Skip to main content

CND News and Blog

New Vulnerabilities Monday 30 June

New Alerts for Pilz, ifm electronic, IBM, Dell, NetApp, and Linux. Pilz PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium. A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8More info. ifm electronic A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety sta...

0
  28 Hits

New Vulnerabilities Friday 27 June

New Alerts for Microsoft Edge, D-Link, IBM, Dell, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes and fixes for 3 Edge-specific vulnerabilities.More info. D-Link D-Link has published 2 bulletins identifying vulnerabilities in EOS/EOL products. No fixes will be provided.More info. And here. IBM IBM has published Critic...

0
  61 Hits

New Vulnerabilities Thursday 26 June

New Alerts for Cisco, Broadcom, Mitsubishi Electric, Ricoh, IBM, and Linux. Cisco Cisco has published 2 new bulletins, 1 Critical and 1 Medium. The Critical bulletin lists vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to issue commands on the underlying operating system ...

0
  65 Hits

New Vulnerabilities Wednesday 25 June

New Alerts for Google Chrome, Mozilla, MICROSENS, ControlID, Kaleris, GitLab, and Linux. MICROSENS MICROSENS NMP Web+ contains several vulnerabilities, including Use of Hard-coded, Security-relevant Constants and Insufficient Session Expiration. These could allow a remote attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. H...

0
  75 Hits

New Vulnerabilities Tuesday 24 June

New Alerts for MB Connect, Advantech, Westermo, Hitachi Energy, Splunk, Fortinet, and Linux. We have raised a Subject Alert for potential cyber activity from Iran and Israel increasing during the ceasefire. MB Connect The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can allow a remote att...

0
  72 Hits

New Vulnerabilities Monday 23 June

New Alerts for Microsoft Edge, F5, NetApp, and IBM. Microsoft Microsoft has updated Edge to apply the latest chromium-based fixes.More info. F5 BIG-IP Next CNF contains a vulnerability in Ruby that allows a remote attacker to smuggle a message to the client/server without the intermediary being aware of it. CVSSv3 score of 7.5More info. NetApp NetA...

0
  77 Hits

New Vulnerabilities Friday 20 June

New Alerts for Delta, Dell, IBM, and Linux. Happy Weekend! Delta Delta's Langflow online service contains Code Injection and Weak Password vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell Dell has published a Critical bulletin for Container Storage Modules.More info. IBM IBM has published Critical bulletins for CloudPak for Data and wats...

0
  98 Hits

New Vulnerabilities Thursday 19 June

New Alerts for Broadcom Tanzu, ClamAV, Cisco, UniFi, IBM, and Linux. Broadcom Broadcom has published 10 new bulletins identifying security vulnerabilities in Tanzu products. Highest CVSSv3 score of 9.8More info. ClamAV ClamAV has been updated to fix DoS and RCE vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco A vulnerability in the AnyC...

0
  103 Hits

New Vulnerabilities Wednesday 18 June

Monthly Patches are out for Atlassian. New Alerts for Google Chrome, Dover Fueling Solutions, Citrix, OpenBSD, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Dover Fueling Dover Fueling Solutions ProGauge MagLink LX consoles contain a Missing Authentication vul...

0
  98 Hits

New Vulnerabilities Tuesday 17 June

New Alerts for Apache Commons and Tomcat, Anthropic, BD, IBM, and Linux. Apache Apache Commons FileUpload contains a vulnerability in multi-part file uploads that can cause a DoS.More info. And here.Apache Tomcat contains the DoS vulnerability in Commons FileUpload and other vulnerabilities.More info. And here. Anthropic MCP Inspector is vulnerable...

0
  118 Hits

New Vulnerabilities Monday 16 June

New Alerts for Microsoft Edge, WAGO, SICK, PostgreSQL JDBC, NetApp, and Splunk. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fixes.More info. WAGO Vulnerabilities exist in the WAGO Device Manager that allow remote attackers to send requests and read server responses through crafted web applications or to access the fi...

0
  106 Hits

New Vulnerabilities Friday 13 June

New Alerts for GitLab, PTZOptics and other PTZ camera vendors, Siemens, Mitel, Ricoh, and XWiki. GitLab The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7More info. PTZOptics PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcode...

0
  128 Hits

New Vulnerabilities Thursday 12 June

Monthly Patches are out for Palo Alto Networks. New Alerts for Moxa, Meinberg, Mozilla, SinoTrack, MicroDicom, and Linux. Palo AltoNetworks Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High, 2 rated Medium, and 3 rated Low. Highest CVSSv3 score of 8.6More info. And here. Moxa Moxa PT-G7728 and PT-G7828 series are affected by a hi...

0
  111 Hits

New Vulnerabilities Wednesday 11 June

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, GFI, and Trend Micro. Microsoft Microsoft Monthly Patches include 67 vulnerabilities. 10 rated Critical, 1 actively exploited, and 1 publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Adobe Patch Monthly Patches from Adobe includ...

0
  130 Hits

New Vulnerabilities Tuesday 10 June

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Bosch, Hitachi, SolarWinds, CoreDNS, Trend Micro, Hugging Face, and Linux. Three more vendors are expected to publish Monthly Patches this afternoon.  Siemens Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins. Of the new bulletins Highest CV...

0
  139 Hits

New Vulnerabilities Monday 09 June

New Alerts for Hongding Technology, QNAP, and Linux. Hongding Technology Hongding Technology Smart Parking Management System contains an exposure of sensitive information vulnerability. CVSSv4 score of 9.3More info. QNAP QNAP has identified vulnerabilities in OpenSSH that affect QTS and QuTShero. Highest CVSSv3 score of 6.8More info. Linux Red...

0
  106 Hits

New Vulnerabilities Friday 06 June

New Alerts for CyberData, ZIV, NetApp, Dell, IBM, and Linux. CyberData CyberData 011209 SIP Emergency Intercom contains several vulnerabilities, including Authentication Bypass, Missing Authentication, SQL Injection, Insufficiently Protected Credentials, and Path Traversal. Highest CVSSv4 score of 9.3More info. ZIV Eight vulnerabilities have been i...

0
  126 Hits

New Vulnerabilities Thursday 05 June

New Alerts for Cisco, HPE, NetApp, IBM, and Django. Cisco Cisco has published 10 new bulletins, 1 rated Critical, 2 rated High, and 7 rated Medium.More info.A vulnerability in AWS, Microsoft Azure, and OCI cloud deployments of Cisco ISE could allow a remote attacker to access sensitive data, execute limited administrative operations, modify system ...

0
  142 Hits

New Vulnerabilities Wednesday 04 June

Monthly Patches are out for Samsung. New Alerts for Microsoft Edge (Exploit), HPE, Acronis, Python (Mailman 3), HP, and Linux. Samsung Samsung has published Monthly Patches for Android with 19 vulnerabilities, plus Google Android and Samsung Semiconductor vulnerability patches.More info. Microsoft Microsoft has updated Edge with the latest chromium...

0
  120 Hits

New Vulnerabilities Tuesday 03 June

Monthly Patches are out for Google Android. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, ABB, Pilz, HPE, ModSecurity, and Linux. Google Google has published monthly patches for Android with 11 vulnerabilities rated High, plus Qualcomm, Imagination Technologies, and Arm vulnerability patches.More info.Google has published an u...

0
  124 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/