CND News and Blog

New Alerts for Cisco, Palo Alto Networks, Fortinet, IBM, BD, and curl. Cisco  Cisco has released 6 bulletins, 5 rated Medium and 1 Informational. Highest CVSSv3 score of 6.7More info.A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow a remote attacker to cause a DoS. CVSSv3 score of 4.3More ...

Monthly Patches are out for Microsoft and Adobe. New Alerts for Microsoft Edge (Exploit), BlackBerry, Google Chrome (Exploit), Rockwell Automation, ASUS, and Mozilla (Exploit). Microsoft Exploit Microsoft Monthly Patches include fixes for 66 vulnerabilities, 5 rated Critical, 2 being actively exploited. Highest CVSSv3 score of 8.8More info. And her...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Microsoft Edge (0-Day), Apple (exploit), Zoom, and Linux.Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Siemens Monthly Patches contain 7 new bulletins and 14 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.0More i...

New Alerts for Open5GS, IBM, NetApp, and Linux. Open5GS  Open5GS contains 4 vulnerabilities that could allow a remote attacker to cause DoS or retrieve device information. Highest CVSSv3 score of 7.5More info. IBM  IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to third-party software. Highest CVSS...

New Alerts for Apple (Exploit), Socomec, Dover Fueling, Microsoft Edge, Dell, and HPE. Apple Exploit Apple has published updates for iOS, iPadOS, macOS, and watchOS. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Apple is aware that 2 of the vulnerab...

New Alerts for Cisco, NVIDIA, IBM, and Linux. Cisco  Cisco has published 6 new bulletins, 1 rated Critical, 1 rated High, and 4 rated Medium. Highest CVSSv3 score of 10.More info.A vulnerability in the SSO implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow a remote attack...

Monthly Patches are out for Samsung. New Alerts for Tenda, Cacti, Hitachi, and Linux. Tenda 0-day An authentication bypass vulnerability exists in the N300 Wireless N VDSL2 Modem Router manufactured by Tenda. This vulnerability allows a remote attacker to access sensitive information.More info. Cacti  Twenty new vulnerabilities have been publi...

Monthly Patches are out for Google Android. New Alerts for Fujitsu, Softneta, Google Chrome, IBM, and Linux. Fujitsu  The credentials of Fujitsu Limited Real-time Video Transmission Gear "IP series" for factory testing may be obtained by reverse engineering and other methods. CVSSv3 score of 5.9More info. Softneta  MedDream PACS contains ...

Monthly Patches are out for Qualcomm and MediaTek. Qualcomm  Qualcomm Monthly Patches are out, with 25 vulnerabilities, 2 rated Critical, 20 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include 45 vulnerabilities, 1 rated High and the rest Medium.More info. Security Wizardry Cybe...

New Alerts for ARDEREG, Moxa, Broadcom, Microsoft, IBM, Dell, NetApp, Ivanti, and Linux. ARDEREG  Sistemas SCADA contains a SQL Injection vulnerability that could allow a remote attacker to manipulate SQL query logic to extract sensitive information and perform unauthorized actions within the database. CVSSv3 score of 9.8More info. Moxa  ...

Quarterly Patches are out for Splunk. New Alerts for D-Link, Roundcube, BD, IBM, HPE, Mozilla, and Linux. D-Link DIR-3040 contains a stack-based overflow vulnerability that coule elevate to multiple attack vectors, allowing RCE. CVSSv3 score of 9.8More info. Splunk  Splunk Quarterly Patches are out, with 11 bulletins, 9 rated High and 2 rated ...

New Alerts for VMware, Google Chrome, GE Gas Power, IBM, Aruba, Juniper Networks, and Linux. VMware  Aria Operations for Networks contains two vulnerabilities, the worst of which could allow a remote attacker to bypass SSH authentication to gain access to the Aria Operations for Networks CLI. Highest CVSSv3 score of 9.8More info. Google  ...

New Alerts for VirusTotal YARA, SICK, Hitachi Energy, ClamAV, IBM, Mozilla, and Linux. VirusTotal  A buffer overflow vulnerability in VirusTotal YARA allows a remote attacker to create a malicious ruleset that will execute arbtirary code. CVSSv3 score of 9.8Don't use unknown rulesets.More info. SICK  Multiple vulnerabilities exist in the ...

New Alerts for IBM, NetApp, Google ChromeOS, and Apache Tomcat. IBM  IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from systemd, libcap, openssl-libs, libxml2, go-toolset, and prometheus-operator. Highest CVSSv3 score of 9.8More info. NetApp  NetApp has published 2 new bulletins identifying ...

New Alerts for Opto 22, KNX, D-Link, IBM, NetApp, and Linux. Opto 22  SNAP PAC S1 contains several vulnerabilities that could allow a remote attacker to brute force passwords, access certain device files, or cause a DoS. Highest CVSSv3 score of 7.5No patch, secure your network.More info. KNX  KNX devices that use KNX Connection Authorizat...

New Alerts for Moxa, Sprecher Automation, Rockwell Automation, WithSecure, Wireshark, and Linux. Moxa  ioLogik 4000 Series is affected by multiple web server vulnerabilities and an improper access control vulnerability. Highest CVSSv3 score of 5.3More info. Sprecher Automation  A vulnerability in Wibu Systems CodeMeter User Runtime Softwa...

New Alerts for Google Chrome, Ormazabal, Aruba, DrayTek, Mitel, and Linux. Google  Five security vulnerabilities have been fixed in Google Chrome, the most severe of which could allow for arbitrary code execution.More info. Ormazabal  Ten vulnerabilities have been identified in Ormazabal's ekorCCP and ekorRCI industrial devices. Highest C...

New Alert for Microsoft Edge. Microsoft  Microsoft has updated Edge with the latest chromium updates and an Edge-specific vulnerability fix. CVSSv3 score of 6.5 for the Edge vulnerability.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The...

New Alerts for Rockwell Automation, Ivanti (Exploit), and Linux. Rockwell Automation  ThinManager contains 3 vulnerabilities that could allow a remote attacker to cause a DoS or delete arbitrary files. Highest CVSSv3 score of 9.8More info. Ivanti Exploit A vulnerability has been discovered in Ivanti Sentry that allows a remote attacker to acce...

New Alerts for Walchem, Microsoft Edge, Juniper, Ubiquiti, Supermicro (Exploit), CODESYS, HPE, NetApp, and Linux. Walchem  Walchem Intuition 9 firmware is missing authentication for some of the API routes of the management web server, allowing a remote attacker to download and export sensitive data. CVSSv3 score of 7.5More info. Microsoft ...