CND News and Blog
New Alerts for Johnson Controls, Microsoft Edge, and HPE. Johnson Controls A vulnerability in Metasys and Facility Explorer allows a remote attacker to send invalid authentication credentials to the login endpoint and cause a DoS. CVSSv3 score of 7.5More info. And here. Microsoft Microsoft has updated Edge to include the latest chromium...
New Alerts for Apache Struts, Google Pixel, Dell, and Linux. Apache A vulnerability in Struts allows a remote attacker to manipulate file upload params and enable paths traversal. This can lead to uploading a malicious file which can be used to perform RCE. CVSSv3 score of 9.8More info. Google Monthly Patches for Google Pixel are out wi...
New Alerts for Atlassian, IBM, FreeBSD, Google Chrome, and Linux. Atlassian Atlassian has published several bulletins covering RCE vulnerabilities in Confluence Data Center and Server, Companion App for MacOS, Assets Discory, and products with the SnakeYAML library. Highest CVSSv3 score of 9.8More info. IBM Multiple vulnerabilities in R...
Monthly Patches are out for Google Android and Samsung. New Alerts for Pilz, Wago, CODESYS, Dell, Ivanti, and Linux. Google Google Android patches are out with 34 vulnerabilities along with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm patches. Of the Android patches, 4 are rated Critical and 30 are rated High.More info. Samsu...
Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Squid, Samsung, Dell, Peplink, and Linux. Squid Several vulnerabilities in Squid allow a DoS attack by a remote attacker. CVSSv3 score of 8.6More info. And here. And here. Samsung There are several vulnerabilities in Exynos products that could allow Information Disclosure...
New Alerts for VMware, PTC, Yokogawa, Apple (Exploit), IBM, NetApp, and Linux. VMware VMware Cloud Director Appliance contains an authentication bypass vulnerability in the case where VMware Cloud Director Appliance was upgraded to 10.5 from an older version. CVSSv3 score of 9.8More info. PTC PTC Kepware products are affected by vulnera...
New Alerts for Tenable, Medtronic, Microsoft Edge, and Zyxel. Tenable Nessus Network Monitor has been updated to correct vulnerabilities in third-party software including HandlebarsJS, OpenSSL, and jquery-file-upload. Highest CVSSv3 score of 9.8More info. Medtronic Mainspring Data Express and Vital Sync Virtual Patient Monitoring Platfo...
New Alerts for Delta Electronics, Google Chrome, Sierra Wireless, IBM, Dell, and Linux. Delta Electronics InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute ar...
New Alerts for Zyxel, Festo, F5, NETGEAR, Hitachi Energy, Xerox, Apache Tomcat, and Linux. Zyxel Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5More info. Festo Festo products use WIBU CodeMeter Runtime. A remote attacker exploitin...
New Alerts for HPE, Arcserve, and Control iD (0-Day). HPE Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8More info. Arcserve Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.More inf...
New Alerts for Philips, Hikvision, NetApp, and Linux. Philips IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8No patches yet.More info. Hikvision Hikvision products have been affected by an authentication bypass vulnerab...
New Alerts for Atlassian, ownCloud, Dell, and Linux. Atlassian Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian. Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server. Highest C...
New Alerts for Sophos (Exploit), Synology, Phoenix Contact, Mozilla, WithSecure, and Linux. Sophos Exploit Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code. Highest CVSSv3 score of 9.8Exploits have been seen in the wild.More info. Synology Synology Router Manager...
New Alerts for IBM, HPE, Synology, strongSwan, and Tenable. IBM QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3...
Quarterly Patches are out for Splunk. New Alerts for Hitachi Energy, Microsoft Edge, Xerox, and Linux. Splunk Splunk has published their Quarterly Patches, with Splunk and third-party software updates. Highest CVSSv3 score of 9.8More info. Hitachi Energy Network Manager DMS/OMS products are affected by the Apache ActiveMQ vulnerability....
New Alerts for Red Lion, Wireshark, NetApp, IBM, TRENDnet, NetBSD, and Linux. Red Lion Sixnet RTU contains two vulnerabilities, Authentication Bypass using an Alternative Path or Channel, and Exposed Dangerous Method or Function. Both have CVSSv3 score of 10.Patches and mitigation instructions.More info. And here. Wireshark Wireshark ha...
Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for VMware, Aruba, Google Chrome, Google ChromeOS, Intel, and F5. Microsoft Microsoft Monthly Patches are out, fixing 64 vulnerabilities, 14 vulnerabilities affecting Microsoft Edge, and 5 vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three vulnerabili...
Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux. Siemens Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.Siemens OPC UA Modeling Editor is affected by an XXE injection vuln...
New Alerts for BD, NetApp, and Linux. BD BD has published security updates for Alaris, Data Agent, and FACSymphony A3/A5/A1More info. NetApp NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. Linux SUSE has upd...
New Alerts for SysAid, Weidmüller, Johnson Controls, Microsoft Edge, and Linux. SysAid A Patch Traversal vulnerability has been exploited as a 0-day in SysAid On-Prem Software. CVSSv3 score of 9.8More info. Weidmüller Weidmüller products use WIBU CodeMeter Runtime. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network s...
By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/