CND News and Blog

New Vulnerabilities Friday 23 September

New Alerts for Dell and Linux. Dell  Dell has published updates for VxRail for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.More info. Linux  Oracle Linux has updated the kernel More info.Ubuntu has updated the kernel. More info. Security Wizardry ...

0
  73 Hits
  0 Comments

New Vulnerabilities Thursday 22 September

New Alerts for Rockwell Automation, IBM, HP, BIND, and Linux. Rockwell Automation  A vulnerability in the ThinManager ThinServer software could allow an attacker to make the software unresponsive or execute arbitrary code. CVSSv3 score of 8.1More info. IBM  Postgresql is shipped with IBM Tivoli Netcool Impact and contains security vulnera...

0
  106 Hits
  0 Comments

New Vulnerabilities for Wednesday 21 September

New Alerts for Dataprobe, Bosch, Microsoft, VMware, Mozilla, Dell, Tenable, and Linux. Dataprobe  Dataprobe iBoot-PDU FW contains multiple vulnerabilities, including: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SS...

0
  85 Hits
  0 Comments

New Vulnerabilities Tuesday 20 September

New Alerts for Festo, Zyxel, Mozilla Thunderbird, and Linux. Festo  Festo control block CPX-CEC-C1 and CPX-CMXX allow unauthenticated, remote access to critical webpage functions which may cause a DoS. CVSSv3 score of 7.5No updates, replace the product.More info. Zyxel  Zyxel has released patches for GS1900 series switches affected by an ...

0
  91 Hits
  0 Comments

New Alerts Monday 19 September

New Alerts for IBM, HPE, WithSecure, and Linux. IBM  Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and MitM attacks may affect Spectrum Protect Plus and Spectrum Copy Data Management. Highest CVSSv3 score of 9.8.More info. And here.Apache Commons Configuration could allow a remote attacker...

0
  138 Hits
  0 Comments

New Vulnerabilities Friday 16 September

New Alerts for Microsoft Edge, Synology, NetApp, Node.js, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8 All vulnerabilities are public, onl...

0
  173 Hits
  0 Comments

New Vulnerabilities Thursday 15 September

Monthly Patches are out for Palo Alto Networks. New Alerts for Cisco, BD, Google Chrome, Zoom, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches are out, with 1 bulletin rated Medium and 3 Informational bulletins. CVSSv3 score of 5.5More info. Cisco  Cisco has published three new bulletins, all requiring authentication or ...

0
  168 Hits
  0 Comments

New Vulnerabilities Wednesday 14 September

Monthly Patches for Microsoft and Adobe. New Alerts for Delta Industrial Automation, Kingspan, Brocade, and Linux. Microsoft Exploit Microsoft Monthly Patches are out, with 79 vulnerabilities, 5 are critical with CVSSv3 scores of 9.8, 2 were previously disclosed, and 1 privilege escalation vulnerability is already being exploited.More info. And her...

0
  153 Hits
  0 Comments

New Vulnerabilities Tuesday 13 September

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple (Exploit), Hitachi, and Sophos.      Microsoft and Adobe Monthly Patches are expected this afternoon. Siemens  Siemens has published their Monthly Patches, with 5 new bulletins and 8 updated bulletins. Among the new bulletins, highest CVSSv3 s...

0
  199 Hits
  0 Comments

New Vulnerabilities Monday 12 September

New Alerts for JFrog, BD, NetApp, and Linux. JFrog  Multiple vulnerabilities exist in several JFrog products. Highest CVSSv3 score of 10.More info. BD  BD has provided security patches for EpiCenter, FocalPoint, BACTEC FX, Totalys, Assurity Linc, Synapsys, BACTEC FX40, Phoenix M50, and ViperLT.More info. NetApp  NetApp has published ...

0
  176 Hits
  0 Comments

New Vulnerabilities Friday 09 September

New Alert for MZ Automation. MZ Automation  MZ Automation GmbH libIEC61850 contains several vulnerabilities, including: Buffer Overflow, Access of Resource Using Incompatible Type, and NULL Pointer Dereference. Successful exploitation of these vulnerabilities could crash the device being accessed, and buffer overflow conditions could allow RCE...

0
  229 Hits
  0 Comments

New Vulnerabilities Thursday 08 September

New Alerts for Cisco, IBM, Aruba, Wireshark, Tenable, and Linux. Cisco  Cisco has published 5 new bulletins, 2 rated High, 2 Medium, and 1 Informational. Highest CVSSv3 score of 8.6More info.A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links o...

0
  268 Hits
  0 Comments

New Vulnerabilities Wednesday 07 September

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Triangle Microworks, Cognex, Helmholz, and MB Connect Line. Qualcomm  Qualcomm Monthly Patches are out, with 17 security vulnerabilities, 3 rated Critical, 13 rated High, and 1 rated Medium. Highest CVSSv3 score of 9.8More info. Google  Android...

0
  271 Hits
  0 Comments

New Vulnerabilities Tuesday 06 September

Monthly Patches are out for Fortinet. New Alerts for Hitachi Energy, Hitachi, Zyxel, and WithSecure.  I expected Qualcomm, Samsung, and Android patches today. They may come this afternoon, or not until next week because of the Monday holiday. Hitachi Energy  Hitachi Energy AFS660/AFS665 series contains a security vulnerability that could ...

0
  269 Hits
  0 Comments

New Vulnerabilities Monday 05 September

New Alerts for Google Chrome, IBM, QNAP (Exploit), Veritas, and WithSecure. Google  Google has updated Chrome for Desktop with 1 security fix.More info. IBM  IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a prototype pollution attack. CVSSv3 score of 9.8More info. QNAP - Exploit QNAP detected a ne...

0
  319 Hits
  0 Comments

New Vulnerabilities Friday 02 September

New Alerts for Contec Health, Rockwell Automation, Microsoft Edge, and Linux. Contec Health  Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor contains multiple vulnerabilities, including Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, and Active Debug Code. Suuccessful exploitation cou...

0
  330 Hits
  0 Comments

New Vulnerabilities Thursday 01 September

New Alerts for Apple (Exploit), IBM, NetApp, HCL Software, BD, and Xerox. Apple Exploit Apple has published an update for iOS 12 on older platforms that fixes an arbitrary code execution vulnerability that is actively being exploited.More info. IBM  IBM Cognos Analytics has addressed multiple vulnerabilities. Highest CVSSv3 score of 9.8More in...

0
  373 Hits
  0 Comments

New Vulnerabilities Wednesday 31 August

New Alerts for Google Chrome, Aruba, Honeywell, PTC, GE Grid, Johnson Controls, HP, and Linux. Google  Google has updated Chrome for Desktop to include 24 security fixes, at least 1 rated Critical.More info.Microsoft is aware and working on Edge. More info. Aruba  Aruba AOS-CX switches contain multiple vulnerabilities. Highest CVSSv3 scor...

0
  357 Hits
  0 Comments

New Vulnerabilities Tuesday 30 August

New Alerts for Hitachi and Linux. Hitachi  A vulnerability exists in Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor and Ops Center. CVSSv3 score of 9.8More info. Linux  Red Hat has updated systemd. More info.Oracle Linux has updated systemd. More info.Ubuntu has updated systemd. More info.Scien...

0
  336 Hits
  0 Comments

New Vulnerabilities Monday 29 August

New Alerts for Allied Telesis, NetApp, and D-Link. Allied Telesis  CentreCOM AR260S V2 provided by Allied Telesis K.K. contains multiple vulnerabilities, including hardcoded credentiais. Highest CVSSv3 score of 8.8More info. NetApp  NetApp has published 8 new bulletins identifying vulnerabilities in third-party software software included ...

0
  322 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.