CND News and Blog

New Alerts for Delta, Dell, IBM, and Linux. Happy Weekend! Delta Delta's Langflow online service contains Code Injection and Weak Password vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell Dell has published a Critical bulletin for Container Storage Modules.More info. IBM IBM has published Critical bulletins for CloudPak for Data and wats...

New Alerts for Broadcom Tanzu, ClamAV, Cisco, UniFi, IBM, and Linux. Broadcom Broadcom has published 10 new bulletins identifying security vulnerabilities in Tanzu products. Highest CVSSv3 score of 9.8More info. ClamAV ClamAV has been updated to fix DoS and RCE vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco A vulnerability in the AnyC...

Monthly Patches are out for Atlassian. New Alerts for Google Chrome, Dover Fueling Solutions, Citrix, OpenBSD, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Dover Fueling Dover Fueling Solutions ProGauge MagLink LX consoles contain a Missing Authentication vul...

New Alerts for Apache Commons and Tomcat, Anthropic, BD, IBM, and Linux. Apache Apache Commons FileUpload contains a vulnerability in multi-part file uploads that can cause a DoS.More info. And here.Apache Tomcat contains the DoS vulnerability in Commons FileUpload and other vulnerabilities.More info. And here. Anthropic MCP Inspector is vulnerable...

New Alerts for Microsoft Edge, WAGO, SICK, PostgreSQL JDBC, NetApp, and Splunk. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fixes.More info. WAGO Vulnerabilities exist in the WAGO Device Manager that allow remote attackers to send requests and read server responses through crafted web applications or to access the fi...

New Alerts for GitLab, PTZOptics and other PTZ camera vendors, Siemens, Mitel, Ricoh, and XWiki. GitLab The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7More info. PTZOptics PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcode...

Monthly Patches are out for Palo Alto Networks. New Alerts for Moxa, Meinberg, Mozilla, SinoTrack, MicroDicom, and Linux. Palo AltoNetworks Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High, 2 rated Medium, and 3 rated Low. Highest CVSSv3 score of 8.6More info. And here. Moxa Moxa PT-G7728 and PT-G7828 series are affected by a hi...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, GFI, and Trend Micro. Microsoft Microsoft Monthly Patches include 67 vulnerabilities. 10 rated Critical, 1 actively exploited, and 1 publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Adobe Patch Monthly Patches from Adobe includ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Bosch, Hitachi, SolarWinds, CoreDNS, Trend Micro, Hugging Face, and Linux. Three more vendors are expected to publish Monthly Patches this afternoon.  Siemens Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins. Of the new bulletins Highest CV...

New Alerts for Hongding Technology, QNAP, and Linux. Hongding Technology Hongding Technology Smart Parking Management System contains an exposure of sensitive information vulnerability. CVSSv4 score of 9.3More info. QNAP QNAP has identified vulnerabilities in OpenSSH that affect QTS and QuTShero. Highest CVSSv3 score of 6.8More info. Linux Red...

New Alerts for CyberData, ZIV, NetApp, Dell, IBM, and Linux. CyberData CyberData 011209 SIP Emergency Intercom contains several vulnerabilities, including Authentication Bypass, Missing Authentication, SQL Injection, Insufficiently Protected Credentials, and Path Traversal. Highest CVSSv4 score of 9.3More info. ZIV Eight vulnerabilities have been i...

New Alerts for Cisco, HPE, NetApp, IBM, and Django. Cisco Cisco has published 10 new bulletins, 1 rated Critical, 2 rated High, and 7 rated Medium.More info.A vulnerability in AWS, Microsoft Azure, and OCI cloud deployments of Cisco ISE could allow a remote attacker to access sensitive data, execute limited administrative operations, modify system ...

Monthly Patches are out for Samsung. New Alerts for Microsoft Edge (Exploit), HPE, Acronis, Python (Mailman 3), HP, and Linux. Samsung Samsung has published Monthly Patches for Android with 19 vulnerabilities, plus Google Android and Samsung Semiconductor vulnerability patches.More info. Microsoft Microsoft has updated Edge with the latest chromium...

Monthly Patches are out for Google Android. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, ABB, Pilz, HPE, ModSecurity, and Linux. Google Google has published monthly patches for Android with 11 vulnerabilities rated High, plus Qualcomm, Imagination Technologies, and Arm vulnerability patches.More info.Google has published an u...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductors. New Alerts for HPE, Moxa, NetApp, and Linux. Qualcomm Qualcomm Monthly Patches include 10 new bulletins, 2 rated Critical and 8 rated High. Highest CVSSv3 score of 8.6More info. MediaTek MediaTek Monthly Patches include 7 vulnerabilities, 1 rated High and 6 rated Medium. Mo...

New Alerts for Microsoft Edge, HPE, Instantel, Consilium Safety, Spring, Dell, and Linux. Microsoft Microsoft has updated Edge to update the latest chromium security updates and one Edge-specific vulnerability.More info. HPE Security vulnerabilities have been identified in OneView Software that allow a remote attacker to cause a DoS, code execution...

New Alerts for Mitsubishi Electric, Veritas, Acronis, Dell, IBM, and Linux. Mitsubishi Electric An Information disclosure and DoS vulnerability exists in MELSEC iQ-F series CPU module that allows a remote attacker to read information, or cause a DoS. CVSSv3 score of 9.1More info. Veritas Vulnerabilities were discovered in Arctera/Veritas Deskt...

New Alerts for Mozilla Thunderbird, Google Chrome, Arista, curl, Icinga, IBM, and Linux. Mozilla Mozilla has published Critical bulletins for Thunderbird.More info. Google Google has updated Chrome for Desktop to fix 11 security vulnerabilities.More info.Microsoft is aware. More info. Arista Arista EOS with IPsec enabled and anti-replay protection ...

New Alerts for Mozilla Firefox, Weidmueller, Hitachi Energy, Dell, Hitachi, and Linux. Mozilla  Mozilla has published Critical bulletins for Firefox and Firefox ESR.More info. Weidmueller  Weidmueller industrial ethernet switches are affected by multiple vulnerabilities, including Missing Auth and DoS. Highest CVSSv3 score of 9.8More info...

New Alerts for Siemens, Xerox, Philips, Pepperl+Fuchs, IBM, and Linux. Siemens  SiPass contains an out of bounds read vulnerability that could allow a remote attacker to create a DoS. CVSSv4 score of 8.7More info.SiPass integrated ACC devices do not properly check the integrity of firmware updates. This could allow a remote attacker to upload ...