CND News and Blog

New Alerts for Trihedral, Rockwell Automation, Google Chrome (Exploit), Microsoft Edge, Apple iOS (Exploit), Dell, and IBM. Trihedral  Trihedral VTScada contains an Improper Input Validation vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 7.5.More info. Rockwell Automation  A vulnerability in FactoryTalk Alarms...

New Alerts for Dell, HP, Wireshark, Nessus, and Linux. Dell  Dell PowerStore Family remediation is available for multiple security vulnerabilities that could be exploited by remote attackers to compromise the affected system. Dell rates this Critical.More info. HP  Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Do...

New Alerts for Google Chrome, VMware, IBM, Johnson Controls, Aruba, SICK, Haas Automation, Delta Electronics, HEIDENHAIN, curl, and Linux. GoogleGoogle has updated Chrome for Desktop with fixes for 14 security vulerabilities.More info. VMware  VMware Cloud Foundation has been updated to correct multiple vulnerabilities, including an RCE in XSt...

New Alerts for Apple (Exploit), InHand Networks, IBM, Hitachi, and Linux. Apple Exploit Apple has patched Safari, iOS and iPadOS, MacOS, tvOS, and watchOS. There are 106 vulnerabilities. At least one has been actively exploited.More info. And here. InHand Networks  InHand Networks has confirmed vulnerabilities impacting Industrial Router IR302...

New Alerts for IBM and Linux. IBM  Security vulnerabilities in Ruby on Rails and node.js yup affect IBM Cloud Pak for Multicloud Management Infrastructure Management. CVSSv3 score of 9.8More info. And here. Linux  SUSE has updated the kernel. More info.OpenSUSE has updated the kernel. More info.Oracle Linux has updated the kernel. More in...

New Alerts for Siemens, BD, NetApp, and Linux. Siemens  The mobile server component of Siveillance Video 2022 R2 contains an authentication bypass vulnerability that could allow an unauthenticated remote attacker to access the application without a valid account. CVSSv3 score of 9.4More info. BD  BD has published third-party software upda...

New Alerts for Meinberg, Synology, WithSecure, and Linux. Meinberg  LANTIME Firmware contains two vulnerabilities, one rated Critical and one rated High. Highest CVSSv3 score of 9.8More info. Synology  Multiple vulnerabilities allow remote attackers to obtain sensitive information or execute arbitrary commands via a susceptible version of...

Quarterly Patches for F5 are out. New Alerts for BD, Adobe, Advantech, Mozilla, Bosch, IBM, and Linux. F5  F5 Quarterly Patches are out, with 12 patches rated High, 5 rated Medium, 1 rated Low, and 1 listed as a Security Exposure. Highest CVSSv3 score of 9.1More info. BD  BD Keistra products have been updated with Microsoft and third-part...

Oracle Quarterly Patches are due out today. New Alerts for NetApp, Apache Commons Text, IBM, and Linux. Oracle  Oracle Quarterly Patches are due out today. Pre-release document says there are 366 new security patches, 251 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8More info. NetApp  NetApp has pub...

New Alerts for Microsoft Edge, WAGO, SonicWall, GnuPG, Trumpf, Softing, and Linux. Microsoft  Microsoft has updated Edge to include the latest chromium vulnerability fixes.More info. WAGO  Multiple vulnerabilities exist in Controllers with WAGO I/O-Pro / CODESYS 2.3 Runtime. Highest CVSSv3 score of 9.8More info. And here.Multiple products...

New Alerts for IBM, PulseSecure, NetApp, and Linux.        Oracle Quarterly Patches pre-release is out More info. IBM  IBM Watson Discovery for IBM Cloud Pak for Data contains vulnerable versions of Apache Hadoop and Apache Common Confiugrations. CVSSv3 score of 9.8More info. And here.IBM Watson Speech Servic...

Monthly Patches are out for Palo Alto Networks, Quarterly Patches are out for Juniper Networks. New Alert for Mitel. Palo Alto Networks  Palo Alto Monthly Patches include 1 bulletin rated High for an authentication bypass vulnerability in PAN-OS. CVSSv3 score of 8.1.More info. And here. Juniper Networks  Juniper Quarterly Patches brought ...

Monthly Patches are out for Adobe. New Alerts for Daikin, Google Chrome, Google ChromeOS, Aruba, and WAGO. Adobe  Adobe Monthly Patches include updates for ColdFusion, Acrobat Reader, Commerce, and Dimension. The most severe vulnerabilities could allow for arbitrary code execution. Highest CVSSv3 score of 10.More info. Daikin  Daikin Hold...

Monthly Patches are out for Microsoft. Microsoft Exploit Monthly Patches have been published, with 96 vulnerabilities. 13 patches are rated as Critical, 71 as Important and 1 as Moderate. There is no patch for the current Exchange vulnerability. One vulnerability, a Windows COM+ Event System Service Elevation of Privilege Vulnerability, is already ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple iOS, Phoenix Contact, and Linux.    Microsoft and Adobe Monthly Patches are expected this afternoon, and Palo Alto are expected tomorrow. Schneider Electric  Monthly Patches have been published, with 4 new bulletins and 8 updated bulletin...

Monthly Patches are out for Fortinet, with one vulnerability currently being exploited. Fortinet Exploit Monthly Patches are out, with 7 bulletins, with 2 rated Critical, 3 rated High, 1 rated Moderate, and 1 rated Low. Highest CVSSv3 score of 9.6More info.An authentication bypass using an alternate path or channel vulnerability in FortiOS, FortiPr...

New Alerts for HIWIN and NetApp. HIWIN New HIWIN Robot System Software does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller, causing a DoS. CVSSv3 score of 7.5More info. NetApp  NetApp has published 8 new bulletins identifying vulnerabilities in third-party sof...

New Alerts for Cisco, IBM, Dell, and Linux. Cisco  Cisco has published 9 new bulletins, 2 rated High and the rest Medium.More info.Multiple vulnerabilities in the API and in the web-based management interface of Expressway Series Software and TelePresence Video Communication Server Software could allow a remote attacker to bypass certificate v...

New Alerts for IBM and Google ChromeOS. IBM  Vulnerabilities in React, webpack and Node.js modules affect Tivoli Netcool/OMNIbus WebGUI. Highest CVSSv3 score of 9.8More info.The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is vulnerable to RCE. CVSSv3 score of 9.8M...

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Microsoft Edge, Dell, and StrongSwan.  Qualcomm  Monthly Patches are out for Qualcomm, with 12 bulletins. Two are rated Critical, 7 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.8More info. Google  Android Monthly Patches are o...