CND News and Blog

New Alerts for Johnson Controls, Microsoft Edge, and HPE. Johnson Controls  A vulnerability in Metasys and Facility Explorer allows a remote attacker to send invalid authentication credentials to the login endpoint and cause a DoS. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge to include the latest chromium...

New Alerts for Apache Struts, Google Pixel, Dell, and Linux. Apache  A vulnerability in Struts allows a remote attacker to manipulate file upload params and enable paths traversal. This can lead to uploading a malicious file which can be used to perform RCE. CVSSv3 score of 9.8More info. Google  Monthly Patches for Google Pixel are out wi...

New Alerts for Atlassian, IBM, FreeBSD, Google Chrome, and Linux. Atlassian  Atlassian has published several bulletins covering RCE vulnerabilities in Confluence Data Center and Server, Companion App for MacOS, Assets Discory, and products with the SnakeYAML library. Highest CVSSv3 score of 9.8More info. IBM  Multiple vulnerabilities in R...

Monthly Patches are out for Google Android and Samsung. New Alerts for Pilz, Wago, CODESYS, Dell, Ivanti, and Linux. Google  Google Android patches are out with 34 vulnerabilities along with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm patches. Of the Android patches, 4 are rated Critical and 30 are rated High.More info. Samsu...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Squid, Samsung, Dell, Peplink, and Linux. Squid  Several vulnerabilities in Squid allow a DoS attack by a remote attacker. CVSSv3 score of 8.6More info. And here. And here. Samsung  There are several vulnerabilities in Exynos products that could allow Information Disclosure...

New Alerts for VMware, PTC, Yokogawa, Apple (Exploit), IBM, NetApp, and Linux. VMware  VMware Cloud Director Appliance contains an authentication bypass vulnerability in the case where VMware Cloud Director Appliance was upgraded to 10.5 from an older version. CVSSv3 score of 9.8More info. PTC  PTC Kepware products are affected by vulnera...

New Alerts for Tenable, Medtronic, Microsoft Edge, and Zyxel. Tenable  Nessus Network Monitor has been updated to correct vulnerabilities in third-party software including HandlebarsJS, OpenSSL, and jquery-file-upload. Highest CVSSv3 score of 9.8More info. Medtronic  Mainspring Data Express and Vital Sync Virtual Patient Monitoring Platfo...

New Alerts for Delta Electronics, Google Chrome, Sierra Wireless, IBM, Dell, and Linux. Delta Electronics  InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute ar...

New Alerts for Zyxel, Festo, F5, NETGEAR, Hitachi Energy, Xerox, Apache Tomcat, and Linux. Zyxel  Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5More info. Festo  Festo products use WIBU CodeMeter Runtime. A remote attacker exploitin...

New Alerts for HPE, Arcserve, and Control iD (0-Day). HPE  Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8More info. Arcserve  Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.More inf...

New Alerts for Philips, Hikvision, NetApp, and Linux. Philips  IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8No patches yet.More info. Hikvision  Hikvision products have been affected by an authentication bypass vulnerab...

New Alerts for Atlassian, ownCloud, Dell, and Linux. Atlassian  Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian. Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server. Highest C...

New Alerts for Sophos (Exploit), Synology, Phoenix Contact, Mozilla, WithSecure, and Linux. Sophos Exploit Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code. Highest CVSSv3 score of 9.8Exploits have been seen in the wild.More info. Synology  Synology Router Manager...

New Alerts for IBM, HPE, Synology, strongSwan, and Tenable. IBM  QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3...

Quarterly Patches are out for Splunk. New Alerts for Hitachi Energy, Microsoft Edge, Xerox, and Linux. Splunk  Splunk has published their Quarterly Patches, with Splunk and third-party software updates. Highest CVSSv3 score of 9.8More info. Hitachi Energy  Network Manager DMS/OMS products are affected by the Apache ActiveMQ vulnerability....

New Alerts for Red Lion, Wireshark, NetApp, IBM, TRENDnet, NetBSD, and Linux. Red Lion  Sixnet RTU contains two vulnerabilities, Authentication Bypass using an Alternative Path or Channel, and Exposed Dangerous Method or Function. Both have CVSSv3 score of 10.Patches and mitigation instructions.More info. And here. Wireshark  Wireshark ha...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for VMware, Aruba, Google Chrome, Google ChromeOS, Intel, and F5. Microsoft  Microsoft Monthly Patches are out, fixing 64 vulnerabilities, 14 vulnerabilities affecting Microsoft Edge, and 5 vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three vulnerabili...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux. Siemens  Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.Siemens OPC UA Modeling Editor is affected by an XXE injection vuln...

New Alerts for BD, NetApp, and Linux. BD  BD has published security updates for Alaris, Data Agent, and FACSymphony A3/A5/A1More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. Linux  SUSE has upd...

New Alerts for SysAid, Weidmüller, Johnson Controls, Microsoft Edge, and Linux. SysAid  A Patch Traversal vulnerability has been exploited as a 0-day in SysAid On-Prem Software. CVSSv3 score of 9.8More info. Weidmüller  Weidmüller products use WIBU CodeMeter Runtime. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network s...