Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 15 January

Monthly Patches are out for Microsoft, Adobe, Ivanti, and Fortinet. New Alerts for Google Chrome, Blackberry, Hitachi Energy, HP, Moxa, and Linux.  Microsoft 0-Day Monthly Patches are out with 209 vulnerabilities, 12 rated Critical, 3 actively exploited, and 5 have been previously disclosed. Highest CVSSv3 score of 9.8More info. And here.Micro...

0
  344 Hits

New Vulnerabilities Tuesday 14 January

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alert for Linux. Monthly Patches are expected this afternoon for Adobe and Microsoft. Siemens  Monthly Patches are out with 22 bulletins, 5 new and 17 updated. Of the new, highest CVSSv4 score of 9.1More info.The Mendix LDAP module is affected by an LDAP injection vulnerabil...

0
  320 Hits

New Vulnerabilities Monday 13 January

New Alerts for IBM, Dell, Xerox, Mozilla, and Linux. IBM  IBM has published Critical bulletins for QRadar SIEM and Engineering Lifecycle Management.More info. Dell  Dell has published a Critical bulletin for Networking SmartFabric Storage Software.More info. Xerox  Xerox has published patches for third-party software included in Free...

0
  680 Hits

New Vulnerabilities Friday 10 January

New Alerts for SonicWall, NetApp, Moxa, Vaultwarden, IBM, and Linux. SonicWall  Several cryptographic and other vulnerabilities have been patched in SonicOS. Highest CVSSv3 score of 8.2More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 sco...

0
  398 Hits

New Vulnerabilities Thursday 09 January

Monthly Patches are out for Juniper Networks. New Alerts for Ivanti (Exploit), Cisco, Palo Alto Networks, IBM, Dell, and Linux. Ivanti Exploit Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways has been updated to fix 1 Critical and 1 High vulnerability, the worst of which allows a remote attacker to achieve RCE. CVSSv3 score of 9.0M...

0
  270 Hits

New Vulnerabilities Wednesday 08 January

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, ABB, Fortra, Nedap Librix, Mozilla, Splunk, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Google has published Monthly Patches for Pixel, which includes Android and Qualcomm patches.More info. ABB  Multiple vulner...

0
  327 Hits

New Vulnerabilities Tuesday 07 January

Monthly Patches are out for Google Android and Samsung. New Alerts for IBM, OpenVPN, and Linux. Google  Google has published Android Monthly Patches with 24 vulnerabilities, 5 rated Critical and the rest High, and updates for Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung  Monthly Patches are out for Samsung with 22 v...

0
  238 Hits

New Vulnerabilities Monday 06 January

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alert for HPE. HPE  Security vulnerabilities have been identified in HPE SAN switches with Brocade Fabric OS (FOS). Highest CVSSv3 score of 7.9More info. Qualcomm  Monthly Patches are out for Qualcomm with 11 vulnerabilities, all rated High, plus open source so...

0
  352 Hits

New Vulnerabilities Friday 03 January

New Alerts for IBM, Dell, HPE, Moxa, and NetApp. IBM  IBM has published Critical updates for Db2 Big SQL. Highest CVSSv3 score of 9.8More info. Dell  Dell has published a Critical bulletin for OpenManage Server Administrator to fix a vulnerability in Apache Tomcat.More info. HPE  Security vulnerabilities have been identified in Unifi...

0
  338 Hits

New Vulnerabilities Monday 01 January

New Alert for IBM. IBM  IBM has published Critical updates for Cloud Pak System, Db2 on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data. Highest CVSSv3 score of 9.9More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Rada...

0
  330 Hits

New Vulnerabilities Monday 30 December

New Alerts for Moxa, IBM, and NetApp. Moxa  TN-G4500 Series has enhanced its cryptographic algorithm and cipher suite.More info. IBM  Maximo Application Suite - Monitor Component is vulnerable to third-party software. CVSSv3 score of 9.1More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-part...

0
  328 Hits

New Vulnerabilities Friday 27 December

New Alert for Palo Alto Networks (Exploit).   Palo Alto Networks Exploit A DoS vulnerability in the DNS Security feature of PAN-OS software allows a remote attacker to send malicious packets to reboot the firewall. Repeated attempts to will cause the firewall to enter maintenance mode. CVSSv3 score of 8.7Actively exploited.More info. Security ...

0
  311 Hits

New Vulnerabilities Thursday 26 December

New Alert for libxml2. libxml2  In libxml2 the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content, allowing classic XXE attacks. CVSSv3 score of 9.1More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threa...

0
  283 Hits

New Vulnerabilities Tuesday 24 December

New Alert for Adobe (ColdFusion, PoC).  Adobe 0-Day ColdFusion has been updated for a vulnerability that allows arbitrary file system read. CVSSv3 score of 7.4PoC is available.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Rada...

0
  391 Hits

New Vulnerabilities Monday 23 December

New Alerts for Tenable, IBM, and Linux. Tenable  Tenable has updated Security Center with fixes in third-party software. Highest CVSSv3 score of 9.8More info. IBM  IBM has published a Critical bulletin for Planning Analytics Workspace.More info. Linux  SUSE has updated the kernel. More info.Ubuntu has updated the kernel. More info. S...

0
  264 Hits

New Vulnerabilities Friday 20 December

New Alerts for Microsoft Edge, Sophos, NetApp, IBM, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. Sophos  Sophos has fixed 3 security vulnerabilities in Sophos Firewall, which could allow a remote attacker to achieve RCE. Highest CVSSv3 score of 9.8More info. NetApp  NetApp has published 1...

0
  342 Hits

New Vulnerabilities Thursday 19 December

New Alerts for Google Chrome, HPE, and Linux. Google  Google has updated Chrome for Desktop to fix 5 security vulnerabilities.More info. HPE  A security vulnerability exists in the B-Series SANnav Management Portal. This vulnerability could be exploited to bypass authentication. CVSSv3 score of 6.5More info. Linux  SUSE has updated t...

0
  358 Hits

New Vulnerabilities Wednesday 18 December

New Alerts for BeyondTrust, Rockwell Automation, BD, Xerox, IBM, and Linux. BeyondTrust  A critical vulnerability has been discovered in Privileged Remote Access and Remote Support products which can allow a remote attacker to inject commands that are run as a site user. CVSSv3 score of 9.8More info. Rockwell Automation  PowerMonitor 1000...

0
  387 Hits

New Vulnerabilities Tuesday 17 December

New Alerts for Hitachi, SHARP, Apache Tomcat, and Linux. Hitachi  Hitachi has published updates for Infrastructure Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint. Highest CVSSv3 score of 9.4More info. SHARP  SHARP routers contain multiple vulnerabilities. Highest CVSSv3 score of 9.8It appears this is also resold by other...

0
  323 Hits

New Vulnerabilities Monday 16 December

Monthly Patches are out for PaperCut. New Alerts for Siemens, Dell, NetApp, and Linux.  Siemens  Siemens has published an OOB bulletin for a heap-based buffer overflow in Opcenter, SIMATIC PCS, SINEC NMS, and TIA Portal allowing a remote attacker to conduct RCE. CVSSv4 score of 9.3Not everything is patched.More info. Dell  Dell has p...

0
  291 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/