CND News and Blog

New Alerts for GitLab, PTZOptics and other PTZ camera vendors, Siemens, Mitel, Ricoh, and XWiki. GitLab The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7More info. PTZOptics PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcode...

Monthly Patches are out for Palo Alto Networks. New Alerts for Moxa, Meinberg, Mozilla, SinoTrack, MicroDicom, and Linux. Palo AltoNetworks Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High, 2 rated Medium, and 3 rated Low. Highest CVSSv3 score of 8.6More info. And here. Moxa Moxa PT-G7728 and PT-G7828 series are affected by a hi...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, GFI, and Trend Micro. Microsoft Microsoft Monthly Patches include 67 vulnerabilities. 10 rated Critical, 1 actively exploited, and 1 publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Adobe Patch Monthly Patches from Adobe includ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Bosch, Hitachi, SolarWinds, CoreDNS, Trend Micro, Hugging Face, and Linux. Three more vendors are expected to publish Monthly Patches this afternoon.  Siemens Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins. Of the new bulletins Highest CV...

New Alerts for Hongding Technology, QNAP, and Linux. Hongding Technology Hongding Technology Smart Parking Management System contains an exposure of sensitive information vulnerability. CVSSv4 score of 9.3More info. QNAP QNAP has identified vulnerabilities in OpenSSH that affect QTS and QuTShero. Highest CVSSv3 score of 6.8More info. Linux Red...

New Alerts for CyberData, ZIV, NetApp, Dell, IBM, and Linux. CyberData CyberData 011209 SIP Emergency Intercom contains several vulnerabilities, including Authentication Bypass, Missing Authentication, SQL Injection, Insufficiently Protected Credentials, and Path Traversal. Highest CVSSv4 score of 9.3More info. ZIV Eight vulnerabilities have been i...

New Alerts for Cisco, HPE, NetApp, IBM, and Django. Cisco Cisco has published 10 new bulletins, 1 rated Critical, 2 rated High, and 7 rated Medium.More info.A vulnerability in AWS, Microsoft Azure, and OCI cloud deployments of Cisco ISE could allow a remote attacker to access sensitive data, execute limited administrative operations, modify system ...

Monthly Patches are out for Samsung. New Alerts for Microsoft Edge (Exploit), HPE, Acronis, Python (Mailman 3), HP, and Linux. Samsung Samsung has published Monthly Patches for Android with 19 vulnerabilities, plus Google Android and Samsung Semiconductor vulnerability patches.More info. Microsoft Microsoft has updated Edge with the latest chromium...

Monthly Patches are out for Google Android. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, ABB, Pilz, HPE, ModSecurity, and Linux. Google Google has published monthly patches for Android with 11 vulnerabilities rated High, plus Qualcomm, Imagination Technologies, and Arm vulnerability patches.More info.Google has published an u...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductors. New Alerts for HPE, Moxa, NetApp, and Linux. Qualcomm Qualcomm Monthly Patches include 10 new bulletins, 2 rated Critical and 8 rated High. Highest CVSSv3 score of 8.6More info. MediaTek MediaTek Monthly Patches include 7 vulnerabilities, 1 rated High and 6 rated Medium. Mo...

New Alerts for Microsoft Edge, HPE, Instantel, Consilium Safety, Spring, Dell, and Linux. Microsoft Microsoft has updated Edge to update the latest chromium security updates and one Edge-specific vulnerability.More info. HPE Security vulnerabilities have been identified in OneView Software that allow a remote attacker to cause a DoS, code execution...

New Alerts for Mitsubishi Electric, Veritas, Acronis, Dell, IBM, and Linux. Mitsubishi Electric An Information disclosure and DoS vulnerability exists in MELSEC iQ-F series CPU module that allows a remote attacker to read information, or cause a DoS. CVSSv3 score of 9.1More info. Veritas Vulnerabilities were discovered in Arctera/Veritas Deskt...

New Alerts for Mozilla Thunderbird, Google Chrome, Arista, curl, Icinga, IBM, and Linux. Mozilla Mozilla has published Critical bulletins for Thunderbird.More info. Google Google has updated Chrome for Desktop to fix 11 security vulnerabilities.More info.Microsoft is aware. More info. Arista Arista EOS with IPsec enabled and anti-replay protection ...

New Alerts for Mozilla Firefox, Weidmueller, Hitachi Energy, Dell, Hitachi, and Linux. Mozilla  Mozilla has published Critical bulletins for Firefox and Firefox ESR.More info. Weidmueller  Weidmueller industrial ethernet switches are affected by multiple vulnerabilities, including Missing Auth and DoS. Highest CVSSv3 score of 9.8More info...

New Alerts for Siemens, Xerox, Philips, Pepperl+Fuchs, IBM, and Linux. Siemens  SiPass contains an out of bounds read vulnerability that could allow a remote attacker to create a DoS. CVSSv4 score of 8.7More info.SiPass integrated ACC devices do not properly check the integrity of firmware updates. This could allow a remote attacker to upload ...

New Alerts for Google Chrome, Versa (0-Day), Iridium, Tenable, NetApp, and GitLab. Google  Google has updated Chrome Early Stable Desktop to fix 8 security vulnerabilities.More info. Versa 0-Day A researcher has published several critical vulnerabilities in Concerto SD-WAN orchestration platform, including authentication bypass, RCE, and other...

New Alerts for Cisco, OpenSSL, HPE, Mitel, Automated Telematics, ModSecurity, and Linux. Cisco  Cisco has published 10 new bulletins. Highest CVSSv3 score of 8.6More info. OpenSSL  Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.More info. HPE  Multiple securit...

Atlassian has published Monthly Patches. New Alerts for TP-Link, AutomationDirect, Vertiv, BIND, Arista, and Linux. TP-Link  A stack-based buffer overflow vulnerability on the TP-Link Archer AX50 router allows a remote attacker to execute arbitrary code on the device over LAN and WAN networks. CVSSv4 score of 9.2More info. AutomationDirect&nbs...

New Alerts for Spring, PowerDNS, VMware, Sungrow, Netgate, and IBM. Spring  Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. CVSSv3 score of 9.1More info. PowerDNS  A remote attacker can cause a DoS via a crafted TCP connection. CVSSv3 score of 7.5More...

New Alerts for Mozilla (0-Day), Wiedmueller, NetApp, IBM, Dell, Xerox, and Linux. Mozilla 0-Day Mozilla has published Critical updates Firefox and Firefox ESR to fix vulnerabilities identified in a Pwn2Own competition.More info. Weidmueller  Weidmueller product ResMa is affected by a vulnerability in Progress Telerik UI for AJAX that could res...