CND News and Blog

New Alerts for Apple, Mitsubishi Electric, VMware, and Linux. Apple  Apple has patched Safari, tvOS, iOS, iPadOS, watchOS, Xcode, macOS Catalina, Big Sur, and Monterey. Several vulnerabilities allow arbitrary code execution.More info. And here. Mitsubishi Electric  Multiple DoS vulnerabilities exist in MELSEC iQ-F series CPU module. These...

New Alerts for SonicWall, Microsoft Edge, NetApp, and Linux. SonicWall  SonicWall SSLVPN SMA1000 series appliances are affected by multiple vulnerabilities, including an unauthenticated access control bypass, and a shared and hard-coded encryption key. Highest CVSSv3 score of 8.2.More info. Microsoft  Microsoft has updated chromium-based ...

New Alerts for Cambium Networks, InHand Networks, IBM, Apache Tomcat, Zyxel, and Linux. Cambium Networks  Cambium Networks cnMaestro contains multiple vulnerabilities, including OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function, Successful exploitation of these vulnerabilities could allow a remote a...

Monthly Patches are out for Palo Alto Networks. New Alerts for Mitsubishi Electric, Dell, Xerox, and Linux. Palo Alto Networks  Monthly Patches are out for Palo Alto Networks, with 4 bulletins, 1 rated High and 3 rated Medium. Highest CVSSv3 score of 7.2More info. Mitsubishi Electric  MELSOFT iQ AppPortal is affected by vulnerabilities in...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Adminer, Google (Chrome for Desktop), TIBCO, Phoenix Contact, Mitsubishi Electric, curl, and Linux. Microsoft  Microsoft Monthly Patches are out, with 75 vulnerabilities. Of these, 8 are Critical, 3 were previously disclosed, and one is already being exploited. Highest CVSSv3 scor...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Check Point (ZoneAlarm), Google (Chrome for Android and ChromeOS), Tenable, and Linux.           Patches for Microsoft and Adobe are expected this afternoon. Check Point  Check Point has updated ZoneAlarm Extreme Security to fix a sec...

New Alerts for Fujitsu, Rockwell Automation, IBM, and Linux. Fujitsu  The operation management interface of FUJITSU Network IPCOM provided by FUJITSU LIMITED contains multiple vulnerabilities. A remote attacker may execute arbitrary commands, obtain and/or alter sensitive information, or cause a DoS. CVSSv3 score of 9.8More info. Rockwell Auto...

New Alerts for QNAP, IBM, Sophos, and NetApp. QNAP  A vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands. QNAP rates this Critical.More info.A vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vul...

New Alerts for Belden, Dell, Aruba, Mozilla, and Mitel. Belden  Belden Provize Basic has been updated to fix security vulnerabilities in third-party software that is included in the product. Highest CVSSv3 score of 9.8More info. And here. And here. Dell  Dell EMC NetWorker vProxy updates are available for multiple security vulnerabilities...

Monthly Patches are out for F5 and Fortinet. New Alerts for Yokogawa, Aruba, OpenSSL, Rockwell Automation, Hitachi Energy, Mozilla, Emerson, and Linux. F5  F5 Monthly Patches are out, with 43 Security Advisories, and another 10 Security Exposures. One advisory is rated Critical, 17 are rated High, 24 are rated Medium, and 1 Low. Highest CVSSv3...

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alert for Linux. Qualcomm  Qualcomm Monthly Patches are out, with 13 CVEs in proprietary software, and 10 more in open-source software. Of the proprietary CVEs, 2 are rated Critical, 10 are rated High, and 1 Medium. Several vulnerabilities are remotely exploit...

New Alerts for TRUMPF, Bosch, SICK, Dell, and F5. TRUMPF  TRUMPF TruTops Fab, TruTops Boost, and TruTops Monitor contain a missing authentication vulnerability. CVSSv3 score of 9.8More info. Bosch  The PLC application of the control systems ctrlX CORE, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contains PLC technolog...

New Alerts for Synology, Microsoft Edge, Dell, IBM, NetApp, and Linux. Synology  Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM). Synology rates this Critical.More info. Microsoft...

New Alerts for Cisco, IBM, and Linux. Cisco  Cisco has published 18 new bulletins, 12 rated High and the rest Medium. Eight are exploitable by unauthenticated remote attackers.More info.Vulnerabilities in Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to trigger a DoS condition. CVSSv3 score of 8.6 More...

New Alerts for Google Chrome, Pepperl+Fuchs, Pilz, DrayTek, Bosch, curl, IBM, and Linux. Google  Google has updated Chrome for Desktop to include 30 security fixes.More info.Microsoft is aware. More info. Pepperl+Fuchs  Several products include Remote Desktop Client, which contains a RCE vulnerability. CVSSv3 score of 8.8More info. And he...

New Alerts for IBM, Dell, Apache CouchDB, QNAP, NetApp, and Linux. IBM  Security vulnerabilities in third-party software have been addressed in IBM Cognos Analytics. Highest CVSSv3 score of 9.8More info. Dell  Dell has published a security update for EMC NetWorker vProxy that corrects multiple vulnerabilities in third-party software. Dell...

New Alerts for Eaton, IBM, FreeRADIUS, and WithSecure. Eaton  Eaton Form 7 and Proview NXG products are affected by multiple security advisories in CODESYS software components. Highest CVSSv3 score of 8.8More info. IBM  Multiple vulnerabilities have been remediated in IBM Planning Analytics Workspace. Highest CVSSv3 score of 9.8More info....

New Alerts for Atlassian Jira, IBM, and Dell. Atlassian  Jira and Jira Service Management are vulnerable to an authentication bypass in its web authentication framework, Jira Seraph. A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWo...

New Alerts for Cisco, SICK, IBM, HPE, HCL Software, VMware, Tenable, and Linux. Cisco  Cisco has published 12 new bulletins, 3 rated High and the rest Medium. Highest CVSSv3 score of 7.8More info.A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could all...

Quarterly Patches are out for Oracle. Alerts for Elcomplus, Bosch, Mitel, QNAP, NetApp, McAfee, and Linux. Oracle Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products, 300 of which are remotely exploitable without authentication. Three vulnerabilities have a CVSSv3 score of 10, in Orac...