CND News and Blog

Quarterly Patches will be out for Oracle this afternoon, pre-release info is available. New Alerts for SCATI, Unisoc, and Linux. Oracle Oracle's Quarterly Critical Patch Update addresses 305 new security patches, according to the pre-release, 145 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8Patches are expect...

New Alerts for KUNBUS, Omron, IBM, NetApp, and Linux. Oracle Quarterly Patches come out tomorrow. KUNBUS The RevPi Webstatus application is vulnerable to an authentication bypass. CVSSv3 score of 9.8More info. And here. Omron A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac ...

New Alerts for Apache HTTP and Tomcat, GnuTLS, Alcatel Lucent, Broadcom, Dell, Watchguard, and Linux. Apache Apache has published security updates for HTTP Server and Tomcat. HTTP Server has Moderate and Low vulnerabilities. Tomcat has Important and Low vulnerabilities.More info. And here. And here. GnuTLS GnuTLS has published an update that fixes ...

New Alerts for Emerson, Ruckus Wireless, Zoom, Broadcom, IBM, and Linux. Emerson Emerson ValveLink Products contains multiple vulnerabilities including Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, and Improper Input Validation. Highest CVSSv4 score of 9.3More info. Ruckus ...

Monthly Patches are out for Microsoft, Adobe, Palo Alto Networks, Fortinet, and Juniper Networks. New Alerts for HPE and Linux. Microsoft Microsoft Monthly Patches incude 130 fixed vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. Fourteen are rated Critical, 1 was publicly disclosed. H...

Monthly Patches are out for Samsung Android, MediaTek, Siemens, Schneider Electric, and SAP. Quarterly Patches are out for Splunk. New Alerts for Phoenix Contact, WAGO, and Linux. Patches for Microsoft and Adobe are expected this afternoon.  Patches for Palo Alto and Juniper are expected tomorrow.An item of note, there were no security patches...

Monthly Patches are out for Qualcomm and Samsung Semiconductor. New Alerts for NetApp, IBM, and Linux. Tomorrow is Patch Tuesday for at least 8 vendors. Qualcomm Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1More info. Samsung Semiconductor Samsung Semiconductor Mont...

New Alerts for Citrix, ABB, Dell, and Linux. Happy Independence Day to my fellow Americans! Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows a remote attacker to cause unintended control flow and DoS. CVSSv4 score of 9.2More info. ABB ABB RMC-100 with REST interface contains vulnerabilities that allow a...

New Alerts for Cisco, Mitsubishi Electric, Endress+Hauser, and Dell. Cisco Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium. The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager. CVSSv3 score of 10.More info. Mitsubishi Electric A DoS vulnerability exists in MELSEC iQ-F seri...

New Alerts for Microsoft Edge (Exploit), Festo, Voltronic Power, Contec, ModSecurity, IBM, and Linux. Microsoft Exploit Microsoft has updated Edge with the latest chromium vulnerabilities. Exploits are in the wild.More info. Festo FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attack...

New Alerts for Google Chrome, Pilz, Tenable Security Center, Mbed TLS, and Linux. Google Google has published updates for Chrome for Desktop that fixes one security vulnerability rated High that is actively being exploited.More info.Microsoft is aware. More info. Pilz The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remo...

New Alerts for Pilz, ifm electronic, IBM, Dell, NetApp, and Linux. Pilz PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium. A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8More info. ifm electronic A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety sta...

New Alerts for Microsoft Edge, D-Link, IBM, Dell, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes and fixes for 3 Edge-specific vulnerabilities.More info. D-Link D-Link has published 2 bulletins identifying vulnerabilities in EOS/EOL products. No fixes will be provided.More info. And here. IBM IBM has published Critic...

New Alerts for Cisco, Broadcom, Mitsubishi Electric, Ricoh, IBM, and Linux. Cisco Cisco has published 2 new bulletins, 1 Critical and 1 Medium. The Critical bulletin lists vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to issue commands on the underlying operating system ...

New Alerts for Google Chrome, Mozilla, MICROSENS, ControlID, Kaleris, GitLab, and Linux. MICROSENS MICROSENS NMP Web+ contains several vulnerabilities, including Use of Hard-coded, Security-relevant Constants and Insufficient Session Expiration. These could allow a remote attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. H...

New Alerts for MB Connect, Advantech, Westermo, Hitachi Energy, Splunk, Fortinet, and Linux. We have raised a Subject Alert for potential cyber activity from Iran and Israel increasing during the ceasefire. MB Connect The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can allow a remote att...

New Alerts for Microsoft Edge, F5, NetApp, and IBM. Microsoft Microsoft has updated Edge to apply the latest chromium-based fixes.More info. F5 BIG-IP Next CNF contains a vulnerability in Ruby that allows a remote attacker to smuggle a message to the client/server without the intermediary being aware of it. CVSSv3 score of 7.5More info. NetApp NetA...

New Alerts for Delta, Dell, IBM, and Linux. Happy Weekend! Delta Delta's Langflow online service contains Code Injection and Weak Password vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell Dell has published a Critical bulletin for Container Storage Modules.More info. IBM IBM has published Critical bulletins for CloudPak for Data and wats...

New Alerts for Broadcom Tanzu, ClamAV, Cisco, UniFi, IBM, and Linux. Broadcom Broadcom has published 10 new bulletins identifying security vulnerabilities in Tanzu products. Highest CVSSv3 score of 9.8More info. ClamAV ClamAV has been updated to fix DoS and RCE vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco A vulnerability in the AnyC...

Monthly Patches are out for Atlassian. New Alerts for Google Chrome, Dover Fueling Solutions, Citrix, OpenBSD, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Dover Fueling Dover Fueling Solutions ProGauge MagLink LX consoles contain a Missing Authentication vul...