CND News and Blog

New Alerts for BIND, Medtronic, Philips, Rockwell Automation, Lexmark, ABB, and Linux. BIND  A malicious zone can be used to cause a DoS. CVSSv3 score of 7.5More info.DNS-over-HTTPS can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. CVSSv3 score of 7.5More info. Medtronic  RemoteVie...

New Alerts for Google Chrome, Rockwell Automation, Ruckus Networks, IBM, Moxa, and Linux. Google  Google has updated Chrome for Desktop to fix 2 security vulnerabilties.More info.Microsoft is aware. More info. Rockwell Automation  Rockwell Automation has updated FactoryTalk View to fix several vulnerabilities, including an RCE. Highest CV...

New Alerts for Apple, Hitachi, and D-Link. Apple  Apple has published security bulletins for visionOS, iOS, iPadOS, macOS, watchOS, tvOS, and Safari. Highest CVSSv3 score of 8.1More info. Hitachi  Hitachi has published 7 new bulletins and 7 updated bulletins. Of the new bulletins, Highest CVSSv3 score of 9.8More info. D-Link  DSL-378...

New Alerts for Apache Solr and Wicket, Microsoft Edge, Wind River Systems, Supermicro, Canon, NetApp, and Linux. Apache  Solr contains 2 vulnerabilities, zipslip and use of arbitrary files. CVSSv3 score of 8.8More info. And here.The request handling in the core in Apache Wicket allows an attacker to create a DoS via multiple requests to server...

New Alerts for Xerox, QNAP, Juniper Networks, Ubiquiti, IBM, Jenkins, and Linux. Xerox  Xerox Workplace Suite has been updated for several security vulnerabilities. Highest CVSSv3 score of 9.8More info. QNAP  Multiple vulnerabilities have been reported in rsync, affecting HBS 3 Hybrid Backup Sync. Highest CVSSv3 score of 8.8More info. Jun...

New Alerts for Cisco, mySCADA, Google Chrome, SonicWall, M-Files, ClamAV, and Linux. Cisco  Cisco has published 3 new bulletins, 1 rated Critical, 1 High, and 1 Medium. Highest CVSSv3 score of 9.9More info.A vulnerability in the SIP processing subsystem of BroadWorks could allow a remote attacker to halt the processing of incoming SIP requests...

Quarterly Patches are out for Oracle. New Alerts for phpMyAdmin, OVN, Mitel, I-O Data, Node.js, HAProxy, and Linux. Oracle  Quarterly Patches include fixes for 318 vulnerabilities, 184 remotely exploitable without authentication. Highest CVSSv3 score of 9.9More info. phpMyAdmin  Three new bulletins have been published, identifying a DoS a...

New Alerts for BD and IBM. Oracle Quaterly Patches and Node.js patches are expected out this afternoon. BD  BD has published updates for third-party patches in Pyxis and CCE.More info. IBM  IBM has published a Critical bulletin for Instana Observability.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar....

New Alerts for Google ChromeOS, Microsoft Edge, HPE, F5, NetApp, and Linux. Oracle Quarterly Patches and Node.js patches will be published tomorrow. Oracle Quarterly Patch pre-release announcement here.Node.js pre-release announcement here. Google  Google has updated ChromeOS to fix vulnerabilities in the included Chrome browser.More info. Mic...

New Alerts for Moxa, IBM, and Linux. Moxa  Moxa's Ethernet switches contain a vulnerability which could allow a remote attacker to manipulate device configurations without requiring authentication. CVSSv4 score of 8.8Security patches can be obtained.More info. IBM  IBM has published 3 new Critical bulletins for Watson CP4D Data Stores and...

New Alerts for Zoom, B&R Automation, Belledonne, F5, and Linux. Zoom  Zoom has published 6 new bulletins for Zoom Workplace Apps, 1 rated High, 3 rated Medium, and 1 rated Low. Highest CVSSv3 score of 8.8More info. B&R Automation  Runtime and mapp have been updated to fix a vulnerability that allows a remote attacker to masquerade...

Monthly Patches are out for Microsoft, Adobe, Ivanti, and Fortinet. New Alerts for Google Chrome, Blackberry, Hitachi Energy, HP, Moxa, and Linux.  Microsoft 0-Day Monthly Patches are out with 209 vulnerabilities, 12 rated Critical, 3 actively exploited, and 5 have been previously disclosed. Highest CVSSv3 score of 9.8More info. And here.Micro...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alert for Linux. Monthly Patches are expected this afternoon for Adobe and Microsoft. Siemens  Monthly Patches are out with 22 bulletins, 5 new and 17 updated. Of the new, highest CVSSv4 score of 9.1More info.The Mendix LDAP module is affected by an LDAP injection vulnerabil...

New Alerts for IBM, Dell, Xerox, Mozilla, and Linux. IBM  IBM has published Critical bulletins for QRadar SIEM and Engineering Lifecycle Management.More info. Dell  Dell has published a Critical bulletin for Networking SmartFabric Storage Software.More info. Xerox  Xerox has published patches for third-party software included in Free...

New Alerts for SonicWall, NetApp, Moxa, Vaultwarden, IBM, and Linux. SonicWall  Several cryptographic and other vulnerabilities have been patched in SonicOS. Highest CVSSv3 score of 8.2More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 sco...

Monthly Patches are out for Juniper Networks. New Alerts for Ivanti (Exploit), Cisco, Palo Alto Networks, IBM, Dell, and Linux. Ivanti Exploit Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways has been updated to fix 1 Critical and 1 High vulnerability, the worst of which allows a remote attacker to achieve RCE. CVSSv3 score of 9.0M...

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, ABB, Fortra, Nedap Librix, Mozilla, Splunk, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Google has published Monthly Patches for Pixel, which includes Android and Qualcomm patches.More info. ABB  Multiple vulner...

Monthly Patches are out for Google Android and Samsung. New Alerts for IBM, OpenVPN, and Linux. Google  Google has published Android Monthly Patches with 24 vulnerabilities, 5 rated Critical and the rest High, and updates for Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung  Monthly Patches are out for Samsung with 22 v...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alert for HPE. HPE  Security vulnerabilities have been identified in HPE SAN switches with Brocade Fabric OS (FOS). Highest CVSSv3 score of 7.9More info. Qualcomm  Monthly Patches are out for Qualcomm with 11 vulnerabilities, all rated High, plus open source so...

New Alerts for IBM, Dell, HPE, Moxa, and NetApp. IBM  IBM has published Critical updates for Db2 Big SQL. Highest CVSSv3 score of 9.8More info. Dell  Dell has published a Critical bulletin for OpenManage Server Administrator to fix a vulnerability in Apache Tomcat.More info. HPE  Security vulnerabilities have been identified in Unifi...