CND News and Blog

Monthly Patches are out for MediaTek. New Alerts for Synology and Linux. MediaTek  MediaTek has published their Monthly Security Bulletin with details of vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Seven vulnerabilities are rated High, And 19 vulnerabilities are rated Medium,...

Fortinet has put out Monthly Patches. New Alerts for Cisco, OPC, and libssh. Cisco  A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow a remote attacker to execute arbitrary code on an affected device. CVSSv3 score of 9.8 Product is EOL, no updates will be provided.More info. OPC  A vul...

New Alerts for Google Chrome, Atos, F5, IBM, and Linux. Splunk Quarterly Patches have been pushed off 2 weeks. Google  Chrome for Desktop has been updated to correct 15 security vulnerabilities, most of which are rated Medium or Low.More info.Microsoft is aware. More info. Atos  Multiple vulnerabilities have been identified in Unify OpenS...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Zyxel, Apple, and Linux. Apple has released their first ever Rapid Security Response, essentially just the patches.Splunk Quarterly Patches are expected this afternoon. Google  Android Monthly Patches are out, with 20 addressed vulnerabilities, 19 rated High ...

Qualcomm Monthly Patches are out. New Alerts for IBM, F5, and Linux. Monthly Patches for Google Android, Pixel, and Automotive, as well as MediaTek and Samsung are expected tomorrow.  Quarterly Patches for Splunk are expected tomorrow. Qualcomm  Monthly Patches are out for Qualcomm, with 9 addressed vulnerabilities, all rated High, plus o...

New Alerts for Illumina, NetApp, and Linux. Illumina  Instruments with Illumina Universal Copy Service v2 are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. Highest CVSSv3 score of 10More info. A...

New Alerts for Cisco, IBM, NetApp, and Dell. Cisco  A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. CVSSv3 score of 6.1More info. IBM  IBM App Connect Enterprise Certified ...

New Alerts for Keysight, Hitachi Energy, Tenable, and Linux. Keysight  Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. A remote attacker could achieve RCE. CVSSv3 score of 9.8EOL, find a replacement.More info. Hitachi Energy  Multiple vulnerabilities i...

New Alerts for Belden/Hirschmann, Microsoft Edge, IBM, and Linux. Belden  Hirschmann HiOS, Classic, HiSecOS, Wireless BAT-C2, Lite Managed, and Edge contain third-party software with vulnerabilities. Highest CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. IBM  IBM Db2 Grap...

Apparently it was a quiet weekend, I found no new vulnerabilities to report this morning.  Enjoy the great start to the week! Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, ...

New Alerts for VMware and INEA. VMware  VMware Aria Operations for Logs contains several vulnerabilities, the worst of which allows a remote attacker to execute arbitrary code as root. Highest CVSSv3 score of 9.8More info. INEA  ME RTU contains an OS Command Injection vulnerability that could allow a remote attacker RCE. CVSSv3 score of 1...

New Alerts for Cisco, PaperCut (Exploit), TIBCO, Microsoft Edge (Exploit), NetApp, and HCL Software.  Cisco  Cisco has published 6 new bulletins and 2 updated bulletins. Of the new bulletins, 2 are rated Critical, 2 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.9More info. A vulnerability in the external authentication mechani...

New Alerts for F5, vm2, Google Chrome (Exploit), and Linux. F5  BIG-IP Next SPK and F5OS contain a vulnerability in urllib3 that allows a remote attacker to inject additional HTTP headers via the HTTP method and perform a smuggling attack and/or allow a client to bypass HTTP headers with security purpose. Highest CVSSv3 score of 6.5.More info....

Oracle Quarterly Patches are out this afternoon.  New Alerts for Philips, IBM, Pale Moon, and Linux.  Philips Philips has identified several products vulnerable to the Windows CLFS issue that is being actively exploited. CVSSv3 score of 7.8More info. OracleOracle quarterly patches are out with 414 new security patches, 284 are remotely ex...

New Alerts for HP, Omron (Exploit), Google Chrome (Exploit), and Microsoft Edge (Exploit.)  Tomorrow is Oracle Quarterly Patches, the pre-release is out, see the link below. HP  HP Device Manager could potentially allow command injection and/or elevation of privileges. Highest CVSSv3 score of 9.8More info. Omron Exploit FINS is a protocol...

New Alerts for Mitsubishi Electric India, B&R, Dell, NetApp, and Linux. Mitsubishi Electric India  Mitsubishi Electric India Ethernet communication Extension unit GC-ENET-COM contains a vulnerability that leads to a communication error and may result in a DoS. CVSSv3 score of 7.5 More info. B&R  VC4 Visualization contains several ...

Monthly Patches for Juniper Networks are out. New Alerts for FANUC, NTP, IBM, Dell, Wireshark, and Linux.  FANUC  FANUC ROBOGUIDE-HandlingPRO contains a Path Traversal vulnerability that could allow a remote attacker to read and/or overwrite files on the system running the affected software. CVSSv3 score of 6.8More info. Juniper Networks ...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Mozilla, SICK, Hikvision, and Linux. Microsoft Exploit Microsoft Monthly Patches are out with fixes for 114 vulnerabilities, 7 of which are Critical and 1 EoP vulnerability being exploited. Highest CVSSv3 score of 9.8More info. And here. And here. Adobe  In their Monthl...

Monthly Patches are out for Siemens, Schneider Electric, SAP, and Google Pixel. New Alerts for Apple (Exploit), TRENDnet, and Linux.      This afternoon Microsoft and Adobe Monthly Patches should be out. Tomorrow there might be Palo Alto Networks patches. Siemens  Siemens Monthly Patches are out with 13 new bulletins and 32 upda...

New Alert for Apple (Exploit). Apple has published updates for Safari, iOS, iPadOS, and macOS. These contain actively exploited vulnerabilities. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardr...