CND News and Blog

New Alerts for Apple watchOS, Google Chrome, Mozilla, Meinberg, Django, Apache Camel, and Linux. Apple  Apple has published a security bulletin for watchOS.More info. Google  Google has updated Chrome for Desktop to fix 14 security vulnerabilities.More info.Microsoft is aware. More info. Mozilla  Mozilla has published security update...

New Alerts for Apple, Broadcom, and IBM. Apple  Apple has published security bulletins for Safari, Xcode, iOS, iPadOS, macOS, tvOS, and visionOS.More info. Broadcom  NGINX has been updated in VIP Authentication Hub. CVSSv3 score of 9.8More info.Security fixes has been published for Tanzu Greenplum. Highest CVSSv3 score of 9.8More info. An...

New Alerts for IBM and Linux. IBM  IBM has published Critical bulletins for Automation Decision Services, Db2 on Cloud Pak for Data, Db2 Warehouse on Cloud Pak for Data, and App Connect Enterprise.More info. Linux  Red Hat has updated grub2. More info.Oracle Linux has updated the kernel. More info. Security Wizardry Cyber Threat Intellige...

New Alerts for Westermo, DrayTek, NetApp, IBM, Dell, and Linux. Westermo  An issue in WeOS 5 exists where a malformed ESP packet could cause the device to reboot. CVSSv3 score of 5.9More info.Westermo have identified an issue where a remote attacker could gain unauthorized access to a device. CVSSv3 score of 7.5More info. DrayTek  DrayTek...

Quarterly Patches are out for Splunk. New Alerts for Microsoft Edge (Exploit), Mozilla Firefox, Wind River, Dell, BD, and Linux. Microsoft Exploit Microsoft has updated Edge to fix one security vulnerability. Exploits exist in the wild.More info. Splunk  Splunk Quarterly Patches include 13 bulletins, 6 rated High, 6 rated Medium, and 1 rated L...

New Alerts for Google Chrome (Exploit), Inaba Denki Sangyo, HPE, Broadcom, Arista (0-Day), BD, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 1 security vulnerability. Exploits exist in the wild.More info.Microsoft is aware. More info. Inaba Denki Sangyo  Several vulnerabilities exist in CHOCO TEI WATCHER mini. Highest ...

New Alerts for Kubernetes (IngressNightmare), Hitachi Energy, HPE, F5, NetApp, IBM, and Linux. Kubernetes  ingress-nginx has been updated to fix several critical vulnerabilities that have been publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Hitachi Energy  Hitachi has published 3 new bulletins with updates for RTU500, ...

New Alerts for Next.js, PyTorch, Microsoft Edge, HPE, JTEKT, Apache Commons, and Linux. Next.js  Next.js has been released to address a security vulnerability. It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. CVSSv3 score of 9.1More info. PyTorch  A deserializatio...

New Alerts for CrushFTP, IBM, Dell, and Linux. CrushFTP  A vulnerability exists in CrushFTP that allows unauthenticated HTTP(S) port access.More info. IBM  IBM has published Critical bulletins for Maximo Application Suite - IoT, Cloud Pak for Multicloud Management, and FileNet Content Manager.More info. Dell  Dell has published Criti...

New Alerts for Google Chrome, Spring Security, and Linux.  Google  Google has updated Chrome for Desktop to fix 2 security vulnerabilities, one of which is rated Critical.More info.Microsoft is aware. More info. Spring  Two vulnerabilities have been patched in Spring Security. Highest CVSSv3 score of 7.4More info. Linux  SUSE ha...

Monthly Patches are out for Atlassian. New Alerts for Progress Software and IBM. Progress Software  LoadMaster has been updated to fix a vulnerability that allows a remote attacker to issue a crafted HTTP request that causes a stack-based buffer overflow and potentially execute arbitrary system commands. CVSSv3 score of 9.8More info. Atlassian...

New Alerts for Ricoh, MB Connect, IBM, Helmholz, and CODESYS. Ricoh  Ricoh MFP and Printers contain vulnerabilities in the PostScript interpreter and embeded webserver that could result in RCE. Highest CVSSv3 score of 9.1More info. MB Connect  The data24 service that is bundled with every installation of mbCONNECT24/mymbCONNECT24 has two ...

New Alerts for SICK, Santesoft, IBM, Dell, and Linux. SICK  Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx that could allow a remote attacker to impact availabiltiy, integrity and confidentaility of the products. Highest CVSSv3 score of 9.8No patches, use good security.More info. Santesoft  Multiple vulnerabili...

New Alerts for PHP, expat, Microsoft Edge, Arista, Shibboleth, NetApp, and Linux. PHP  PHP has been updated to fix several vulnerabilities. Highest CVSSv3 score of 7.5More info. expat  expat has been updated to fix a DoS vulnerability. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge with the latest chrom...

Monthly Patches are out for Cisco and Palo Alto Networks. New Alerts for Microsoft Edge, Xerox, ABB, Lenovo, and Linux. Cisco  Cisco has published 11 bulletins, 8 rated High and 3 rated Medium. Highest CVSSv3 score of 8.6More info.Vulnerabilities in the IPv4 ACL feature, QoS policy feature, and Layer 3 multicast feature of Cisco IOS XR Softwar...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Apple, HPE, Optigo Networks, and Linux. Microsoft Exploit Monthly Patches include 51 fixes with 6 rated Critical. Six vulnerabilities are actively exploited. Highest CVSSv3 score of 8.8More info. And here.Microsoft is aware of exploits in the wild for Edge vulnerabilities.No...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Google Chrome, Apache, Zoom, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Monthly Patches include 27 bulletins, 11 new and 16 updated. Highest CVSSv4 score of 9.5More info.Multiple products contain two authentication byp...

New Alerts for Broadcom, Microsoft Edge, F5, HPE, QNAP, IBM, and Linux. Broadcom  Brocade ASCG contains a vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 7.5More info. Microsoft  Microsoft has updated Edge with the latest chromium fixes and one Edge-specific fix.More info. F5 BIG-IP Next contains a vulnerabilit...

New Alerts for NetApp, Dell, and Linux. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.1Only 1 has patches.More info. Dell  Dell has published a Critical bulletin for PowerStore Family.More info. Linux  Ubuntu has updated the kern...

New Alerts for Moxa, Synology, Jenkins, IBM, Dell, and Linux. Moxa  Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. CVSSv4 score of 9.2More info. Synology  DSM product contain a vulnerability that allows a remote attacker to read any file via NFS. This is rated Important.More ...