CND News and Blog

New Alerts for Tenable, Medtronic, Microsoft Edge, and Zyxel. Tenable  Nessus Network Monitor has been updated to correct vulnerabilities in third-party software including HandlebarsJS, OpenSSL, and jquery-file-upload. Highest CVSSv3 score of 9.8More info. Medtronic  Mainspring Data Express and Vital Sync Virtual Patient Monitoring Platfo...

New Alerts for Delta Electronics, Google Chrome, Sierra Wireless, IBM, Dell, and Linux. Delta Electronics  InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute ar...

New Alerts for Zyxel, Festo, F5, NETGEAR, Hitachi Energy, Xerox, Apache Tomcat, and Linux. Zyxel  Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5More info. Festo  Festo products use WIBU CodeMeter Runtime. A remote attacker exploitin...

New Alerts for HPE, Arcserve, and Control iD (0-Day). HPE  Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8More info. Arcserve  Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.More inf...

New Alerts for Philips, Hikvision, NetApp, and Linux. Philips  IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8No patches yet.More info. Hikvision  Hikvision products have been affected by an authentication bypass vulnerab...

New Alerts for Atlassian, ownCloud, Dell, and Linux. Atlassian  Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian. Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server. Highest C...

New Alerts for Sophos (Exploit), Synology, Phoenix Contact, Mozilla, WithSecure, and Linux. Sophos Exploit Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code. Highest CVSSv3 score of 9.8Exploits have been seen in the wild.More info. Synology  Synology Router Manager...

New Alerts for IBM, HPE, Synology, strongSwan, and Tenable. IBM  QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3...

Quarterly Patches are out for Splunk. New Alerts for Hitachi Energy, Microsoft Edge, Xerox, and Linux. Splunk  Splunk has published their Quarterly Patches, with Splunk and third-party software updates. Highest CVSSv3 score of 9.8More info. Hitachi Energy  Network Manager DMS/OMS products are affected by the Apache ActiveMQ vulnerability....

New Alerts for Red Lion, Wireshark, NetApp, IBM, TRENDnet, NetBSD, and Linux. Red Lion  Sixnet RTU contains two vulnerabilities, Authentication Bypass using an Alternative Path or Channel, and Exposed Dangerous Method or Function. Both have CVSSv3 score of 10.Patches and mitigation instructions.More info. And here. Wireshark  Wireshark ha...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for VMware, Aruba, Google Chrome, Google ChromeOS, Intel, and F5. Microsoft  Microsoft Monthly Patches are out, fixing 64 vulnerabilities, 14 vulnerabilities affecting Microsoft Edge, and 5 vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three vulnerabili...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux. Siemens  Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.Siemens OPC UA Modeling Editor is affected by an XXE injection vuln...

New Alerts for BD, NetApp, and Linux. BD  BD has published security updates for Alaris, Data Agent, and FACSymphony A3/A5/A1More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. Linux  SUSE has upd...

New Alerts for SysAid, Weidmüller, Johnson Controls, Microsoft Edge, and Linux. SysAid  A Patch Traversal vulnerability has been exploited as a 0-day in SysAid On-Prem Software. CVSSv3 score of 9.8More info. Weidmüller  Weidmüller products use WIBU CodeMeter Runtime. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network s...

New Alert for Atlassian. Enjoy the break, in my experience tomorrow/next week will make up for it...  Atlassian  The Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server. CVSSv3 score of 10.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber...

New Alerts for Lanaccess, Softing, Dell, WithSecure, Google Chrome, and Linux. Lanaccess  An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM. This vulnerability could allow a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. CVSSv3 sco...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for GE Gas Power, Hitachi, Dell, and Linux. GE GasPower  GE Gas Power products include the vulnerable web UI feature of Cisco IOS XE Software, although the feature is not on by default. If you turned it on, turn it off.More info. Google  Google Monthly Patch...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Samsung, FRRouting, QNAP, NetApp, Veeam, NextGen Healthcare, and Linux. Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 4 rated Critical, 7 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include ...

New Alerts for Weintek, Franklin Fueling System, Crimson, Microsoft Edge, Moxa, and Linux. Weintek  Weintek EasyBuilder Pro has a Use of Hard-coded Credentials vulnerability that could allow a remote attacker to obtain remote control of a victim's computer as a privileged user. CVSSv3 score of 9.8More info. Franklin Fueling System  Frankl...

New Alerts for Cisco, VMware, IBM, Mitsubishi Electric, Moxa, Hitachi Energy, and Linux. Cisco  Cisco has published 24 new bulletins, 1 rated Critical, 9 rated High, and 14 rated Medium. Highest CVSSv3 score of 9.9.More info.Vulnerabilities in Cisco FTD Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8....