CND News and Blog

New Alerts for libexpat, PHP, IBM, and Esri. libexpat  Several buffer overflow vulnerabilities have been identified in libexpat.More info. And here. And here. PHP  PHP has been updated to fix several vulnerabilities. CVSSv3 score of 7.5More info. And here. IBM  IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift. ...

New Alerts for Cisco, Google Chrome, Wireshark, Dell, and Linux. Cisco  Cisco has published 6 new bulletins, 1 rated High and the rest Medium. Highest CVSSv3 score of 8.6More info.A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8.6More info. Googl...

New Alerts for B&R Automation, F5, NetApp, Fortra, and Flowise. B&R Automation  B&R APROL has been updated to fix 3 vulnerabilities, one of which allows a remote attacker to conduct a Reflected XSS attack. Highest CVSSv4 score of 7.3More info. F5  Traffix SDC contaions a vulnerability that could allow a remote attacker to acce...

New Alerts for Hitachi Energy and Linux. Hitachi Energy  Multiple vulnerabilities exist in MicroSCADA X SYS600, some of which allow a remote attacker to cause confidentiality, integrity and availability impacts. Highest CVSSv3 score of 9.9More info. Linux  Red Hat has updated the firmware. More info.Mageia has updated systemd. More info. ...

New Alerts for Avtec, Trumpf, IBM, F5, and NetApp.  Avtec  Outpost 0810 and Outpost Uploader Utility contain 2 vulnerabilities, Storage of File with Sensitive Data Under Web Root, and Use of Hard-coded Cryptographic Key. Highest CVSSv4 score of 8.7More info. Trumpf  TruControl laser control software uses OpenSSH server and is affecte...

New Alerts for Microsoft Edge (Exploit) and Entra ID, SonicWall, Rockwell Automation, SolarWinds, Broadcom, and F5. Microsoft Exploit Microsoft has updated Edge to include the latest chromium patches as well as 4 Edge specific patches. Exploits are in the wild.More info.Improper access control in Decentralized Identity Services allows an unathentic...

New Alerts for Cisco, Google Chrome (Exploit), Microsoft Edge (Exploit), BD, SpaceLabs Healthcare, Welotec, IBM, and Linux.  Cisco  Cisco has published 5 new bulletins and 1 updated bulletin. Highest CVSSv3 score of 8.6More info.A vulnerability in the SIP call processing function of Unified CM and Unified CM SME could allow a remote attac...

New Alerts for CPython, Microsoft GitHub, Jira, Bosch, Mitel, and Linux. CPython  A vulnerability in the parse_cookie function could be exploited by sending specially crafted cookie values to trigger significant delays, resulting in a DoS. CVSSv3 score of 7.5More info. And here. Microsoft  GitHub Enterprise Server has been patched to fix ...

New Alerts for HPE, OpenFlow, and Linux. HPE  Security vulnerabilities have been identified in HPE SimpliVity AMD Servers. These vulnerabilities could be exploited to allow arbitrary code execution, disclosure of privileged information, buffer overflow, and DoS. Highest CVSSv3 score of 7.5More info. OpenFlow  Vulnerabilities have been ide...

New Alerts for F5, NetApp, and Linux. F5  BIG-IP (DNS) contains a DoS vulnerability. CVSSv3 score of 7.5No patches yet.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8Only 1 has patches.More info.Linux  SUSE has updated...

New Alerts for Microsoft Edge, Dell, and Linux. Happy Friday! Microsoft  Microsoft has updated Edge with the latest chromium-based fixes and one Edge specific update.More info. Dell  Dell VxRail has been updated with fixes for multiple third-party component vulnerabilities. Dell rates this Critical.More info. Linux  SUSE has updated ...

Quarterly Patches are out for F5, Monthly Patches are out for Palo Alto Networks. New Alerts for Spring, IBM,and Linux.  F5  F5 August Quarterly Security Notification lists 9 CVEs, 4 rated High and 5 rated Medium. Highest CVSSv4 score of 8.9More info.An attacker with access to obtain a user's session cookies can continue to use that sessi...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Tenable, SolarWinds, NetApp, Zoom, Intel, and Linux. Fortinet Monthly Patches are out, but with no remotely exploitable vulnerabilities. Microsoft Exploit Microsoft Monthly Patches include 90 CVEs, 9 rated Critical, 6 are actively exploited, Highest CVSSv3 score of 9.8More info. And he...

Monthly Patches are out for SAP, Schneider Electric, and Siemens. New Alerts for Ivanti (PoC), Rockwell Automation, Phoenix Contact, PEPPERL+FUCHS, AVEVA, Splunk, and Linux. Later this afternoon is Monthly Patches for Microsoft and Adobe, tomorrow should be Palo Alto Networks and Juniper Networks. SAP  SAP Security Patch Day saw the release of...

New Alerts for Dell, BD, and IBM. Tomorrow is Patch Tuesday, 5+ vendors release patches. Dell  Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in third-party software.More info. BD  BD has published a security update for Pyxis that fixes third-party software vulnerabilities.More ...

New Alerts for Microsoft Edge, Microsoft Office, Dorsett Controls, B&R Automation, Jenkins, GitLab, IBM, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes, plus 2 Edge-specific fixes.More info.Microsoft Office contains a spoofing vulnerability. CVSSv3 score of 7.5More info. Dorsett Controls  InfoScan cont...

New Alerts for Cisco (Exploit), NVIDIA, Bosch, F5, Broadcom, NetApp, Linux, and FreeBSD. Cisco Exploit Multiple vulnerabilities in the web-based management interface of Small Business SPA300/500 Series IP Phones allows a remote attacker to execute arbitrary commands on the underlying operating system or cause a DoS. CVSSv3 score of 9.8More info.A p...

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, Siemens, F5, Mozilla, HPE, HaloITSM, and Linux. Google  Pixel Monthly Patches include 1 patched vulnerability, rated High, plus patches from Google Android and Qualcomm.More info.Google has updated Chrome for Desktop to fix 5 security vulnerabilities, 1 rated Critical and ...

Monthly Patches are out for Google Android and Samsung Android. New Alerts for Carrier, Hitachi, Janobe, Dell, and Linux. Google  Android Monthly Patches include 15 patched vulnerabilities, all rated High, plus patches from Arm, Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung  Samsung has included 14 vulnerabilities in...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alerts for Apache OFBiz, Moxa, and Linux. Qualcomm  Qualcomm Monthly Patches include 8 patched vulnerabilities, 1 rated Critical, 6 High, and 1 Medium. Highest CVSSv3 score of 8.4More info. MediaTek  MediaTek has included 2 vulnerabilities in their Monthly Patc...