Skip to main content

CND News and Blog

New Vulnerabilities Friday 02 August

New Alerts for Microsoft Edge, Johnson Controls, Vonets, HPE, TOTOLINK, and Linux.  Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. Johnson Controls  exacqVision Web Service contains a Permissive Cross-domain Policy with Untrusted Domains vulnerability. CVSSv4 score of 7.6More info.exacqVision Client...

0
  461 Hits

New Vulnerabilities Thursday 01 August

New Alerts for Microsoft Dynamics 365, IBM, and NetApp.  Microsoft  Microsoft has patched a vulnerability in Mcrosoft Dynamics 365 that could allow a remote attacker to achieve Elevation of Privilege. CVSSv3 score of 9.0More info. IBM  The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. CVSS...

0
  393 Hits

New Vulnerabilities Wednesday 31 July

New Alerts for Google Chrome, HPE, Broadcom, Helmholz, Red Lion, mbConnect, Dahua, Bitdefender, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info. HPE  ClearPass Policy Manager has been updated to address multiple security vulnerabilities. Highest CVSSv3 score of 9.0More info. Broad...

0
  463 Hits

New Vulnerabilities Tuesday 30 July

New Alerts for Apple, BD, Progress, and Linux.  Apple  Apple has provided securty updates for Safari, iOS, iPadOS, macOS, watchOS, tvOS, and VisionOS.More info. BD  BD has updated Assurity Linc for third-party software vulnerabilities.More info. Progress  Automate ships with pdoc. Documentation generated with `pdoc --math` linke...

0
  466 Hits

New Vulnerabilities Monday 29 July

New Alerts for Dell and Linux. Dell  Dell PowerProtect DD remediation is available for multiple iDRAC9 security vulnerabilities. Dell rates this Critical.More info. Linux  Ubuntu has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threa...

0
  359 Hits

New Vulnerabilities Friday 26 July

New Alerts for Microsoft Edge and NetApp. Microsoft  Microsoft has updated Edge to correct the latest chromium vulnerabilities and 2 Edge specific updates.More info. NetApp  NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8No patches yet.More in...

0
  502 Hits

New Vulnerabilities Thursday 25 July

New Alerts for Tanzu, Positron, IBM, Acronis, and Linux. Tanzu  Tanzu has been updated with 14 bulletins marked Medium. Several allow a remote attacker to cause a DoS.More info. (login required) Positron  Broadcast Signal Processor TRA7005 contains an Auth Bypass vulnerability. CVSSv4 score of 8.7No response from vendor.More info. IBM&nbs...

0
  360 Hits

New Vulnerabilities Wednesday 24 July

New Alerts for Microsoft GroupMe, IBM, BIND, HPE, Google Chrome, NVIDIA, and Linux. Microsoft  A pair of vulnerabilities in GroupMe allow an a unauthenticated attacker to elevate privileges over a network. Highest CVSSv3 score of 9.6More info. And here. IBM  IBM QRadar Network Packet Capture includes third-party software with multiple kno...

0
  444 Hits

New Vulnerabilities Tuesday 23 July

New Alerts for Siemens, HPE, PyTorch, IBM, Dell, BD, and Linux. Siemens  Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities. Highest CVSSv4 score of 9.3Note this is out of cycle for Siemens.More info. HPE  A security vulnerability has been identified in certain HPE ProLiant DL/ML/SY/...

0
  511 Hits

New Vulnerabilities Monday 22 July

New Alerts for Meinberg, Tenda, NetApp, IBM, and Subnet Solutions. Meinberg  The LANTIME firmware update includes security updates of various third party libraries and programs.More info. Tenda  Tenda AX2pro could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Routing functionality. By sending a speci...

0
  505 Hits

New Vulnerabilities Friday 19 July

New Alerts for SolarWinds, Philips, Mitsubishi Electric, Microsoft Edge, Bosch, Ivanti, and Linux.  SolarWinds  Access Rights Manager has been updated and fixes 13 vulnerabilities. Highest CVSSv3 score of 9.6Note ZDI rates several vulnerabilities at 10More info. Philips  Vue PACS contains several vulnerabilities, including: Out-of-bo...

0
  499 Hits

New Vulnerabilities Thursday 18 July

New Alerts for Cisco, SonicWall, Apache HTTP Server, Dell, IBM, Mitel, and Linux. Cisco  Cisco has published 9 new bulletins, 2 rated Critical, 3 rated High, and 4 rated Medium. Highest CVSSv3 score of 10.More info.A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow a remote attacker to change the p...

0
  505 Hits

New Vulnerabilities Wednesday 17 July

New Alerts for Google Chrome, Atlassian, Rockwell Automation, Dell, and IBM.  Google  Google has updated Chrome for Desktop to fix 10 security vulnerabilities.More info. Atlassian  Atlassian has published security updates for Bamboo Data Center and Server, Confluence Data Center and Server, Jira Data Center and Server, and Jira Servi...

0
  371 Hits

New Vulnerabilities Tuesday 16 July

Oracle Quarterly Critical Patches are out today. New Alerts for Tanzu, Microsoft Edge, Dell, HPE, Alcatel-Lucent, and Linux. Oracle  Oracle Critical Patch Update will be released this afternoon. The Pre-Release shows 353 security vulnerabiliities patched, with 246 remotely exploitable without authorization. Highest CVSSv3 score of 9.8More info...

0
  424 Hits

New Vulnerabilities Monday 15 July

New Alerts for Tanzu, NetApp, IBM, Check Point, and Linux. Tanzu  Tanzu has published several bulletins identifying vulnerabilities in third-party software included in the products.More info. NetApp  NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of...

0
  393 Hits

New Vulnerabilities Friday 12 July

New Alerts for BD, Digi, HashiCorp, CODESYS, Dell, and Linux. BD  BD has published updates for FACS Sample Prep Assistant and FACSLyric to fix vulnerabilities in third-party software.More info. Digi  A security fix has been released for WR11, WR21, WR31, WR44R, WR44RR to patch the SSH entity to initialize an uninitialized variable, preven...

0
  399 Hits

New Vulnerabilities Thursday 11 July

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Wireshark, Veeam, Mitel, Xylem, and Linux. Palo Alto Networks  Monthly Patches are out with 6 bulletins, 1 rated Critical, 1 rated High, 3 rated Medium, and 1 rated Informational. Highest CVSSv4 score is 9.3More info. Missing authentication for a critical funct...

0
  465 Hits

New Vulnerabilities Wednesday 10 July

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Mozilla, Pepperl+Fuchs, Citrix, and Linux. Microsoft  Monthly Patches are out with 142 vulnerabilties, 4 rated Critical, 2 actively exploited. Highest CVSSv3 score is 9.8More info. And here. Adobe  Adobe Monthly Patches has updates for Premiere Pro, InDesign, and B...

0
  417 Hits

New Vulnerabilities Tuesday 09 July

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Node.js, Django, ifm electronic, and Linux. Monthly Patches are expected this afternoon for Microsoft and Adobe. Siemens  Monthly Patches are out, with 38 bulletins, 17 new and 21 updated bulletins. Of the new bulletins, the highest CVSSv3 score is 9.6More info.Th...

0
  457 Hits

New Vulnerabilities Monday 08 July

New Alerts for Apache CloudStack, IBM, F5, and NetApp. Apache  CloudStack contains 2 vulnerabilities. An unauthenticated cluster service port leads to remote execution, and the integration API service uses dynamic port when disabled.More info. IBM  Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDA...

0
  437 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/