CND News and Blog

New Alerts for Priva, BD, IBM, Dell NetApp, and Juniper. Priva  Priva TopControl Suite is vulnerable to secure shell (SSH) credentials being deciphered. An attacker could calculate the login credentials for the Priva product and login remotely. CVSSv3 score of 7.5More info. BD  BD has updated CCE, IDM, Data Agent, ViperLT, and Totalys for...

New Alerts for Synology, Mitsubishi Electric, Hikvision, IBM, and Western Digital. Synology  Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM). CERT Bund rates this CVSSv3 score of 10.More info. Mitsu...

New Alerts for D-Link, Dell, NetApp, Zyxel, curl, Open vSwitch, and Linux. D-Link  D-Link DIR-824/EE hardware contains several unauthenticated OS command injection vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell  Dell SRM and Dell Storage Monitoring and Reporting have a security update for multiple third-party xomponent vulner...

New Alerts for Tenable, NVIDIA, Symantec, HCL Software, and Linux. Tenable  Nessus Network Monitor leverages third-party components, two of which were found to contain vulnerabilities. Highest CVSSv3 score of 9.8More info. NVIDIA  NVIDIA DGX A100 server and NVIDIA DGX Station A100 has been updated to address issues that may lead to code e...

New Alerts for BD, Microsoft Edge, IBM, HCL Software, and Linux. BD  BD has updated several products to apply Microsoft and third-party patches.More info. Microsoft  Microsoft has updated Edge to include the latest chromium-based security patches.More info. IBM  IBM Cognos Analytics has addressed multiple vulnerabilities. Highest CVS...

New Alerts for VMware, NetApp, Shibboleth, Samba, and Tenable. VMware  vRealize Network Insight (vRNI) contain command injection and directory traversal vulnerabilities present in the vRNI REST API. A remote attacker can execute commands and read arbitrary files. Highest CVSSv3 score of 9.8More info. VMware Workspace ONE Access and Identity Ma...

New Alerts for Weidmueller, Rockwell Automation, IBM, Google (ChromeOS LTS), and Linux. Weidmueller  Multiple IoT and control products are affected by a JavaScript injection vulnerability in the XML editing system SCHEMA ST4 online help by Quanos Solutions GmbH. CVSSv3 score of 6.1More info. And here. Rockwell Automation  Rockwell Automat...

Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for Apple (Exploit), Contec, Google Chrome, Rockwell Automation, Dell, NETGEAR, and Mozilla. Palo Alto Networks Monthly Patches are expected out this afternoon. Microsoft Exploit Microsoft Monthly Patches include 74 vulnerabilities, 7 are Critical, 1 was previously disclosed, and...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Fortinet (Exploit), Citrix (Exploit), Hitachi Energy, Phoenix Contact, IBM, Hitachi, and Linux.            Monthly Patches for Microsoft and Adobe are expected this afternoon, Palo Alto Networks is expected tomorro...

New Alerts for IFM Electronic, IBM, NetApp, and Linux. IFM Electronic  Moneo Appliances contain a vulnerability where a remote attacker could reset the administrator's password with information from the default, self-signed certificate. CVSSv3 score of 9.8More info. IBM  Multiple vulnerabilities in the Expat library affect IBM Db2 Net Sea...

New Alerts for Aveva, Advantech, Dell, and WithSecure. Aveva  InTouch Access Anywhere contains a Relative Path Traversal that could allow a remote attacker with network access to read files on the system outside of the secure gateway web server. CVSSv3 score of 7.5More info. Advantech  Advantech iView contains a SQL Injection vulnerabilit...

Monthly Patches are out for Fortinet. New Alerts for TIBCO, Rockwell Automation, Lenovo, PHP, and Wireshark. TIBCO  TIBCO Nimbus Web Client contains a vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. CVSSv3 score of 9.3More info. Rockwell Automation  Logix Contro...

New Alerts for Cacti, F5, and Linux. Cacti  A command injection vulnerability allows a remote attacker to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. CVSSv3 score of 9.8More info. F5  BIG-IP and BIG-IQ are vulnerable to an issue in Java SE that could allow an attacker ...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Intel, Microsoft Edge (Exploit), IBM, and Dell. Intel Potential security vulnerabilities in some Intel Server Board Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure. Highest CVSSv3 score of 8.3More info. Go...

Monthly Patches are out for Qualcomm and Mediatek. New Alerts for PostgreSQL and Google Chrome (Exploit). Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 1 rated Critical, 14 rated High, and 1 rated Medium. Highest CVSSv3 score of 8.4More info. Mediatek  Mediatek Monthly Patches include 19 vulnerabilities, 6 rated Hig...

New Alerts for Sophos, MISP, Horner Automation, IBM, Asterisk, Google ChromeOS, NetApp, and Linux. Sophos  Sophos Firewall has been updated to fix several security vulnerabilities, include RCE via the User Portal and Webadmin. Highest CVSSv3 score of 9.8More info. MISP  The latest version of MISP includes two security fixes for Critcal vu...

New Alerts for Xerox, Eaton, Carrier, Apple, IBM, Rockwell Automation, and Veritas. Xerox  Xerox FreeFlow Print Server v7 and v9 have been updated with Oracle October 2022 patches. CVSSv3 score of 10, according to CERT Bund.More info. And here. Eaton  Form 7 recloser control and Proview NXG use CODESYS components. Eaton has published a bu...

New Alerts for NetBSD, Google Chrome, and Linux. NetBSD  ping contains memory safety bugs that can be triggered by a remote host, causing the ping program to crash. It may be possible for a malicious host to trigger remote code execution in ping. CVSSv3 score of 10, according to CERT Bund.More info. Google  Google has updated Chrome for D...

New Alerts for Festo, Mitsubishi Electric, Moxa, Microsoft Edge (Exploit), F5, and NetApp. Festo  In multiple products by Festo a remote unauthenticated attacker could use functions of undocumented protocols which could lead to a complete loss of confidentiality, integrity and availability. CVSSv3 score of 9.8The solution is to update the docu...

New Alerts for Google Chrome (Exploit), Atos, Moxa, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 1 security vulnerability rated High.More info. Atos  A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager that may allow an unauthenticated atta...