Skip to main content

CND News and Blog

New Vulnerabilities Monday 26 February

New Alerts for Microsoft Edge, WithSecure, HPE, HP, F5, IBM, and Linux. Microsoft  Edge has been updated to fix the latest chromium-based vulnerabilities.Note the normal Edge announcement page doesn't yet show this update.More info. And (maybe) here. WithSecure  A DoS vulnerability was discovered in WithSecure products where the engine sc...

0
  525 Hits
  0 Comments

New Vulnerabilities Friday 23 February

New Alerts for Semtech, Dell, NetApp, WAGO, and Linux. Semtech  Three vulnerabilities affect the Sierra Wireless EM919x and EM929x cellular modules. These vulnerabilities were announced as part of Qualcomm's December Security Bulletin. Highest CVSSv3 score of 7.5More info. Dell  Dell Avamar server, Dell Avamar Virtual Edition and Dell Int...

0
  402 Hits
  0 Comments

New Vulnerabilities Thursday 22 February

New Alerts for Progress Kemp, B&R Automation, IBM, HP, Tenable, and Linux. Progress Kemp  LoadMaster and ECS Connection Manager cointain a security vulnerability that allows a remote attacker to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication. CVSSv3 score of 10.More inf...

0
  494 Hits
  0 Comments

New Vulnerabilities Wednesday 21 February

New Alerts for VMware, CISA ICSNPP, Atlassian, UI, Mozilla, Google Chrome, and Linux. VMware  Arbitrary Authentication Relay and Session Hijack vulnerabilities exist in the deprecated VMware Enhanced Authentication Plug-in. Remove plugin. CVSSv3 score of 9.6More info. CISA  ICSNPP - Ethercat Plugin for Zeek put out by CISA contains 2 vuln...

0
  501 Hits
  0 Comments

New Vulnerabilities Tuesday 20 February

New Alerts for PostgreSQL (pgjdbc), Mitsubishi Electric, ConnectWise, HPE, Zyxel, and Linux. PostgreSQL  pgjdbc, the PostgreSQL JDBC driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. CVSSv3 score of 10.More info. Mitsubishi Electric  A RCE vulnerability due to Microsoft Message Queuing service on Microsoft Windows exi...

0
  385 Hits
  0 Comments

New Vulnerabilities Monday 19 February

New Alert for BD. BD  BD has updated Care Coordination Engine and Identity Provider Manager to fix vulnerabilities in third-party software.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Securi...

0
  383 Hits
  0 Comments

New Vulnerabilities Friday 16 February

New Alerts for B&R, IBM, Dell, NetApp, Tenable, and Linux. B&R  A vulnerability exists in B&R APROL that allows a remote attacker, with MitM capabilities to manipulate SSH messages and compromise the integrity of connections. CVSSv3 score of 5.9More info. IBM  QRadar Suite Software includes components with known vulnerabilitie...

0
  424 Hits
  0 Comments

New Vulnerabilities Thursday 15 February

Monthly Patches are out for Palo Alto Networks. New Alerts for Node.js, Contiki-NG, BD, Squid, HPE, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches include 6 bulletins, 5 rated Medium and 1 rated Informational. Highest CVSSv3 score of 6.3More info. Node.js  A security update for Node.js is available, that includes fixes ...

0
  470 Hits
  0 Comments

New Vulnerabilities Wednesday 14 February

Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for ISC, Intel, HPE, F5, Google Chrome, and Linux. The Node.js patch publication was pushed off until later today. Microsoft Exploit Microsoft Monthly Patches include 80 patches, 5 rated Critical and 2 being exploited. Highest CVSSv3 score of 9.8More info. And here.Windows SmartS...

0
  420 Hits
  0 Comments

New Vulnerabilities Tuesday 13 February

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Zoom, PowerDNS, Dell, and HIMA. Monthly Patches for Microsoft and Adobe are expected this afternoon, along with Node.js patches. Siemens  Siemens Monthly Patches include 15 new bulletins and 8 updated bulletins. Of the new bulletins, Highest CVSSv3 score of 9.8Mor...

0
  486 Hits
  0 Comments

New Vulnerabilities Monday 12 February

New Alert for Linux. Enjoy your Monday, tomorrow is Patch Tuesday and the awaited Node.js security update. Linux  Oracle Linux has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version o...

0
  441 Hits
  0 Comments

New Vulnerabilities Friday 09 February

Monthly Patches are out for Fortinet. New Alerts for Microsoft Edge, Dell, Ivanti, Wind River, and Linux. Fortinet  Fortinet has published 7 bulletins in their Monthly Patches for their products. Highest CVSSv3 score of 9.8More info.A use of externally-controlled format string vulnerability in FortiOS fgfmd daemon may allow a remote attacker t...

0
  461 Hits
  0 Comments

New Vulnerabilities Thursday 08 February

New Alerts for Cisco, ClamAV, SonicWall, IBM, NetApp, Django, and Linux. Cisco  Multiple vulnerabilities in the Cisco Expressway Series could allow a remote attacker to conduct CSRF attacks, which could allow the attacker to perform arbitrary actions on an affected device. CVSSv3 score of 9.6More info.Secure Endpoint products are affected by a...

0
  388 Hits
  0 Comments

New Vulnerabilities Wednesday 07 February

New Alerts for Google Chrome, Fortinet, Badger Meter, Hitachi, Canon, Juniper Networks, Linux Shim, and Linux distros. Google  Google has updated Chrome for Desktop to fix 3 vulnerabilities, at least 2 rated High.More info. Fortinet  Fortinet has added two vulnerabilities to a 2023 bulletin. FortiSIEM supervisor may allow a remote attacke...

0
  490 Hits
  0 Comments

New Vulnerabilities Tuesday 06 February

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Pilz, B&R Automation, and HPE. Qualcomm  Monthly Patches are out for Qualcomm including 17vulnerabilities, 16 rated High, and 1 rated Moderate. Highest CVSSv3 score of 9.3More info. Google  Android Monthly Patches are out, with 15 vulnerabi...

0
  564 Hits
  0 Comments

New Vulnerabilities Monday 05 February

Monthly Patches are out for MediaTek. New Alerts for ManageEngine, HCL Software, Dell, and QNAP. Qualcomm Monthly Patches are expected out today as well.  ManageEngine  Several ManageEngine products are affected by the recent Apache Tomcat vulnerability. CVSSv3 score of 5.3.More info. HCL Software  HCL BigFix Platform has addressed m...

0
  466 Hits
  0 Comments

New Vulnerabilities Friday 02 February

New Alerts for Gessler, Microsoft Edge, Dell, and NetApp. Gessler  WEB-MASTER contains two vulnerabilities, including Use of Weak Credentials, and Use of Weak Hash. Highest CVSSv3 score of 9.8Patches are available, but must be applied by Gessler technicians.More info. Microsoft  Microsoft has updated Edge for the recently reported chromiu...

0
  576 Hits
  0 Comments

New Vulnerabilities Thursday 01 February

New Alerts for Baxter, Meinberg, Apple Vision Pro (Exploit), IBM, Dell, and NetApp. Baxter  Baxter has published a list of products distributed by Baxter that are vulnerable to the Mirth Connect RCE. CVSSv3 score of 9.8Some patches are available, others are expected Q1 2024.More info. Meinberg  Meinberg has updated LANTIME firmware to fix...

0
  575 Hits
  0 Comments

New Vulnerabilities Wednesday 31 January

New Alerts for Google Chrome, Emerson, Rockwell Automation, Trend Micro, Salt, SICK, and SuperMicro. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities. More info. Emerson  Four vulnerabilities exist in Rosemount Gas Chromatographs that allow for a remote attacker to run arbitrary commands in root context, to ...

0
  427 Hits
  0 Comments

New Vulnerabilities Tuesday 30 January

New Alerts for Festo, Mitsubishi Electric, Hitachi Energy, Hitachi, and Linux. Festo Several high severity vulnerabilities in CODESYS V3 affecting Festo products could lead to RCE or DoS. Highest CVSSv3 score of 8.8More info. Mitsubishi Electric  Authentication bypass and RCE vulnerabilities exist in multiple FA engineering software products. ...

0
  500 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/