CND News and Blog

New Alerts for Exim, CODESYS, IBM, and Linux. Exim  Exim misparses a multiline RFC 2231 header filename, allowing remote attackers to bypass a $mime_filename extension-blocking protection mechanism, and deliver executable attachments to the mailboxes of end users.More info. CODESYS  CODESYS Control runtime system uses the OPC UA stack, wh...

New Alerts for Apache, Apache Tomcat, Tenable, WatchGuard, Acronis, OPC, Mitsubishi Electric, and Linux. Apache  Apache has updated HTTP Server to fix a regression that might expose source code of local content, such as PHP scripts.More info.Apache Tomcat has been updated to fix a DoS vulnerability.More info. Tenable  Identity Exposure ha...

Monthly Patches are out for Google Pixel. New Alerts for Dell, Hitachi, mySCADA, TRENDnet, and NetApp. Google  Google Monthly Patches for Pixel are out with patches from Android and Qualcomm.More info. Dell  Dell has published security patches for ObjectScale XF960 PowerEdge, NetWorker vProxy, PowerVault, PowerStore, BSAFE SSL-J, Data Pro...

Monthly Patches are out for Google Android and Samsung. Quarterly Patches are out for Splunk. New Alerts for Juniper Networks, Dräger, and Apache. Google  Google Monthly Patches for Android are out with 11 patched vulnerabilities, 1 rated Critical and the rest High, plus Arm, Imagination Technologies, MediaTek, and Qualcomm patches. More info....

Monthly Patches are out for Qualcomm, Mediatek, and Unisoc. New Alerts for Samsung Semiconductor, BD, and OpenSSH.  Qualcomm  Qualcomm has published their Monthly Patches with 6 bulletins, one rated Critical and 5 rated High, plus 9 fixes for third-party software. Highest CVSSv3 score of 8.4More info. Mediatek  Mediatek Monthly Patch...

New Alerts for Juniper Networks, Microsoft Edge, Avaya, IBM, and Dell. Juniper Networks  An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or Conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. CVSS...

New Alerts for Yokogawa, SDG Technologies, marKoni, GitLab, Moxa, IBM, and Dell. Yokogawa  FAST/TOOLS and CI Server contain XSS and Empty Password in Configuration File vulnerabilities. Highest CVSSv4 score of 6.9More info. SDG Technologies  PnPSCADA has a Missing Authorization vulnerability. CVSSv4 score of 9.3More info. marKoni  Ma...

New Alerts for Progress MOVEit, Checkpoint, VMware, PTC, Rockwell Automation, Fortra, Dell, and Linux. Progress  Progress MOVEit contains 2 vulnerabilities that allow anyone who is able to place a public key on the server to assume the identity of any SFTP user at all. There is documentation of how to do this available on the Internet in a vul...

New Alerts for Google Chrome, Hitachi, Dell, Moxa, and Linux. Google  Chrome for Desktop has been updated to fix 5 security vulnerabilities.More info. Hitachi  Hitachi Storage Provider for VMware vCenter has been updated to fix 2 security vulnerabilities.More info. Dell  Dell has published an update for Dell Connectrix to fix several...

New Alert for NetApp. NetApp  NetApp has published 8 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8There are patches for 2 bulletins.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat In...

New Alerts for Westermo, CAREL, Microsoft Edge, and Linux. TGIF! Westermo  L210-F2G Lynx contains 2 vulnerabilities, including Cleartext Transmission of Sensitive Information and Improper Control of Interaction Frequency. Highest CVSSv4 score of 8.7No patches, Disable HTTP, external access to the WebGUI and CLI.More info. CAREL  Boss-Mini...

New Alerts for BD, Moxa, and HP. BD  BD has published updates for third-party software in Identity Provider Manager, Alaris, Pyxis, Care Coordination Engine, and Data Agent.More info. Moxa  Multiple UC series IPC are affected vulnerabilities in SSH that could lead to bypass authentication. CVSSv3 score of 5.9More info.SDS-3008 Series firm...

New Alerts for RAD Data, Google Chrome, Atlassian, Juniper Networks, and TRENDnet. RAD Data  SecFlow-2 contains a Path Traversal vulnerability that allows a remote attacker to obtain files from the operating system by crafting a special request. CVSSv4 score of 8.7Product is EOL, upgrade to the newer product.More info. Google  Google has ...

New Alerts for IBM and VMware. IBM  Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. Highest CVSSv3 score of 9.8More info. VMware  Multiple heap-overflow and privilege escalation vulnerabilities in vCenter Server. Highest...

New Alert for IBM. IBM  IBM DevOps update addresses multiple vulnerabilities in third-party software. Highest CVSSv3 score of 9.8More info.Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management. Highest CVSSv3 score of 9.8More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizard...

New Alerts for Microsoft Edge, NetApp, and Asus. Happy for a calm end to a hectic week! Microsoft  Microsoft has updated Edge to fix the latest chromium vulnerabilities and three Edge-specific updates.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Hi...

Monthly Patches are out for Palo Alto Networks. New Alerts for Blackberry, Fsas Technologies, Samsung, Rockwell Automation, HPE, MicroDicom, HashiCorp, and Linux. Palo Alto Networks  Monthly Patches are out with 5 bulletins. Highest CVSSv4 score of 6.8More info.A vulnerability in GlobalProtect app can result in exposure of encrypted user crede...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, Tenable, Intrado, Mozilla, Broadcom (Brocade SANnav, Symantec Endpoint Protection), Veeam, Hitachi Energy, Dell, Phoenix Contact, and Linux. Microsoft  Monthly Patches are out with 49 vulnerabilities plus 9 third-party vulnerabilities, 1 rat...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple, PyTorch, HPE, and Linux. Siemens  Monthly Patches are out for Siemens with 27 bulletins, 14 new and 13 updated. Of the new bulletins, highest CVSSv3 score of 9.8More info. Schneider Electric  Schneider Electric Monthly Patches are out with 7 bulletins,...

New Alerts for SolarWinds, Broadcom, checkmk, PyTorch, Dell, and Linux. SolarWinds  SolarWinds Serv-U contained a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Highest CVSSv3 score of 8.6More info. Broadcom  VMware Tanzu Application Service for VMs GoRouter contains a DoS vulnerab...