Skip to main content

CND News and Blog

New Vulnerabilities Thursday 18 July

New Alerts for Cisco, SonicWall, Apache HTTP Server, Dell, IBM, Mitel, and Linux. Cisco  Cisco has published 9 new bulletins, 2 rated Critical, 3 rated High, and 4 rated Medium. Highest CVSSv3 score of 10.More info.A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow a remote attacker to change the p...

0
  523 Hits

New Vulnerabilities Wednesday 17 July

New Alerts for Google Chrome, Atlassian, Rockwell Automation, Dell, and IBM.  Google  Google has updated Chrome for Desktop to fix 10 security vulnerabilities.More info. Atlassian  Atlassian has published security updates for Bamboo Data Center and Server, Confluence Data Center and Server, Jira Data Center and Server, and Jira Servi...

0
  381 Hits

New Vulnerabilities Tuesday 16 July

Oracle Quarterly Critical Patches are out today. New Alerts for Tanzu, Microsoft Edge, Dell, HPE, Alcatel-Lucent, and Linux. Oracle  Oracle Critical Patch Update will be released this afternoon. The Pre-Release shows 353 security vulnerabiliities patched, with 246 remotely exploitable without authorization. Highest CVSSv3 score of 9.8More info...

0
  432 Hits

New Vulnerabilities Monday 15 July

New Alerts for Tanzu, NetApp, IBM, Check Point, and Linux. Tanzu  Tanzu has published several bulletins identifying vulnerabilities in third-party software included in the products.More info. NetApp  NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of...

0
  403 Hits

New Vulnerabilities Friday 12 July

New Alerts for BD, Digi, HashiCorp, CODESYS, Dell, and Linux. BD  BD has published updates for FACS Sample Prep Assistant and FACSLyric to fix vulnerabilities in third-party software.More info. Digi  A security fix has been released for WR11, WR21, WR31, WR44R, WR44RR to patch the SSH entity to initialize an uninitialized variable, preven...

0
  412 Hits

New Vulnerabilities Thursday 11 July

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Wireshark, Veeam, Mitel, Xylem, and Linux. Palo Alto Networks  Monthly Patches are out with 6 bulletins, 1 rated Critical, 1 rated High, 3 rated Medium, and 1 rated Informational. Highest CVSSv4 score is 9.3More info. Missing authentication for a critical funct...

0
  479 Hits

New Vulnerabilities Wednesday 10 July

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Mozilla, Pepperl+Fuchs, Citrix, and Linux. Microsoft  Monthly Patches are out with 142 vulnerabilties, 4 rated Critical, 2 actively exploited. Highest CVSSv3 score is 9.8More info. And here. Adobe  Adobe Monthly Patches has updates for Premiere Pro, InDesign, and B...

0
  431 Hits

New Vulnerabilities Tuesday 09 July

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Node.js, Django, ifm electronic, and Linux. Monthly Patches are expected this afternoon for Microsoft and Adobe. Siemens  Monthly Patches are out, with 38 bulletins, 17 new and 21 updated bulletins. Of the new bulletins, the highest CVSSv3 score is 9.6More info.Th...

0
  471 Hits

New Vulnerabilities Monday 08 July

New Alerts for Apache CloudStack, IBM, F5, and NetApp. Apache  CloudStack contains 2 vulnerabilities. An unauthenticated cluster service port leads to remote execution, and the integration API service uses dynamic port when disabled.More info. IBM  Apache Derby might allow a remote attacker to bypass security restrictions caused by an LDA...

0
  458 Hits

New Vulnerabilities Friday 05 July

New Alerts for Exim, CODESYS, IBM, and Linux. Exim  Exim misparses a multiline RFC 2231 header filename, allowing remote attackers to bypass a $mime_filename extension-blocking protection mechanism, and deliver executable attachments to the mailboxes of end users.More info. CODESYS  CODESYS Control runtime system uses the OPC UA stack, wh...

0
  341 Hits

New Vulnerabilities Thursday 04 July

New Alerts for Apache, Apache Tomcat, Tenable, WatchGuard, Acronis, OPC, Mitsubishi Electric, and Linux. Apache  Apache has updated HTTP Server to fix a regression that might expose source code of local content, such as PHP scripts.More info.Apache Tomcat has been updated to fix a DoS vulnerability.More info. Tenable  Identity Exposure ha...

0
  415 Hits

New Vulnerabilities Wednesday 03 July

Monthly Patches are out for Google Pixel. New Alerts for Dell, Hitachi, mySCADA, TRENDnet, and NetApp. Google  Google Monthly Patches for Pixel are out with patches from Android and Qualcomm.More info. Dell  Dell has published security patches for ObjectScale XF960 PowerEdge, NetWorker vProxy, PowerVault, PowerStore, BSAFE SSL-J, Data Pro...

0
  469 Hits

New Vulnerabilities Tuesday 02 July

Monthly Patches are out for Google Android and Samsung. Quarterly Patches are out for Splunk. New Alerts for Juniper Networks, Dräger, and Apache. Google  Google Monthly Patches for Android are out with 11 patched vulnerabilities, 1 rated Critical and the rest High, plus Arm, Imagination Technologies, MediaTek, and Qualcomm patches. More info....

0
  516 Hits

New Vulnerabilities Monday 01 July

Monthly Patches are out for Qualcomm, Mediatek, and Unisoc. New Alerts for Samsung Semiconductor, BD, and OpenSSH.  Qualcomm  Qualcomm has published their Monthly Patches with 6 bulletins, one rated Critical and 5 rated High, plus 9 fixes for third-party software. Highest CVSSv3 score of 8.4More info. Mediatek  Mediatek Monthly Patch...

0
  460 Hits

New Vulnerabilities Friday 28 June

New Alerts for Juniper Networks, Microsoft Edge, Avaya, IBM, and Dell. Juniper Networks  An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. CVSS...

0
  411 Hits

New Vulnerabilities Thursday 27 June

New Alerts for Yokogawa, SDG Technologies, marKoni, GitLab, Moxa, IBM, and Dell. Yokogawa  FAST/TOOLS and CI Server contain XSS and Empty Password in Configuration File vulnerabilities. Highest CVSSv4 score of 6.9More info. SDG Technologies  PnPSCADA has a Missing Authorization vulnerability. CVSSv4 score of 9.3More info. marKoni  Ma...

0
  476 Hits

New Vulnerabilities Wednesday 26 June

New Alerts for Progress MOVEit, Checkpoint, VMware, PTC, Rockwell Automation, Fortra, Dell, and Linux. Progress  Progress MOVEit contains 2 vulnerabilities that allow anyone who is able to place a public key on the server to assume the identity of any SFTP user at all. There is documentation of how to do this available on the Internet in a vul...

0
  368 Hits

New Vulnerabilities Tuesday 25 June

New Alerts for Google Chrome, Hitachi, Dell, Moxa, and Linux. Google  Chrome for Desktop has been updated to fix 5 security vulnerabilities.More info. Hitachi  Hitachi Storage Provider for VMware vCenter has been updated to fix 2 security vulnerabilities.More info. Dell  Dell has published an update for Dell Connectrix to fix several...

0
  436 Hits

New Vulnerabilities Monday 24 June

New Alert for NetApp. NetApp  NetApp has published 8 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8There are patches for 2 bulletins.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat In...

0
  405 Hits

New Vulnerabilities Friday 21 June

New Alerts for Westermo, CAREL, Microsoft Edge, and Linux. TGIF! Westermo  L210-F2G Lynx contains 2 vulnerabilities, including Cleartext Transmission of Sensitive Information and Improper Control of Interaction Frequency. Highest CVSSv4 score of 8.7No patches, Disable HTTP, external access to the WebGUI and CLI.More info. CAREL  Boss-Mini...

0
  445 Hits

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/