CND News and Blog

New Alerts for Google Chrome, Mozilla, Tenable, Splunk, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 8 security vulnerabilities.More info. Mozilla  Mozilla has published security updates for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR, all rated High.More info. Tenable  Tenable Identity Exposure has...

New Alerts for Apache Tomcat, SICK, PowerDNS, Ribbon Communications, and IBM. Apache  Tomcat contains an incorrect error handling vulnerability for some invalid HTTP priority headers could result in a DoS.More info. SICK  SICK has identified a DoS vulnerability in picoScan and multiScan. CVSSv3 score of 5.3More info.SICK has found two vul...

New Alerts for SAP (Exploit), Weissemann & Theis, NetApp, IBM, and Linux. SAP Exploit SAP has released out-of-band emergency NetWeaver updates to fix a suspected RCE zero-day flaw actively exploited to hijack servers. CVSSv3 score of 10.More info. And here. Wiesemann & Theis  Com-Server firmware supports the insecure TLS 1.0 and TLS 1....

New Alerts for Microsoft Edge, Johnson Controls, Nice, Planet Technology, Bosch, and Mitsubishi Electric. Microsoft  Microsoft has updated Edge with the latest chromium security fixes.More info. Johnson Controls  Johnson Controls has updated Software House iSTAR Configuration Utility (ICU) tool to fix a vulnerability that allows a remote ...

New Alerts for HPE and Linux. HPE  A security vulnerability in Apache Tomcat has been identified in HPE Telco Service Orchestrator software could allow a remote attacker to achieve RCE. CVSSv3 score of 9.8More info.Security vulnerabilities have been identified in "HPE Telco Network Function Virtual Orchestrator" software. Highest CVSSv3 score ...

New Alerts for Google Chrome, XWiki, Spring Security, Trellix, CODESYS, and Linux. Google  Google has updated Chrome for desktop to fix one security vulnerability.More info.Microsoft is aware. More info. XWiki  XWiki contains a vulnerability that allows a remote attacker to escape from the HQL execution context and perform a blind SQL inj...

New Alerts for Hitachi, HPE, PyTorch, TRUMPF, IBM, and Dell. Hitachi  Multiple vulnerabilities have been found in JP1. Highest CVSSv3 score of 8.1More info. HPE  Security vulnerabilities have been identified in HPE UOCAM that could allow a remote attacker to achieve DoS, Remote Buffer Overflow, and RCE. Highest CVSSv3 score of 9.1More inf...

New Alerts for Microsoft Edge, Tenable Nessus, ASUS, Yokogawa, BD, and NetApp. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info.Tenable Nessus has been updated to fix 3rd party software vulnerabilities. Highest CVSSv3 score of 8.1More info. ASUS  An improper authentication control vulnerability exists in ce...

New Alerts for Apple (Exploit), Cisco, Erlang, Commvault, Tenable, Dell, and Linux. Apple Exploit Apple has published patches for two exploited vulnerabilities in iOS, iPadOS, macOS, tvOS, and visionOS.More info. And here.Cisco Cisco has published 3 new bulletins for Webex App, Secure Network Analytics, and Nexus dashboard. Highest CVSSv3 score of ...

New Alerts for Google Chrome, Mozilla, GE Vernova, Siemens, Lantronix, Growatt, and Linux. Google  Google has updated Chrome for Desktop to fix 2 security vunerabilities.More info.Microsoft is aware. More info. Mozilla  Mozilla has published security updates for Firefox, Thunderbird ESR, and Thunderbird. More info. GE Vernova  GE Ver...

Quarterly Patches are out for Oracle. Monthly Patches are out for Atlassian. New Alerts for Microsoft Edge, Arista, Mitsubishi Electric, Delta Electronics, and Linux. Oracle  Quarterly Patches are out, with 380 security vulnerabilities listed in the pre-release document, with 268 remotely exploitable without authentication. Highest CVSSv3 scor...

New Alerts for NetApp, IBM, and Linus. Tomorrow afternoon Oracle Quarterly Patches will come out. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.5Only 1 has patches.More info. IBM  IBM has published Critical bulletins for Maximo Applic...

Monthly Patches for Google Pixel are out. New Alerts for Dell, GitLab, Jenkins, HPE, IBM, and Linux. Next week Oracle Quarterly Patches are out.  The Pre-Release is available here. Google  Monthly Patches for Pixel are out, with 3 new vulnerabilities plus Android updates.More info. Dell  Dell has published a Critical bulletin for Net...

Monthly Patches are out for Juniper Networks and Palo Alto Networks. New Alerts for Dell, Splunk, MedDream, Spring, and Linux. Juniper  Monthly Patches are out with 24 new bulletins, 1 rated Critical, 13 rated High, and 10 rated Medium. Products updated include CTP View, Junos Space, Junos OS, and Junos OS Evolved. Highest CVSSv3 score of 10Mo...

Monthly Patches are out for Fortinet, Microsoft, Adobe, and Ivanti. New Alerts for Google Chrome, Arista, and Linux. Fortinet  Monthly Patches are out with 10 new bulletins, 1 rated Critical, 2 rated High, 5 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.3More info.An unverified password change vulnerability in FortiSwitch GUI may al...

Monthly Patches are out for Google Android, Samsung, SAP, Siemens, and Schneider Electric. New Alerts for VMware Tanzu Greenplum and Linux.  This afternoon Monthly Patches for Microsoft and Adobe are expected. Google  Google has published the Monthly Patches for Android, with 42 vulnerability fixes plus Arm, Imagination Technologies, Medi...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Weidmuller, Dell, PowerDNS, and NetApp. Tomorrow is Monthly Patch day for Android, Samsung, Microsoft, Adobe, SAP, Siemens, and Schneider Electric, followed by Palo Alto Networks and Juniper Networks. Qualcomm  Qualcomm Monthly Patches include 20 fixed vulnerabilities, 4 rated C...

New Alerts for Microsoft Edge, Bitdefender, M-Files, Philips, Ivanti (Exploit), and Linux.  Microsoft  Microsoft Edge has been updated to include the latest chromium updates.More info. And here. Bitdefender  Bitdefender has published 3 new bulletins for GravityZone Console. Highest CVSSv3 score of 9.5More info. M-Files  M-Files ...

New Alerts for Cisco, Apache Traffic Server, OpenVPN, IBM, and Linux. Cisco  A vulnerability in chat messaging features of Cisco Enterprise Chat and Email could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5More info. Apache  Apache Traffic Servr is vulnerable to request smuggling via chunked messages.More info. OpenVPN ...

New Alerts for Apple watchOS, Google Chrome, Mozilla, Meinberg, Django, Apache Camel, and Linux. Apple  Apple has published a security bulletin for watchOS.More info. Google  Google has updated Chrome for Desktop to fix 14 security vulnerabilities.More info.Microsoft is aware. More info. Mozilla  Mozilla has published security update...