Skip to main content

CND News and Blog

New Vulnerabilities Monday 25 November

New Alerts for Siemens, Trellix, Moxa, IBM, and Linux. Siemens  RUGGEDCOM APE1808 uses Palo Alto Networks PAN-OS. Highest CVSSv4 score of 9.3No patches yet.More info. Trellix  Enterprise Security Manager has been updated to resolve several security vulnerabilities.More info. Moxa  Multiple Moxa Ethernet switches are affected by the s...

0
  339 Hits

New Vulnerabilities Friday 22 November

New Alerts for Microsoft Edge, BD, Automated Logic, QNAP, mySCADA, NetApp, and Linux.  Microsoft  Microsoft has updated Edge with the latest chromium updates and one Edge-specific fix.More info. BD  BD has implemented October patches from Microsoft into IDM, Pyxis, Data Agent, CCE, and Alaris.More info. Automated Logic  WebCTRL ...

0
  281 Hits

New Vulnerabilities Thursday 21 November

New Alerts for Wireshark, PHP, IBM, and Linux. Wireshark  Two DoS vulnerabilities have been patched in Wireshark.More info. PHP  Several security vulnerabilities have been fixed in the latest versions of PHP.More info. IBM  Critical bulletins have been published for QRadar SIEM, Robotic Process Automation, Planning Analytics Workspac...

0
  289 Hits

New Vulnerabilities Wednesday 20 November

Monthly Patches are out for Atlassian. New Alerts for Google Chrome, Apple (Exploit), Spring, M-Files, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info. Atlassian  Monthly Patches include fixes for Bamboo, Bitbucket, Confluence, Crowd, Jira, Jira Service Management, Sourcetree for ...

0
  279 Hits

New Vulnerabilities Tuesday 19 November

New Alerts for Palo Alto Networks (fix for Exploit), Oracle, Mitsubishi Electric, Synology, Westermo, and Linux. Palo Alto Networks  Palo Alto Networks has patched a previously reported and exploited unauthenticated RCE vulnerability. CVSSv4 score of 9.3More info. Oracle  Agile Product Lifecycle Management contains a vulnerability that al...

0
  292 Hits

New Vulnerabilities Monday 18 November

New Alerts for Veritas, Palo Alto Networks (Exploit), Dell, HPE, and Citrix (Exploit). Veritas  Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP ports can be exploited due to vulnerabilities that are inherent to the .NET Remoting service...

0
  295 Hits

New Vulnerabilities Friday 15 November

New Alerts for Blackberry, Baxter, Microsoft Edge, Spring, NetApp, IBM, and Linux. Blackberry  Multiple vulnerabilities in SecuSUITE Server could allow a remote attacker to enroll an attacker-controlled device to the victim's account and telephone number or inject script commands or other executable content into the server that would run with ...

0
  344 Hits

New Vulnerabilities Thursday 14 November

Monthly Patches are out for Palo Alto Networks. New Alerts for Apache Traffic Server, Siemens, Dell, Mozilla, GitLab, and Linux. Palo Alto Networks  Monthly Patches are out with 9 bulletins, 1 rated High, 4 rated Medium, and 4 rated Low. Several bulletins address DoS vulnerabilities in the firewall. Highest CVSSv3 score of 8.6More info. Apache...

0
  256 Hits

New Vulnerabilities Wednesday 13 November

Monthly Patches are out for Microsoft (Exploit), Adobe, and Fortinet. New Alerts for Ivanti, Google Chrome, Westermo, Rockwell Automation, HPE, Broadcom, and Linux. Microsoft Exploit Monthly Patches are out with 83 vulnerabilities, 3 rated Critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Highest...

0
  341 Hits

New Vulnerabilities Tuesday 12 November

Monthly Patches are out for Schneider Electric, Siemens, and SAP. New Alerts for HPE, Citrix, Zoom, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon, and Palo Alto expected tomorrow. Schneider Electric  Monthly Patches include 4 new bulletins, all remotely exploitable without authentication, and 2 updated bulletin...

0
  328 Hits

New Vulnerabilities Monday 11 November

New Alerts for Dell, GE HealthCare, Extreme Networks, and Linux.  Dell  Dell has published Critical updates for NetWorker, APEX Cloud Platform, Metro node, and VxRail.More info. GE HealthCare  A limited number of GE HealthCare products are impacted by vulnerabilities in Mirth Connect from 2023. CVSSv3 score of 9.8More info. Extreme N...

0
  307 Hits

New Vulnerabilities Friday 08 November

New Alerts for Synology, NETGEAR, SICK, Microsoft Edge, Moxa, and NetApp. Synology  Synology has published 6 new bulletins identifying vulnerabilities in their products discovered during PWN2OWN. All allow remote attackers various access such as RCE and DoS.Some patches available.More info. NETGEAR  NETGEAR has published 7 new bulletins f...

0
  334 Hits

New Vulnerabilities Thursday 07 November

Monthly Patches are out for Google Pixel. New Alerts for Cisco, Eaton, Dell, HPE, Veeam, and Linux. Cisco  Cisco has published 15 new bulletins, 1 rated Critical, 2 rated High, and the rest Medium. Highest CVSSv3 score of 10More info.A vulnerability in the web-based management interface of Unified Industrial Wireless Software for Ultra-Reliabl...

0
  372 Hits

New Vulnerabilities Wednesday 06 November

New Alerts for HPE, Google Chrome, Hitachi, Dell, curl, HCL, and Linux. HPE  HPE Aruba Networking has released updates for Access Points running Instant AOS-8 and AOS-10. Highest CVSSv3 score of 9.8More info. Google  Chrome has been updated to fix 2 security vulnerabilities.More info. Hitachi  Hitachi has published updates for Cosmin...

0
  257 Hits

New Vulnerabilities Tuesday 05 November

Monthly Patches are out for Google Android and Samsung Android. New Alerts for BD, QNAP, and Linux. Google  Android Monthly Patches are out with 21 vulnerabilities, all rated High, plus updates for Imagination Technologies, Mediatek, and Qualcomm patches.More info. Samsung  Samsung Monthly Patches include 12 vulnerabilities, 5 rated High ...

0
  331 Hits

New Vulnerabilities Monday 04 November

Monthly Patches are out for Qualcomm and Mediatek. New Alerts for Broadcom, Moxa, Dell, NetApp, and Linux. Qualcomm  Monthly Patches are out for Qualcomm, with 10 vulnerabilities, 1 rated Critical, 7 rated High, and 2 rated Medium. Highest CVSSv3 score of 8.2More info. Mediatek  Mediatek's Monthly Patches include 11 CVEs, 2 rated High and...

0
  254 Hits

New Vulnerabilities Friday 01 November

New Alerts for Ricoh, Microsoft Edge, Digi, Moxa, IBM, Splunk, and Linux. Ricoh  Ricoh has identified a buffer overflow vulnerability when using the Web Image Monitor that could potentially allow a DoS or RCE. CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. Digi  Web ser...

0
  329 Hits

New Vulnerabilities Thursday 31 October

New Alerts for D-Link, HP, Draytek, Bosch, Tenable, Splunk, and Linux. D-Link  The D-Link DSL6740C modem is configured with default and predictable administrator credentials that compromise the security of the device. These credentials allow unauthorized remote access to the modem's control panel, posing a significant security risk. CVSSv3 sco...

0
  286 Hits

New Vulnerabilities Wednesday 30 October

New Alerts for Google Chrome, Hitachi Energy, Apple, QNAP, GE Vernova, Delta Electronics, and Linux. Google  Chrome for Desktop has been updated to fix 2 security vulnerabilties.More info. Hitachi Energy  Hitachi Energy has published updates for UNEM, FOXMAN-UM, and MicroScada Pro/X SYS600.. Highest CVSSv3 score of 10More info. Apple ...

0
  289 Hits

New Vulnerabilities Tuesday 29 October

New Alerts for Apple, Hitachi Energy, HPE, Mozilla, QNAP, and CyberPanel (Exploit). Apple  Apple has published udates for macOS, iPadOS, iOS, visionOS, tvOS, and watchOS.More info. And here. Hitachi Energy  There are public reports of vulnerabilities in the Hitachi Energy's MSM that could allow a remote attacker to impact the confidential...

0
  389 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/