CND News and Blog

Monthly Patches are out for Atlassian. New Alerts for Watchguard, Microsoft Edge, HPE, Esri, Mozilla, and Linux. Watchguard An Out-of-bounds Write vulnerability in WatchGuard Fireware OS allows a remote attacker to execute arbitrary code. CVSSv4 score of 9.3More info. Microsoft Microsoft has updated Edge for Android with the latest chromium fixes a...

New Alerts for Apple, Spring, Extreme Networks, Dell, IBM, Linux. Apple Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, Safari, and Xcode. Note they have moved to consistent versioning, latest versions are all 26.More info. And here. Spring Spring has published 2 new security vulnerabilities for Spring Security and Spri...

New Alerts for Flowise, Dell, HPE, Expat, WAGO, IBM, and Linux. Flowise Flowise contains a vulnerability where a node parses the user-provided input, executing JavaScript code without security validation, to build the MCP server configuration. CVSSv3 score of 10.More info. Dell Dell has published a Critical bulletin for PowerProtect DP Series Appli...

New Alerts for Microsoft Edge, GE Vernova, GitLab, NetApp, Daikin, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium updates.More info. GE Vernova GE Vernova Gas and Power has updated Control Server, OTArmor, and Baseline Security Center (BSC) with ESXi updates from July. Highest CVSSv4 score of 9.3More info. GitLab GitL...

Monthly Patches are out for Palo Alto Networks. New Alerts for Cisco, Spacelabs Healthcare, Delta, Hitachi Energy, Zoom, and Linux. Cisco Cisco has published 3 new bulletins, 2 rated High and 1 Medium, all affecting Cisco IOS XR. One is remotely exploitable. Highest CVSSv3 score of 7.4More info. Palo Alto Networks Palo Alto Networks Monthly Pa...

Monthly Patches are out for Microsoft, Adobe, and Ivanti. New Alerts for Google Chrome, HPE, Sophos, and Linux. Microsoft Monthly Patches for Microsoft include 86 CVEs affecting Microsoft products. Highest CVSSv3 score of 9.8More info. And here.Microsoft is aware of Google Chrome for Desktop updates that affect Edge. More info. Adobe Adobe Monthly ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Tanzu, WAGO, Rockwell Automation, and Linux. Monthly patches for Microsoft and Adobe are expected this afternoon. Siemens Monthly Patches for Siemens include 7 new and 13 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info. Schneider Elec...

New Alerts for Microsoft Edge, Apache Jackrabbit, Bender GmbH, Ricoh, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes and for one Edge-specific vulnerability.More info. Apache A Deserialization of Untrusted Data vulnerability has been identified in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.More inf...

New Alerts for Microsoft, Honeywell, and Linux. Microsoft Microsoft has published 5 vulnerabilities in their Early September update. Highest CVSSv3 score of 10.More info. Honeywell OneWireless Wireless Device Manager contains several vulnerabilities that could result in information exposure, denial of service, or remote code execution. Highest CVSS...

Monthly Patches are out for Google Pixel. New Alerts for LANCOM, Shibboleth, NetApp, and Linux. Google Google has published Monthly Patches for Pixel with 23 vulnerabilities, 17 rated High and 6 rated Moderate, plus Android patches.More info. LANCOM A security vulnerability in Squid affects LANCOM R&S Unified Firewalls with LCOS FX, allowing a ...

Monthly Patches are out for Google Android, Samsung Android, and Unisoc. New Alerts for Google Chrome, Google Cloud, Meinberg, Dell, IBM, and Linux. Google Google has published Monthly Patches for Android with 60 vulnerabilities, 1 rated Critical, 59 rated High, plus Widevine DRM, Arm, Imagination Technologies, MediaTek, and Qualcomm patches.More i...

New Alerts for IBM and Linux. Google and Samsung Android monthly patches are expected later today. IBM IBM has published Critical bulletins for PowerVC, Db2, Concert Software, and Cloud Pak for Data.More info. Linux Red Hat has updated the kernel. More info.AlmaLinux has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - T...

Monthly Patches are out for Qualcomm, Samsung Semiconductor, and MediaTek. New Alerts for Hikvision, IBM, and Linux. Qualcomm Monthly Patches are out for Qualcomm, with 18 vulnerabilities, 2 rated Critical, 15 rated High, and 1 rated Medium. Highest CVSSv3 score of 9.8More info. Samsung Monthly Patches for Samsung Semiconductor include 2 vulnerabil...

New Alerts for Microsoft Edge, Tenable Security Center, Wireshark, Asterisk, NetApp, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fix.More info. Tenable Tenable has updated Security Center to fix vulnerabilities in included third-party software. Highest CVSSv3 score of 9.8More info. Wireshark A Denial ...

New Alerts for Cisco, Mitsubishi Electric, GitLab, Johnson Controls, and Linux. Cisco Cisco has published 10 new bulletins, 2 rated High and 8 rated Medium. Highest CVSSv3 score of 7.4More info.A vulnerability in the vKVM connection handling of Integrated Management Controller could allow a remote attacker to redirect a user to a malicious website....

New Alerts for Google Chrome, Hitachi, Sprecher Automation, BD, and Linux. Google Google has updated Chrome for Desktop to patch a Critical vulnerability.More info. And here.Microsoft is aware. More info. Hitachi Multiple vulnerabilities have been patched in Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor...

New Alerts for Citrix, Welotec, Hitachi Energy, Delta, HPE, and TRUMPF. Citrix Multiple vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway. Highest CVSSv4 score of 9.2More info. Welotec The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. A remote attacker can generate valid HS256 t...

New Alerts for HP, Dell, IBM, and Linux. HP HP Security Manager is vulnerable to Remote Code Execution due to the use of Microsoft OLE Database library and Microsoft's SQL Server. CVSSv4 score of 8.6More info. Dell Dell has published a Critical bulletin for Networker Runtime Environment.More info. IBM IBM has published Critical bulletins for Global...

Happy Friday! New Alerts for Microsoft Edge, NetApp, IBM, and Linux. Microsoft Microsoft has updated Edge to include the latest chromium fixes.More info. NetApp NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.1More info. IBM IBM has published Critical bu...

New Alerts for Apple (Exploit), Mitsubishi Electric, and BD. Apple Apple has published security bulletins for iOS, iPadOS, and macOS to fix a single CVE. Apple is aware of a report that this has been exploited in an extremely sophisticated attack against specific targeted individuals.More info. Mitsubishi Electric A DoS vulnerability exists in...