CND News and Blog

New Alerts for Google Chrome, IBM, QNAP (Exploit), Veritas, and WithSecure. Google  Google has updated Chrome for Desktop with 1 security fix.More info. IBM  IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a prototype pollution attack. CVSSv3 score of 9.8More info. QNAP - Exploit QNAP detected a ne...

New Alerts for Contec Health, Rockwell Automation, Microsoft Edge, and Linux. Contec Health  Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor contains multiple vulnerabilities, including Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, and Active Debug Code. Suuccessful exploitation cou...

New Alerts for Apple (Exploit), IBM, NetApp, HCL Software, BD, and Xerox. Apple Exploit Apple has published an update for iOS 12 on older platforms that fixes an arbitrary code execution vulnerability that is actively being exploited.More info. IBM  IBM Cognos Analytics has addressed multiple vulnerabilities. Highest CVSSv3 score of 9.8More in...

New Alerts for Google Chrome, Aruba, Honeywell, PTC, GE Grid, Johnson Controls, HP, and Linux. Google  Google has updated Chrome for Desktop to include 24 security fixes, at least 1 rated Critical.More info.Microsoft is aware and working on Edge. More info. Aruba  Aruba AOS-CX switches contain multiple vulnerabilities. Highest CVSSv3 scor...

New Alerts for Hitachi and Linux. Hitachi  A vulnerability exists in Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor and Ops Center. CVSSv3 score of 9.8More info. Linux  Red Hat has updated systemd. More info.Oracle Linux has updated systemd. More info.Ubuntu has updated systemd. More info.Scien...

New Alerts for Allied Telesis, NetApp, and D-Link. Allied Telesis  CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities, including hardcoded credentiais. Highest CVSSv3 score of 8.8More info. NetApp  NetApp has published 8 new bulletins identifying vulnerabilities in third-party software software included ...

New Alerts for IBM, F5, and Linux. IBM Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.8More info. And here. F5  Traffix SDC includes the Apache Xalan Java XSLT library which contains a vulnerability that could be used to allow an attacker to execute arbitrary Java bytecode. ...

New Alerts for Cisco, Lexmark, HCL Software, and Linux. Cisco  Cisco has published 4 new bulletins, 3 rated High and 1 Medium. Highest CVSSv3 score of 8.8More info.A vulnerability in the OSPF feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8.6More info. Lexmark  Several model...

New Alerts for Mozilla, Delta Electronics, IBM, Dell, and Linux. Mozilla  Mozilla has published security updates for Firefox, Firefox ESR, and Thunderbird, all rated High, and could allow arbitrary code execution.More info. Delta  Delta Electronics Delta Industrial Automation DIALink is vulnerable to use of a hard-coded cryptographic key,...

New Alerts for IBM, HP, PowerDNS, WithSecure, and Linux. IBM  Multiple security vulnerabilities have been identified in dojo library shipped with IBM Security Guardium Key Lifecycle Manager. Highest CVSSv3 score of 9.8More info. HP  Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack. CVSSv3 score of...

New Alerts for BD, Aruba, Atlassian CAS (Exploit), and Linux. BD  BD has published Microsoft and third-party software patches for FACSCanto II System, Alaris, Data Agent, Care Coordination Engine, Identity Provider Manager, FACSCanto 10-color System, and FACSLyric. Some patches go back to 2019.More info. Aruba  A vulnerability exists in t...

New Alerts for ManageEngine, Apple Safari (Exploit), IBM, and Dell. ManageEngine Network Configuration Manager, OpManager, NetFlow Analyzer, and OPManager Plus contain a vulnerability that allows remote attackers to bypass authentication on affected installations. CVSSv3 score of 9.8More info. And here. Apple Exploit Apple has published a security ...

New Alerts for Apple (Exploit), GE Grid, Microsoft Edge (Exploit), IBM, NetApp, and Linux. Apple Exploit Apple has patched macOS, iOS, and iPadOS. One vulnerability is being activelly exploited. Highest CVSSv3 score of 8.8More info. And here. GE Grid  GE Grid has reported several vulnerabilities in the Reason S20 switch, including Unsalted Pas...

Splunk Quarterly Patches are out. New Alerts for Google Chrome, LS Electric, Softing, B&R Automation, WAGO, Sequi, and Linux. Google - Exploit Google has publsihed a security update for Chrome for Desktop, that addresses 11 security vulnerabilities, at least 1 rated Critical and 1 being currently exploited.More info.Microsoft is aware andw orki...

New Alerts for TRUMPF, IBM, Lenovo, and Linux. Splunk Quarterly Patches are expected out today. TRUMPF  A number of TRUMPF software tools use the OPC UA Server, which contains several vulnerabilities that would allow a remote attacker to send malicious data to the application, resulting in a DoS. CVSSv3 score of 7.5More info. IBM  Multipl...

New Alerts for IBM, NetApp, and Linux. IBM  Multiple vulnerabilities in jackson-databind shipped with IBM Cloud Pak System Highest CVSSv3 score of 9.8More info.IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration. CVSSv3 score of 9.8More info.Multiple security vulnerabilities are add...

New Alerts for Cisco and Keysight Technologies. Cisco  A vulnerability in the handling of RSA keys on devices running Cisco ASA and FTD Software could allow a remote attacker to retrieve an RSA private key. CVSSv3 score of 7.4More info.A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco ASA Software could allow a remote attac...

New Alerts for Palo Alto Networks, Dell, and Linux. Palo Alto Networks  A PAN-OS URL filtering policy misconfiguration could allow a remote attacker to conduct reflected and amplified TCP DoS attacks. The DoS attack would appear to originate from a Palo Alto Networks firewall against an attacker-specified target. CVSSv3 score of 8.6More info. ...

Monthly Patches are out for Microsoft and Adobe. New Alerts for VMware, Hitachi, Zoom, and Linux. Microsoft  Microsoft Monthly Patches are out, with patches for 141 vulnerabilities, 17 rated Critical, 2 previously disclosed, and 1 being exploited. Highest CVSSv3 score of 9.8More info. And here. And here.An RCE Windows PPP wormable vulnerabilit...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for AUMA, Exim, SICK, NetApp, and Linux.                    Microsoft and Adobe Monthly Patches are expected out this afternoon. Siemens  Siemens Monthly Patches are out, with 4 new bulletins and 38 updated bulletins. ...