Skip to main content

CND News and Blog

New Vulnerabilities Thursday 03 October

New Alerts for PowerDNS, WithSecure, Cisco, Flexera, DrayTek, and Linux. PowerDNS  An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a DoS. CVSSv3 score of 7.5More info. WithSecure  A DoS vulnerability was discovered in WithSecure Atlant Product th...

0
  21 Hits
  0 Comments

New Vulnerabilities Wednesday 02 October

New Alerts for Google Chrome, Mitsubishi Electric, Optigo Networks, Mozilla, Bosch, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info. Mitsubishi Electric  A DoS vulnerability due to OpenSSL vulnerability exists in MELSEC iQ-F OPC UA Unit. A remote attacker could cause DoS by getting a le...

0
  34 Hits
  0 Comments

New Vulnerabilities Tuesday 01 October

New Alerts for Diffie-Hellman, Splunk, Hitachi, F5, IBM, and Juniper Networks. Diffie-Hellman  D(HE)at Attack allows a remote attacker to overheat the CPU with computations, resulting in a DoS.More info. Splunk  Splunk has updated the plug-in for AWS to fix a DoS.More info. Hitachi  Cosminexus Component Container has been updated to ...

0
  43 Hits
  0 Comments

New Vulnerabilities Monday 30 September

New Alerts for CUPS, Microsoft Edge, HPE, Atelmo, Progress What's Up Gold, Synology and Linux. CUPS  Linux CUPS has a chain of vulnerabilities that can be used to achieve RCE. Patches are rolling out in the various distros.More info. And here. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. HPE  Secu...

0
  41 Hits
  0 Comments

New Vulnerabilities Thursday 26 September

New Alerts for Cisco, BD, IBM, NetApp, GitLab, PHP, Veritas, Franklin Fueling, and Linux. Cisco  Cisco has published 15 new bulletins, 8 rated High and 7 rated Medium. Updates for IOS and IOS XE Software, Catalyst SD-WAN Routers, Catalyst Center, Catalyst 9000, and SD-WAN vEdge. Highest CVSSv3 score of 8.6More info. BD  BD has published t...

0
  79 Hits
  0 Comments

New Vulnerabilities Wednesday 25 September

New Alerts for Nessus, Google Chrome, HPE, WatchGuard, Dover Fueling, Alisonic, OMNTEC, RAISECOM, and Linux. Nessus  Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 core of 9.8More info. Google  Google has updated Chrome for Desktop to fix 5 security vulnerabilities.More info. HPE&nbs...

0
  63 Hits
  0 Comments

New Vulnerabilities Tuesday 24 September

New Alerts for BD, Philips, CODESYS, IBM, and Linux. BD  BD has published security updates for third-party software included in IDM, Pyxis, Data Agent, CCE, and Alaris.More info. Philips  Philips Intellispace PACS is affected by VMware vulnerabilities. Highest CVSSv3 score of 9.8No patches yet.More info. CODESYS  Receiving a specific...

0
  107 Hits
  0 Comments

New Vulnerabilities Monday 23 September

New Alerts for Apache Tomcat, NetApp, F5, HPE, and Linux. Apache  Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products...

0
  76 Hits
  0 Comments

New Vulnerabilities Friday 20 September

New Alerts for Microsoft Edge, Ivanti, Microchip Technology, BD, IBM, and Linux.   Microsoft  Microsoft has updated Edge with the latest chromium security fixes and updates for 3 Edge-specific vulnerabilities.More info. Ivanti  CSA contained a critical vulnerability, patched 10 September, for which information is just being released....

0
  114 Hits
  0 Comments

New Vulnerabilities Thursday 19 September

New Alerts for GE Vernova, IDEC, MegaSys, CoreDNS, SICK, Grafana, and Linux. GE Vernova  ControlST – Control Server has been updated to fix several VMware vulnerabilities. Highest CVSSv3 score of 9.8More info. IDEC  WindLDR and Operator Interfaces' Touchscreen Programming Software WindO/I-NV4 contain a Cleartext Storage of Sensitive Infor...

0
  79 Hits
  0 Comments

New Vulnerabilities Wednesday 18 September

New Alerts for Google Chrome, VMware, GitLab, Cohesive Networks, Atlassian, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 9 security vulnerabilities.More info. VMware  VMware has updated vCenter Server to address heap-overflow and privilege escalation vulnerabilities. Highest CVSSv3 score of 9.8More info. GitLab&nb...

0
  71 Hits
  0 Comments

New Vulnerabilities Tuesday 17 September

New Alerts for Apple, D-Link, Circutor, Yokogawa, NetApp, Hitachi, and Linux. Apple  Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS 2, Safari, and Xcode. More info. D-Link  D-Link has updated several wireless routers to fix security issues like hardcoded credentials, hidden telnet services, and improper authen...

0
  68 Hits
  0 Comments

New Vulnerabilities Sunday 15 September

New Alerts for curl, WebIQ, F5, and ABB. curl  When curl is built to use the GnuTLS library and told to use OCSP stapling to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.More info. WebIQ  The Windows version of WebIQ is affected by a directory tra...

0
  87 Hits
  0 Comments

New Vulnerabilities Friday 13 September

New Alerts for Rockwell Automation, Docker, Spring (VMware), NetApp, Extreme Networks, Zoom, and Linux. Rockwell Automation  5015-U8IHFT contains a DoS vulnerability with a malformed CIP Message. CVSSv4 score of 8.7More info. FactoryTalk Batch View contains an authentication bypass vulnerability due to shared secrets. CVSSv4 score of 9.2More i...

0
  75 Hits
  0 Comments

New Vulnerabilities Thursday 12 September

Monthly Patches are out for Palo Alto Networks. New Alerts for Cisco, iniNet, Microsoft Edge, HPE, Zyxel, HPE, Tenable, Dell, and Linux. Cisco  Cisco has published 8 new bulletins, 6 rated High and 2 rated Medium. Highest CVSSv3 score of 8.8More info. A vulnerability in the Mtrace2 feature of Cisco IOS XR Software could allow a remote attacker...

0
  95 Hits
  0 Comments

New Vulnerabilities Wednesday 11 September

Monthly Patches are out for Microsoft (0-Days), Adobe, and F5. New Alerts for Ivanti, Carrier (Viessmann), Google Chrome, and Linux. Microsoft 0-Day Microsoft Monthly Patches are out, with 79 vulnerabilities, 7 rated Critical and 4 are 0-days currently being exploited. Highest CVSSv3 score of 9.8More info. And here.Microsoft recently updated the Ed...

0
  90 Hits
  0 Comments

New Vulnerabilities Tuesday 10 September

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Endress+Hauser, Phoenix Contact, BD, HPE, LANCOM, IBM, and Linux. Monthly Patches for Microsoft and Adobe are expected later today. Siemens  Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated. Of the new bulletins, 10 address vulnerabili...

0
  111 Hits
  0 Comments

New Vulnerabilities Monday 09 September

 New Alerts for QNAP, Festo, and ownCloud. QNAP  QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.More info.A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.More info.A XSS vulnerability has been reported to affect QuLo...

0
  92 Hits
  0 Comments

New Vulnerabilities Friday 06 September

New Alerts for IBM, F5, NetApp, Xerox, Zoom, and Linux. IBM  QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.9More info.IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. CVSSv3 score of 9.8More info.Apache Derby could allow a remote attacker to bypass sec...

0
  117 Hits
  0 Comments

New Vulnerabilities Thursday 05 September

New Alerts for Juniper Networks, Cisco, Veeam, Baxter, HPE, and Dell. Juniper Networks  Juniper has published an "On Demand" bulletin for Secure Analytics identifying several vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco  Cisco has published 5 new bulletins, 1 rated Critical, 1 rated High, and 3 rated Medium. Highest CVSSv3...

0
  93 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/