CND News and Blog

New Alerts for Microsoft Edge, NetApp, and Asus. Happy for a calm end to a hectic week! Microsoft  Microsoft has updated Edge to fix the latest chromium vulnerabilities and three Edge-specific updates.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Hi...

Monthly Patches are out for Palo Alto Networks. New Alerts for Blackberry, Fsas Technologies, Samsung, Rockwell Automation, HPE, MicroDicom, HashiCorp, and Linux. Palo Alto Networks  Monthly Patches are out with 5 bulletins. Highest CVSSv4 score of 6.8More info.A vulnerability in GlobalProtect app can result in exposure of encrypted user crede...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, Tenable, Intrado, Mozilla, Broadcom (Brocade SANnav, Symantec Endpoint Protection), Veeam, Hitachi Energy, Dell, Phoenix Contact, and Linux. Microsoft  Monthly Patches are out with 49 vulnerabilities plus 9 third-party vulnerabilities, 1 rat...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple, PyTorch, HPE, and Linux. Siemens  Monthly Patches are out for Siemens with 27 bulletins, 14 new and 13 updated. Of the new bulletins, highest CVSSv3 score of 9.8More info. Schneider Electric  Schneider Electric Monthly Patches are out with 7 bulletins,...

New Alerts for SolarWinds, Broadcom, checkmk, PyTorch, Dell, and Linux. SolarWinds  SolarWinds Serv-U contained a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Highest CVSSv3 score of 8.6More info. Broadcom  VMware Tanzu Application Service for VMs GoRouter contains a DoS vulnerab...

New Alerts for Emerson, PHP, and Samsung. TGIF, seems like it's been Friday all week long! Emerson  CISA is reporting Ovation as vulnerable to OT:ICEFALL. Highest CVSSv4 score of 9.3More info. PHP  PHP has been updated for several security vulnerabilities, including a RCE. It's not clear if this impacts more than XAMPP on Windows in Japan...

New Alerts for Cisco, NetApp, Bitdefender, and Linux. Cisco  Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow a remote attacker to perform a stored XSS attack by exploiting a RFI vulnerability or perform a SSRF attack. Highest CVSSv3 score of 7.2More info. NetApp  NetApp has published 10 new bull...

New Alerts for NetApp, IBM, and Linux. NetApp  NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. IBM  Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecy...

Monthly Patches are out for Google Android and Samsung. New Alerts for Microsoft Edge, Codesys, Mitsubishi Electric, Zyxel, and Linux. Google  Monthly Patches are out for Android with 12 addressed vulnerabilities, plus Arm, MediaTek, and Qualcomm patches.More info. Samsung  Samsung Monthly Patches are out with 22 SVEs addressed vulnerabil...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Checkpoint (Exploit), Apache OfBiz, Apache Wicket, ifm, Progress, and Linux. Checkpoint Exploit Checkpoint has determined the Quantum Spark Gateways are vulnerable to the information disclosure security vulnerability as well.More info. Apache  Apache OfBiz contains a path traver...

New Alerts for Google Chrome, Westermo, BD, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 11 security vulnerabilities.More info. Westermo  EDW-100 contains Use of Hard-coded Passwordand Insufficiently Protected Credentials vulnerabilities that could allow a remote attacker to access the device using hardcoded creden...

New Alerts for Checkpoint (Exploit), Baxter, Carrier, Dell, F5, and Linux. Checkpoint Exploit Checkpoint Quantum Security Gateway has an actively exploited vulnerability in Security Gateways with IPsec VPN in Remote Access VPN community and the Mobile Access software blade. CVSSv3 score of 8.6More info. And here. Baxter  Welch Allyn Connex Spo...

New Alerts for TIBCO, Xerox, Baxter, Dell, IBM, Campbell Scientific, and Linux. TIBCO  Managed File Transfer Platform Server for Unix and z/Linux contain a vulnerability that allows Platform Server clients to bypass user-id/password authentication and transfer files as root or execute commands as root. CVSSv3 score of 9.8More info. Xerox ...

New Alerts for HPE, Hitachi, and Linux. HPE  Security vulnerabilities have been identified with Tomcat-based Servlet Engine on HP-UX 11i. These vulnerabilities could be locally and remotely exploited to create a DoS, unauthorized read access to sensitive data, unauthorized access to server, and disclosure of information. Highest CVSSv3 score o...

New Alerts for Omron, Microsoft Edge (Exploit), IBM, F5, Synology, and NetApp. Omron  Due to the multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers, information may be leaked or cause a DoS. Highest CVSSv3 score of 7.5More info.Due to an Insufficient Verification of Data Authenticity vulnerability which e...

New Alerts for AutomationDirect, IBM, Google Chrome, D-Link, Mitel, and Linux. AutomationDirect  AutomationDirect Productivity PLCs contains multiple vulnerabilities. Highest CVSSv3 score of 9.3More info. IBM  IBM Security Guardium is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Spectrum Protect Plus Cont...

New Alerts for Cisco, lighttpd, Progress, BD, and GitLab. Cisco  Cisco has published 5 new bulletins and 3 updated bulletins. Of the new bulletins, highest CVSSv3 score of 5.8More info.A vulnerability in the activation of an ACL on ASA and FTD software could allow a remote attacker to bypass the protection that is offered by a configured ACL o...

New Alerts for Veeam, Fluent Bit, Atlassian, Github, Google Chrome, and Linux. Veeam  Several vulnerabilities have been patched in Veeam Backup Enterprise Manager, the worst of which allows a remote attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. Highest CVSSv3 score of 9.8More info. Fluent Bit  A crit...

New Alert for IBM.  IBM  IBM Cloud Pak for Network Automation has been updated to address multiple security vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM has released a fix for IBM Db2 REST in response to multiple vulnerabilities. Highest CVSSv3 score of 9.8More info. Security Wizardry Cyber Threat Intelligence - The Radar Pag...

New Alerts for Dell, Asterisk, Mozilla, and Cerberus. Dell  Dell has updated NetWorker Runtime Environment to fix several Java SE Embedded vulnerabilities. Dell rates this Critical.More info. Asterisk  A vulnerability allows all unauthorized SIP requests to be identified as PJSIP Endpoint of local asterisk server. CVSSv3 score of 5.8More ...