Skip to main content

CND News and Blog

New Vulnerabilities Monday 04 November

Monthly Patches are out for Qualcomm and Mediatek. New Alerts for Broadcom, Moxa, Dell, NetApp, and Linux. Qualcomm  Monthly Patches are out for Qualcomm, with 10 vulnerabilities, 1 rated Critical, 7 rated High, and 2 rated Medium. Highest CVSSv3 score of 8.2More info. Mediatek  Mediatek's Monthly Patches include 11 CVEs, 2 rated High and...

0
  326 Hits

New Vulnerabilities Friday 01 November

New Alerts for Ricoh, Microsoft Edge, Digi, Moxa, IBM, Splunk, and Linux. Ricoh  Ricoh has identified a buffer overflow vulnerability when using the Web Image Monitor that could potentially allow a DoS or RCE. CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. Digi  Web ser...

0
  433 Hits

New Vulnerabilities Thursday 31 October

New Alerts for D-Link, HP, Draytek, Bosch, Tenable, Splunk, and Linux. D-Link  The D-Link DSL6740C modem is configured with default and predictable administrator credentials that compromise the security of the device. These credentials allow unauthorized remote access to the modem's control panel, posing a significant security risk. CVSSv3 sco...

0
  360 Hits

New Vulnerabilities Wednesday 30 October

New Alerts for Google Chrome, Hitachi Energy, Apple, QNAP, GE Vernova, Delta Electronics, and Linux. Google  Chrome for Desktop has been updated to fix 2 security vulnerabilties.More info. Hitachi Energy  Hitachi Energy has published updates for UNEM, FOXMAN-UM, and MicroScada Pro/X SYS600.. Highest CVSSv3 score of 10More info. Apple ...

0
  357 Hits

New Vulnerabilities Tuesday 29 October

New Alerts for Apple, Hitachi Energy, HPE, Mozilla, QNAP, and CyberPanel (Exploit). Apple  Apple has published udates for macOS, iPadOS, iOS, visionOS, tvOS, and watchOS.More info. And here. Hitachi Energy  There are public reports of vulnerabilities in the Hitachi Energy's MSM that could allow a remote attacker to impact the confidential...

0
  464 Hits

New Vulnerabilities Monday 28 October

New Alerts for F5, Squid, Ruby, Rockwell Automation, HPE, and BD. F5  libarchive has been updated in BIG-IP. Highest CVSSv3 score of 5.3More info. And here. And here. Squid  Squid is vulnerable to DoS attacks by a trusted server against all clients using the proxy. CVSSv3 score of 7.5More info. Ruby There is a ReDoS vulnerability in REXML...

0
  391 Hits

New Vulnerabilities Friday 25 October

New Alerts for Microsoft Edge, iniNet, IBM, Dell, NetApp, and VIMESA. Microsoft  Microsoft has updated Edge to fix 9 Edge-specific vulnerabilities and the latest chromium updates.More info. iniNet  SpiderControl SCADA PC HMI Editor contains a Path Traversal vulnerability that could allow a remote attacker to gain remote control of the dev...

0
  403 Hits

New Vulnerabilities Thursday 24 October

New Alerts for Fortinet (patch for the exploit), Cisco, and Siemens. Fortinet  A missing authentication for critical function vulnerability in FortiManager fgfmd daemon may allow a remote attacker to execute arbitrary code or commands via specially crafted requests. CVSSv3 score of 9.8This is the fix for the Exploit reported yesterday.More inf...

0
  383 Hits

New Vulnerabilities Wednesday 23 October

New Alerts for Google Chrome, Fortinet (Exploit), IBM, Shibboleth, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities, all rated High.More info. Fortinet Exploit FGFM has vulnerabilities that can be chained and used for exploits.More info. IBM  IBM Storage Protect Server is susceptible to multiple v...

0
  400 Hits

New Vulnerabilities Tuesday 22 October

New Alert for Linux. Linux  Oracle Linux has updated the kernel. More info.Mageia has updated systemd. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vu...

0
  363 Hits

New Vulnerabilities Monday 21 October

New Alerts for Moxa, SICK, HP, Endress+Hauser, IBM, Dell, and Linux. Moxa  NE-4100, MiiNePort E1, MiiNePort E2, and MiiNePort E3 contain a vulnerability that allows a remote attacker to retrieve administration passwords without proper authentication. CVSSv3 score of 9.8More info. SICK  A critical vulnerability has been discovered in the ....

0
  477 Hits

New Vulnerabilities Friday 18 October

New Alerts for Microsoft Edge, Synology, Kieback&Peter, Spring, Belden, OPC Foundation, Hikvision, Moxa, and NetApp. Microsoft  Microsoft has updated Edge to include the latest chromium fixes and 9 Edge-specific vulnerabilities.More info. Synology  Synology Camera BC500, TC500, and CC400W contain vulnerabilities that allow remote atta...

0
  550 Hits

New Vulnerabilities Thursday 16 October

New Alerts for Cisco, Mitsubishi Electric, Meinberg, Elvaco, LCDS, and Linux. Cisco  Cisco has published 3 new bulletins. Highest CVSSv3 score of 8.2More info.Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmwarecould allow a remote attacker to delete or change the configuration, execute commands as the root user, ...

0
  343 Hits

New Vulnerabilities Wednesday 16 October

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, SolarWinds, Microsoft, HP, Bosch, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities.More info.Google has published the Monthly Patches for Pixel, with 29 vulnerabilities and patches for Android.More info. SolarWinds  Sola...

0
  479 Hits

New Vulnerabilities Tuesday 15 October

Quarterly Patches are out for Splunk, and will be out shortly for Oracle. New Alerts for TAI, MB Connect, Helmholz, Kubernetes, Mbed TLS, BD, Mozilla Firefox, and Linux. Oracle  Oracle Quarterly Patches are expected out this afternoon. The pre-release lists 329 new security patches, 204 of which are remotely exploitable without authentication....

0
  503 Hits

New Vulnerabilities Monday 14 October

New Alerts for Mozilla Thunderbird, Moxa, and NetApp. Mozilla  Thunderbird has been updated to fix a critical vulnerability.More info. Moxa  Moxa's cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. Highest CVSSv4 scor...

0
  344 Hits

New Vulnerabilities Friday 11 October

New Alerts for Wireshark, Microsoft Edge, HPE, Rockwell Automation, IBM, Dell, and Linux. Oracle Quarterly Patches are next week, the pre-release notice is out, here. Wireshark  Wireshark has been updated to fix 2 DoS vulnerabilities. CVSSv3 score of 7.5More info. Microsoft  Microsoft has updated Edge with the latest chromium updates.More...

0
  468 Hits

New Vulnerabilities Thursday 10 October

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Progress, PEPPERL+FUCHS, GitLab, Ruckus, and Linux. Palo Alto Networks  Monthly Patches include 7 bulletins, 1 rated Critical, 2 rated High, and 4 rated Medium. Highest CVSSv4 score of 9.9More info.Multiple vulnerabilities in Expedition allow a remote attacker ...

0
  413 Hits

New Vulnerabilities Wednesday 09 October

Monthly Patches are out for Microsoft, Adobe, and Ivanti. New Alerts for Mozilla, Rockwell Automation, Mitel, and Linux. Microsoft  Monthly Patches include 117 vulnerabilities, 3 are rated Critical, 5 have been previously disclosed, 2 of those are being exploited. Updates include the latest chromium updates for Edge.More info. And here. And he...

0
  324 Hits

New Vulnerabilities Tuesday 08 October

Monthly Patches are out for Google Android, Samsung, SAP, Siemens, and Schneider Electric. New Alert for Phoenix Contact. Monthly Patches will be out for Microsoft and Adobe this afternoon. Google  Monthly Patches for Android include 9 vulnerabilities, all rated High, plus updates from Imagination Technologies, MediaTek, and Qualcomm. More inf...

0
  468 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/