and authentication bypass by capture-replay. Highest CVSSv3 score ...

New Alerts for Hitachi Energy, IBM, Dell, and Linux. Hitachi Energy  Hitachi Energy includes libexpat open-source software in their AFx series products. There are multiple vulnerabilities in the libexpat component that allow a remote attacker to compromise the targeted devices availability, integrity, and confidentiality. Highest CVSSv3 score ...

New Alerts for WAGO, BD, Elasticsearch, and Linux. WAGO  WAGO products e!COCKPIT and WAGO-I/O-Pro both include vulnerable WIBU Systems Codemeter product. Highest CVSSv3 of 9.8More info. BD  BD has published Microsoft and third-party software updates for FACSCanto 10-Color System, FACSCelesta, FACSAria, FACSCanto II System, LSRFortessa, Fo...

New Alerts for Apple (Exploit), Real Time Automation (Exploit), D-Link (Exploit), QNAP, NetApp, and Linux.  Apple Exploit Apple has updated iOS, iPadOS, watchOS, macOS, and Safari to fix Exploited, Critical vulnerabilities.More info. Real Time Automation Exploit Real Time Automation 460MCBS contains a Cross-site Scripting vulnerability that co...

New Alerts for Ingeteam, Frauscher Sensortechnik, Dell, Rockwell Automation, and Linux. Ingeteam  Three vulnerabilities have been identified in Ingeteam INGEPAC DA 3451 and INGEPAC EF MD. Highest CVSSv3 score of 8.6More info. Frauscher Sensortechnik  Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi are prone to multiple vulnerabilities ...

New Alerts for Omron, Atlassian, BIND, and Linux. Omron  Omron CJ/CS/CP series programmable logic controllers use the FINS protocol, which is vulnerable to brute-force attacks. The controllers do not enforce any rate limit on password guesses to password-protected memory regions. CVSSv3 score of 7.5More info. Atlassian  Four high-severity...

Updates for Phoenix Contact, Google Pixel, IBM, Apple, and Linux. Phoenix Contact  Multiple products are affected by WIBU Codemeter vulnerabilities. Highest CVSSv3 score of 10.More here. Google  Google updates for Pixel include Android security patches and 1 Pixel-specific security vulnerability rated High, currently being exploited.More ...

New Alerts for Open5Gc, NetApp, and Linux. Open5Gc  Free5Gc contains a CSRF vulnerability that could allow a remote attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". CVSSv3 score of 9.8 More info. And here. NetApp  NetApp has published 14 new bulletins identifying vul...

New Alerts for IBM, HPE, WithSecure, BD, and Linux. IBM  Multiple vulnerabilities exist in jackson-databind-2 used by IBM Application Performance Management. Highest CVSSv3 score of 9.8More info.Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. Highest CVSSv3 score of 9.8More...

New Alerts for Cisco, Palo Alto Networks, Fortinet, IBM, BD, and curl. Cisco  Cisco has released 6 bulletins, 5 rated Medium and 1 Informational. Highest CVSSv3 score of 6.7More info.A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow a remote attacker to cause a DoS. CVSSv3 score of 4.3More ...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Microsoft Edge (Exploit), BlackBerry, Google Chrome (Exploit), Rockwell Automation, ASUS, and Mozilla (Exploit). Microsoft Exploit Microsoft Monthly Patches include fixes for 66 vulnerabilities, 5 rated Critical, 2 being actively exploited. Highest CVSSv3 score of 8.8More info. And her...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge (0-Day), Apple (exploit), Zoom, and Linux.Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Siemens Monthly Patches contain 7 new bulletins and 14 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.0More i...

New Alerts for Open5GS, IBM, NetApp, and Linux. Open5GS  Open5GS contains 4 vulnerabilities that could allow a remote attacker to cause DoS or retrieve device information. Highest CVSSv3 score of 7.5More info. IBM  IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to third-party software. Highest CVSS...

New Alerts for Apple (Exploit), Socomec, Dover Fueling, Microsoft Edge, Dell, and HPE. Apple Exploit Apple has published updates for iOS, iPadOS, macOS, and watchOS. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Apple is aware that 2 of the vulnerab...

New Alerts for Cisco, NVIDIA, IBM, and Linux. Cisco  Cisco has published 6 new bulletins, 1 rated Critical, 1 rated High, and 4 rated Medium. Highest CVSSv3 score of 10.More info.A vulnerability in the SSO implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow a remote attack...

Monthly Patches are out for Samsung. New Alerts for Tenda, Cacti, Hitachi, and Linux. Tenda 0-day An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote attacker to access sensitive information.More info. Cacti  Twenty new vulnerabilities have been publi...

Monthly Patches are out for Google Android. New Alerts for Fujitsu, Softneta, Google Chrome, IBM, and Linux. Fujitsu  The credentials of Fujitsu Limited Real-time Video Transmission Gear "IP series" for factory testing may be obtained by reverse engineering and other methods. CVSSv3 score of 5.9More info. Softneta  MedDream PACS contains ...

Monthly Patches are out for Qualcomm and MediaTek. Qualcomm  Qualcomm Monthly Patches are out, with 25 vulnerabilities, 2 rated Critical, 20 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include 45 vulnerabilities, 1 rated High and the rest Medium.More info. Security Wizardry Cybe...

New Alerts for ARDEREG, Moxa, Broadcom, Microsoft, IBM, Dell, NetApp, Ivanti, and Linux. ARDEREG  Sistemas SCADA contains a SQL Injection vulnerability that could allow a remote attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. CVSSv3 score of 9.8More info. Moxa  ...

Quarterly Patches are out for Splunk. New Alerts for D-Link, Roundcube, BD, IBM, HPE, Mozilla, and Linux. D-Link DIR-3040 contains a stack-based overflow vulnerability that coule elevate to multiple attack vectors, allowing RCE. CVSSv3 score of 9.8More info. Splunk  Splunk Quarterly Patches are out, with 11 bulletins, 9 rated High and 2 rated ...