Skip to main content

CND News and Blog

New Vulnerabilities Monday 14 August

New Alert for Linux. Linux  SUSE has updated the kernel and kernel firmware. More info.OpenSUSE has updated the kernel and kernel firmware. More info.Debian has updated the kernel and microcode. More info.Ubuntu has updated the kernel and microcode. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securityw...

0
  276 Hits
  0 Comments

New Vulnerabilities Friday 11 August

New Alert for Belden. Happy Friday! Belden  Hirschmann Wireless OWL contains a vulnerability in zlib. CVSSv3 score of 9.8More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar ...

0
  354 Hits
  0 Comments

New Vulnerabilities Thursday 10 August

New Alerts for Xerox, Dell, Softing (0-Day), and Linux. Xerox  Xerox has updated FreeFlow Print Server with the latest 3rd-party software updates. Highest CVSSv3 score of 9.8More info. And here. Dell  Security Update for Dell ESI (Enterprise Storage Integrator) for SAP LAMA multiple security vulnerabilities. Dell rates this Critical.More ...

0
  357 Hits
  0 Comments

New Vulnerabilities Wednesday 09 August

Monthly Patches are out for Microsoft and Adobe. New Alerts for Rockwell Automation, IBM, Dell, Hitachi, and Linux. Microsoft Exploit Microsoft Monthly Patches are out, with patches for 88 vulnerabilities, 6 are Critical, and 2 are being exploited. Highest CVSSv3 score of 9.8More info. And here. And here. Adobe  Adobe Monthly Patches include p...

0
  342 Hits
  0 Comments

New Vulnerabilities Tuesday 08 August

Monthly Patches are out for Google Android, Google Pixel, Samsung, Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge, Zoom, Phoenix Contact, and Linux.           Microsoft and Adobe Monthly Patches are expected this afternoon. Google  Google Android Monthly Patches are out, with 37 addressed vuln...

0
  413 Hits
  0 Comments

New Vulnerabilities Monday 07 August

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Dell, NetApp, and Linux.        Tomorrow will be Patch Day for Google (Android/Pixel/Automotive OS), Samsung, Microsoft, Adobe, SAP, Siemens, and Schneider Electric. Qualcomm  Qualcomm Monthly Patches are out, with 13 vulnerabilities, 4 rated Critical, 6 rate...

0
  346 Hits
  0 Comments

New Vulnerabilities Friday 04 August

New Alerts for TEL-STER, NetApp, WithSecure, Ivanti, and Linux. TEL-STER  External input could be used on TEL-STER TelWin SCADA WebInterface which could allow a remote attacker to read files on the system. CVSSv3 score of 7.5More info. NetApp  NetApp has published 11 new bulletins identifying vulnerabilities in third-party software includ...

0
  373 Hits
  0 Comments

New Vulnerabilities Thursday 03 August

New Alerts for Cisco, Mitsubishi Electric, Google, Dell, Veritas, Mozilla, Tenable, and Linux. Cisco  Cisco has published 2 new bulletins, both rated Medium.More info.A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow a remote attacker to bypass a configured rule, allowing traffic onto ...

0
  439 Hits
  0 Comments

New Vulnerabilities Wednesday 02 August

New Alerts for APSystems, HPE, F5, Mozilla, GitLab, ZKTeco, and Linux. APSystems  OS command injection affects Altenergy Power Control software via shell metacharacters in the timezone parameter. CVSSv3 score of 9.8No response from vendor.More info. HPE  Potential security vulnerabilities has been identified in HPE Fabric OS. These vulner...

0
  369 Hits
  0 Comments

New Vulnerabilities Tuesday 01 August

New Alerts for Omron, IBM, Hitachi, NetApp, and Linux. Omron  Vulnerabilities related to NicheStack TCP/IP stack exist in the EtherNet/IPTM option board for Multi-function Compact Inverter 3G3MX2. An attacker may use these vulnerabilities to perform RCE, DoS, or obtain sensitive information. Highest CVSSv3 score of 9.8No patch.More info. IBM&n...

0
  462 Hits
  0 Comments

New Vulnerabilities Monday 31 July

New Alerts for WAGO, IBM, Synology, Microsoft Azure, and Linux. WAGO  Multiple WAGO devices are prone to vulnerabilites in the used CODESYS V3 framework. Highest CVSSv3 score of 8.8No patch yet.More info. IBM  Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8More info.Multiple security ...

0
  393 Hits
  0 Comments

New Vulnerabilities Friday 28 July

New Alerts for PTC, QNAP, and Linux. PTC  A remote attacker can perform a DoS attack on KEPServerEX by performing resource exhaustion. CVSSv3 score of 7.5No patch yet.More info. And here. QNAP  An uncontrolled resource consumption vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability al...

0
  378 Hits
  0 Comments

New Vulnerabilities Thursday 27 July

New Alerts for Veritas, Fujitsu, Mitsubishi Electric, and Linux. Veritas  A vulnerability was discovered in Veritas NetBackup Snapshot Manager which allowed untrusted clients to interact with the RabbitMQ service. CVSSv3 score of 9.8More info. Fujitsu  Real-time Video Transmission Gear IP series provided by Fujitsu Limited uses hard-coded...

0
  365 Hits
  0 Comments

New Vulnerabilities Wednesday 26 July

New Alerts for Crestron, Johnson Controls, Emerson, Bosch, B&R Automation, HPE Aruba (Exploit), Tenable, and Linux. Crestron  Aan issue exists in the 3-Series Control Systems where crafting and sending a specific BACnet packet can crash the system.More info. And here. Johnson Controls  Johnson Controls IQ Wifi 6 contains a vulnerabili...

0
  408 Hits
  0 Comments

New Vulnerabilities Tuesday 25 July

New Alerts for Apple (Exploit), Ivanti (Exploit), Belden, Hitachi Energy, IBM, NetApp, PaperCut, WIBU, and Linux. Apple Exploit Apple has published updates for Safari, iOS, iPadOS, macOS, tvOS, and watchOS. Highest CVSSv3 score of 9.8At least two vulnerabilities have been exploited.More info. And here. Ivanti Exploit An authentication bypass vulner...

0
  688 Hits
  0 Comments

New Vulnerabilities Monday 24 July

New Alert for Microsoft Edge. Microsoft  Microsoft has updated Edge to include all chromium updates, and 3 additional Edge specific vulnerabilities.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of o...

0
  342 Hits
  0 Comments

New Vulnerabilities Friday 21 July

New Alerts for Digi, HP, Mozilla, Google ChromeOS, and Linux. Digi  Digi has patched the NDS and NET+OS product lines to fix an incompletely patched Ripple20 vulnerability. CVSSv3 score of 9.0More info. HP  Certain HP LaserJet Pro print products are potentially vulnerable to an elevation of privilege and/or information disclosure related ...

0
  431 Hits
  0 Comments

New Vulnerabilities Thursday 20 July

New Alerts for OpenSSH (Exploit), Adobe (Exploit), Atlassian, Ivanti, and Linux. OpenSSH Exploit The PKCS#11 support ssh-agent could be abused to achieve remote code execution via a forwarded agent socket. Exploitation requires specific libraries on the victim system and the agent forwarded to an attacker-controlled system.More info. Adobe Exploit ...

0
  377 Hits
  0 Comments

New Vulnerabilities Wednesday 19 July

New Alerts for GeoVision, Weintek, Iagona, Rockwell Automation, Dell, and Google Chrome. GeoVision  GeoVision GV-ADR2701 cameras contain an Improper Authentication vulnerability. A remote attacker can edit the login response to access the web application. CVSSv3 score of 9.8No patch, upgrade the physical camera.More info. Weintek  Weintek...

0
  474 Hits
  0 Comments

New Vulnerabilities Tuesday 18 July

Quarterly Patches are expected for Oracle this afternoon. New Alerts for Rockwell Automation, IBM, NetApp, Veritas, Citrix (Exploit), and Linux. Rockwell Automation  The Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. The new ENIP connections cannot be established if impacted by this vulnerability, which prohibits opera...

0
  489 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/