CND News and Blog

Quarterly Patches are out for F5, Monthly Patches are out for Palo Alto Networks. New Alerts for Spring, IBM,and Linux.  F5  F5 August Quarterly Security Notification lists 9 CVEs, 4 rated High and 5 rated Medium. Highest CVSSv4 score of 8.9More info.An attacker with access to obtain a user's session cookies can continue to use that sessi...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Tenable, SolarWinds, NetApp, Zoom, Intel, and Linux. Fortinet Monthly Patches are out, but with no remotely exploitable vulnerabilities. Microsoft Exploit Microsoft Monthly Patches include 90 CVEs, 9 rated Critical, 6 are actively exploited, Highest CVSSv3 score of 9.8More info. And he...

Monthly Patches are out for SAP, Schneider Electric, and Siemens. New Alerts for Ivanti (PoC), Rockwell Automation, Phoenix Contact, PEPPERL+FUCHS, AVEVA, Splunk, and Linux. Later this afternoon is Monthly Patches for Microsoft and Adobe, tomorrow should be Palo Alto Networks and Juniper Networks. SAP  SAP Security Patch Day saw the release of...

New Alerts for Dell, BD, and IBM. Tomorrow is Patch Tuesday, 5+ vendors release patches. Dell  Dell PowerProtect DP Series Appliance (IDPA) remediation is available for multiple security vulnerabilities in third-party software.More info. BD  BD has published a security update for Pyxis that fixes third-party software vulnerabilities.More ...

New Alerts for Microsoft Edge, Microsoft Office, Dorsett Controls, B&R Automation, Jenkins, GitLab, IBM, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes, plus 2 Edge-specific fixes.More info.Microsoft Office contains a spoofing vulnerability. CVSSv3 score of 7.5More info. Dorsett Controls  InfoScan cont...

New Alerts for Cisco (Exploit), NVIDIA, Bosch, F5, Broadcom, NetApp, Linux, and FreeBSD. Cisco Exploit Multiple vulnerabilities in the web-based management interface of Small Business SPA300/500 Series IP Phones allows a remote attacker to execute arbitrary commands on the underlying operating system or cause a DoS. CVSSv3 score of 9.8More info.A p...

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, Siemens, F5, Mozilla, HPE, HaloITSM, and Linux. Google  Pixel Monthly Patches include 1 patched vulnerability, rated High, plus patches from Google Android and Qualcomm.More info.Google has updated Chrome for Desktop to fix 5 security vulnerabilities, 1 rated Critical and ...

Monthly Patches are out for Google Android and Samsung Android. New Alerts for Carrier, Hitachi, Janobe, Dell, and Linux. Google  Android Monthly Patches include 15 patched vulnerabilities, all rated High, plus patches from Arm, Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung  Samsung has included 14 vulnerabilities in...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alerts for Apache OFBiz, Moxa, and Linux. Qualcomm  Qualcomm Monthly Patches include 8 patched vulnerabilities, 1 rated Critical, 6 High, and 1 Medium. Highest CVSSv3 score of 8.4More info. MediaTek  MediaTek has included 2 vulnerabilities in their Monthly Patc...

New Alerts for Microsoft Edge, Johnson Controls, Vonets, HPE, TOTOLINK, and Linux.  Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. Johnson Controls  exacqVision Web Service contains a Permissive Cross-domain Policy with Untrusted Domains vulnerability. CVSSv4 score of 7.6More info.exacqVision Client...

New Alerts for Microsoft Dynamics 365, IBM, and NetApp.  Microsoft  Microsoft has patched a vulnerability in Mcrosoft Dynamics 365 that could allow a remote attacker to achieve Elevation of Privilege. CVSSv3 score of 9.0More info. IBM  The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Maven. CVSS...

New Alerts for Google Chrome, HPE, Broadcom, Helmholz, Red Lion, mbConnect, Dahua, Bitdefender, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info. HPE  ClearPass Policy Manager has been updated to address multiple security vulnerabilities. Highest CVSSv3 score of 9.0More info. Broad...

New Alerts for Apple, BD, Progress, and Linux.  Apple  Apple has provided securty updates for Safari, iOS, iPadOS, macOS, watchOS, tvOS, and VisionOS.More info. BD  BD has updated Assurity Linc for third-party software vulnerabilities.More info. Progress  Automate ships with pdoc. Documentation generated with `pdoc --math` linke...

New Alerts for Dell and Linux. Dell  Dell PowerProtect DD remediation is available for multiple iDRAC9 security vulnerabilities. Dell rates this Critical.More info. Linux  Ubuntu has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threa...

New Alerts for Microsoft Edge and NetApp. Microsoft  Microsoft has updated Edge to correct the latest chromium vulnerabilities and 2 Edge specific updates.More info. NetApp  NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8No patches yet.More in...

New Alerts for Tanzu, Positron, IBM, Acronis, and Linux. Tanzu  Tanzu has been updated with 14 bulletins marked Medium. Several allow a remote attacker to cause a DoS.More info. (login required) Positron  Broadcast Signal Processor TRA7005 contains an Auth Bypass vulnerability. CVSSv4 score of 8.7No response from vendor.More info. IBM&nbs...

New Alerts for Microsoft GroupMe, IBM, BIND, HPE, Google Chrome, NVIDIA, and Linux. Microsoft  A pair of vulnerabilities in GroupMe allow an a unauthenticated attacker to elevate privileges over a network. Highest CVSSv3 score of 9.6More info. And here. IBM  IBM QRadar Network Packet Capture includes third-party software with multiple kno...

New Alerts for Siemens, HPE, PyTorch, IBM, Dell, BD, and Linux. Siemens  Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities. Highest CVSSv4 score of 9.3Note this is out of cycle for Siemens.More info. HPE  A security vulnerability has been identified in certain HPE ProLiant DL/ML/SY/...

New Alerts for Meinberg, Tenda, NetApp, IBM, and Subnet Solutions. Meinberg  The LANTIME firmware update includes security updates of various third party libraries and programs.More info. Tenda  Tenda AX2pro could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Routing functionality. By sending a speci...

New Alerts for SolarWinds, Philips, Mitsubishi Electric, Microsoft Edge, Bosch, Ivanti, and Linux.  SolarWinds  Access Rights Manager has been updated and fixes 13 vulnerabilities. Highest CVSSv3 score of 9.6Note ZDI rates several vulnerabilities at 10More info. Philips  Vue PACS contains several vulnerabilities, including: Out-of-bo...