Skip to main content

CND News and Blog

New Vulnerabilities Monday 22 April

New Alerts for Dräger, Moxa, Siemens (Exploit), IBM, ownCloud, and Linux. Dräger  Dräger Core and M540 Converter Service contains a vulnerability that allows a remote attacker to send a specially crafted SDC message and cause a DoS. CVSSv3 score of 7.5Patches will be provided in the next product release.More info. Moxa  The AIG-301 Series...

0
  312 Hits
  0 Comments

New Vulnerabilities Friday 19 April

New Alert for Palo Alto Networks (all patches are out now), Rockwell Automation, Microsoft Edge, Dell, Xerox, NetApp, and Unitronics. Palo Alto Networks Exploit All patches are now out. CVSSv4 score of 10.Actively exploited. More info. Rockwell Automation  FactoryTalk Production Centre is vulnerable to an Apache ActiveMQ vulnerability. CVSSv3 ...

0
  300 Hits
  0 Comments

New Vulnerabilities Thursday 18 April

New Alerts for Palo Alto Networks (PoCs are out), Cisco, Mitel, Broadcom, ClamAV, Atlassian, and Linux. Palo Alto Networks Exploit PoCs are out for the GlobalProtect vulnerability. CVSSv4 score of 10.Actively exploited. More patches expected today and tomorrow.More info. Cisco  Cisco has released 3 new bulletins, 2 rated High and 1 rated Mediu...

1
  289 Hits
  0 Comments

New Vulnerabilities Wednesday 17 April

New Alerts for Palo Alto GlobalProtect advisory changes, Mozilla, Electrolink, Broadcom, Google Chrome, Ivanti, and Linux. Palo Alto Networks Exploit The GlobalProtect vulnerability guidance is changing, disabling Telemetry, previously reported as a workaround, does not provide protection. CVSSv4 score of 10.Actively exploited. Some patches availab...

0
  292 Hits
  0 Comments

New Vulnerabilities Tuesday 16 April

Oracle Quarterly Patches are out this afternoon. New Alerts for Hitachi, PuTTY, and Linux. Oracle  Oracle Quarterly Critical Patch Update is out this afternoon, the pre-release notes list 437 security patches, with 285 of these exploitable without authentication.More info. Hitachi  Hitachi has published updates in JP1 and Cosminexus.More ...

0
  375 Hits
  0 Comments

New Vulnerabilities Monday 15 April

New Alerts for Palo Alto Networks (Exploit activity and patches), Microsoft Edge, HPE, HP, NetApp, and Linux. Palo Alto Networks Exploit A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the fi...

0
  391 Hits
  0 Comments

New Vulnerabilities Friday 12 April

New Alerts for Palo Alto Networks (0-Day), Rockwell Automation, Dell, IBM, and Linux. Palo Alto Networks A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10Patche...

0
  363 Hits
  0 Comments

New Vulnerabilities Thursday 11 April

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Google Chrome, Languages, Spring, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Palo Alto Networks  Monthly Patches are out for Palo Alto Networks with 8 bulletins, ...

0
  339 Hits
  0 Comments

New Vulnerabilities Wednesday 10 April

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Rust, Pepperl+Fuchs, HPE, and Linux. Microsoft  Microsoft Monthly Patches are out, with 149 vulnerabilities plus chromium vulnerabilities. Three are rated Critical, and 1 is being exploited. Highest CVSSv3 score of 9.0More info. And here. Adobe  Adobe has published...

0
  355 Hits
  0 Comments

New Vulnerabilities Tuesday 09 April

Monthly Patches are out for SAP, Siemens, Schneider Electric and Unisoc. New Alert for Welotec. Monthly Patches for Microsoft, Adobe, and Node.js are expected this afternoon. SAP  SAP Security Patch Day saw the release of 10 new Security Notes and 2 updated Security Notes. Highest CVSSv3 score of 8.8More info. Siemens  Siemens Monthly Pat...

0
  371 Hits
  0 Comments

New Vulnerabilities Monday 08 April

New Alerts for FRRouting, Westermo, Dell, and OpenSSL. FRRouting  In FRRouting a remote attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. CVSSv3 score of 7.5More info. Westermo  WeOS uses the WebDAV PROPFIND and could allow a remote attacker to obtain sensitive information. CVSSv3 s...

0
  367 Hits
  0 Comments

New Vulnerabilities Friday 05 April

New Alerts for Brocade, Apache, Dell, BD, Microsoft Edge, and NetApp. Brocade  An RCE vulnerability in Brocade Fabric OS could allow a remote attacker to execute arbitrary code and use this to gain root access to the switch. CVSSv3 score of 8.6More info. Apache  Apache has updated HTTP Server to fix several security vulnerabilities, inclu...

0
  380 Hits
  0 Comments

New Vulnerabilities Thursday 04 April

New Alerts for Cisco, HTTP/2, Ivanti, ABB, HPE, Lexmark, and Linux. Cisco  Cisco has published 12 new bulletins, 1 rated High and the rest Medium. Highest CVSSv3 score of 7.5More info.A vulnerability in the OOB PnP feature of Cisco Nexus Dashboard Fabric Controller could allow a remote attacker to read arbitrary files. CVSSv3 score of 7.5More ...

0
  339 Hits
  0 Comments

New Vulnerabilities Wednesday 03 April

Monthly Patches are out for Google Pixel. New Alerts for VMware, Supermicro, Google Chrome, Hitachi, TRENDnet, NetApp, and Linux. VMware  Multiple vulnerabilities have been fixed in VMware SD-WAN. Highest CVSSv3 score of 7.4More info. Supermicro  Three security issues have been discovered in select Supermicro motherboards. Highest CVSSv3 ...

0
  359 Hits
  0 Comments

New Vulnerabilities Tuesday 02 April

Monthly Patches are out for Google Android and Samsung. New Alerts for IBM and Linux. Google  Android Monthly Patches are out, with 8 vulnerabilities, all rated High, plus MediaTek, Widevine, and Qualcomm patches.More info. Samsung  Samsung Monthly Patches for Mobile are out, with Android patches and 17 additional Samsung vulnerabilities....

0
  386 Hits
  0 Comments

New Vulnerabilities Monday 01 April

Monthly Patches are out for Qualcomm and MediaTek. A backdoor has been discovered in XZ Utils. New Alerts for Eaton, Microsoft Edge, Dell, and HPE. XZ Utils Exploit A backdoor has been installed XZ Utils. It was discovered before it made its way into most Linux distributions and its impact should be limited. CVSSv3 score of 10.More info. And here. ...

0
  475 Hits
  0 Comments

New Vulnerabilities Friday 29 March

New Alerts for Dell, F5, and NetApp. Dell  PowerScale OneFS, Power Protect Data Manager, PowerMaxOS, PowerMax OS, Unisphere 360, Unisphere for PowerMax, Unisphere for PowerMax vApp, Solutions Enabler vApp, and Dell PowerMax EEM all have remediation available for multiple security vulnerabilities in third-party software. Dell rates these Critic...

0
  389 Hits
  0 Comments

New Vulnerabilities Thursday 28 March

New Alerts for Cisco, Splunk, NVIDIA, Microsoft Edge (Exploit), IBM, DrayTek, Wireshark, and Linux. Cisco  Cisco has published 17 new bulletins, 10 rated High and 7 rated Medium. Highest CVSSv3 score of 8.6More info.A vulnerability in the LISP feature of IOS Software and IOS XE Software could allow a remote attacker to cause an affected device...

0
  388 Hits
  0 Comments

New Vulnerabilities Wednesday 27 March

New Alerts for Google Chrome, AutomationDirect, Hitachi Energy, Dell, HPE, curl, an Linux. Google  Google has updated Chrome for Desktop to fix 7 security vulnerabilities, at least 1 rated Critical.More info.Microsoft is aware. More info. AutomationDirect  C-MORE EA9 HMI contains several vulnerabilities, including Path Traversal, Stack-Ba...

0
  369 Hits
  0 Comments

New Vulnerabilities Tuesday 26 March

New Alerts for Apple, BD, IBM, Kaspersky, Tenable, and Linux. Apple  Apple has published security updates for macOS and Safari, as well as provided details for last week's iOS, iPadOS, and VisionOS bulletins.More info. BD  BD has published security updates to fix third-party software for IDM, Data Agent, Pyxis, CCE, and Alaris.More info. ...

0
  343 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/