Skip to main content

CND News and Blog

New Vulnerabilities Thursday 18 August

New Alerts for Apple (Exploit), GE Grid, Microsoft Edge (Exploit), IBM, NetApp, and Linux. Apple Exploit Apple has patched macOS, iOS, and iPadOS. One vulnerability is being activelly exploited. Highest CVSSv3 score of 8.8More info. And here. GE Grid  GE Grid has reported several vulnerabilities in the Reason S20 switch, including Unsalted Pas...

0
  1031 Hits
  0 Comments

New Vulnerabilities Wednesday 17 August

Splunk Quarterly Patches are out. New Alerts for Google Chrome, LS Electric, Softing, B&R Automation, WAGO, Sequi, and Linux. Google - Exploit Google has publsihed a security update for Chrome for Desktop, that addresses 11 security vulnerabilities, at least 1 rated Critical and 1 being currently exploited.More info.Microsoft is aware andw orki...

0
  1105 Hits
  0 Comments

New Vulnerabilities Tuesday 16 August

New Alerts for TRUMPF, IBM, Lenovo, and Linux. Splunk Quarterly Patches are expected out today. TRUMPF  A number of TRUMPF software tools use the OPC UA Server, which contains several vulnerabilities that would allow a remote attacker to send malicious data to the application, resulting in a DoS. CVSSv3 score of 7.5More info. IBM  Multipl...

0
  888 Hits
  0 Comments

New Vulnerabilities Monday 15 August

New Alerts for IBM, NetApp, and Linux. IBM  Multiple vulnerabilities in jackson-databind shipped with IBM Cloud Pak System Highest CVSSv3 score of 9.8More info.IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration. CVSSv3 score of 9.8More info.Multiple security vulnerabilities are add...

0
  840 Hits
  0 Comments

New Vulnerabilities Friday 12 August

New Alerts for Cisco and Keysight Technologies. Cisco  A vulnerability in the handling of RSA keys on devices running Cisco ASA and FTD Software could allow a remote attacker to retrieve an RSA private key. CVSSv3 score of 7.4More info.A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco ASA Software could allow a remote attac...

0
  859 Hits
  0 Comments

New Vulnerabilities Thursday 11 August

New Alerts for Palo Alto Networks, Dell, and Linux. Palo Alto Networks  A PAN-OS URL filtering policy misconfiguration could allow a remote attacker to conduct reflected and amplified TCP DoS attacks. The DoS attack would appear to originate from a Palo Alto Networks firewall against an attacker-specified target. CVSSv3 score of 8.6More info. ...

0
  2202 Hits
  0 Comments

New Vulnerabilities Wednesday 10 August

Monthly Patches are out for Microsoft and Adobe. New Alerts for VMware, Hitachi, Zoom, and Linux. Microsoft  Microsoft Monthly Patches are out, with patches for 141 vulnerabilities, 17 rated Critical, 2 previously disclosed, and 1 being exploited. Highest CVSSv3 score of 9.8More info. And here. And here.An RCE Windows PPP wormable vulnerabilit...

0
  942 Hits
  0 Comments

New Vulnerabilities Tuesday 09 August

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for AUMA, Exim, SICK, NetApp, and Linux.                    Microsoft and Adobe Monthly Patches are expected out this afternoon. Siemens  Siemens Monthly Patches are out, with 4 new bulletins and 38 updated bulletins. ...

0
  859 Hits
  0 Comments

New Vulnerabilities Monday 08 August

New Alerts for Microsoft Edge and Linux. Microsoft  Microsoft has updated Edge with the latest chromium security updates.More info. Linux Mageia has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page ...

0
  763 Hits
  0 Comments

New Vulnerabilities Friday 05 August

New Alerts for Digi International and NetApp. Digi  Digi International ConnectPort X2D Gateway contains a vulnerability that allows an attacker to execute malicious actions resulting in code execution. CVSSv3 score of 10.More info. NetApp  NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in...

1
  830 Hits
  0 Comments

New Vulnerabilities Thursday 04 August

New Alerts for Cisco, IBM, and WithSecure. Cisco  Cisco has published 5 new bulletins, 1 rated Critical and 4 rated Medium.More info. Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a DoS. CVSSv3 score of 9.8More in...

1
  809 Hits
  0 Comments

New Vulnerabilities Wednesday 03 August

Quarterly Patches are out for F5. Monthly Patches are out for Fortinet. New Alerts for VMware, Google Chrome, Belden, Dell, and Linux.                  Splunk Quarterly Patches have been pushed off 2 weeks. VMware  VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an auth...

2
  820 Hits
  0 Comments

New Vulnerabilities Tuesday 02 August

Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Dell, Mitsubishi Electric, Meinberg, and Linux.                      Splunk Quarterly Patches should come out today. Dell  Dell CloudLink remediation is available for AD users login without pass...

1
  931 Hits
  0 Comments

New Vulnerabilities Monday 01 August

Monthly Patches are out for MediaTek. New Alerts for Bosch, F5, NetApp, and Western Digital.        Tomorrow is Mobile Monthly Patch day, and Splunk Quarterly Patches. Bosch  Multiple vulnerabilities were identified in BF-OS used by Bigfish V3 and PR21 (Energy Platform) devices and Bigfish VM image, which are part of the da...

2
  813 Hits
  0 Comments

New Vulnerabilities Friday 29 July

New Alerts for IBM, Hitachi, Citrix, Tenable, Mozilla, and Linux. IBM  A vulnerability in IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a DoS. CVSSv3 score of 9.1More info.AIX is affected by multiple vulnerabilities due to Python. Highest CVSSv3 score of 9.8More info. Hitachi  Hitachi has publ...

4
  913 Hits
  0 Comments

New Vulnerabilities Thursday 28 July

New Alert for Dell. Dell  Dell PowerMax Embedded NAS contains remediation for multiple security vulnerabilities that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical.More info.Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by remote attackers to c...

3
  966 Hits
  0 Comments

New Vulnerabilities Wednesday 27 July

New Alerts for Honeywell, Mozilla, Mitel, IBM, Aruba, and Linux. Honeywell  Honeywell Safety Manager contains multiple vulnerabilities that could allow for configuration and firmware manipulation or remote code execution. Highest CVSSv3 score of 7.5More info. Mozilla  Mozilla has published security updates for Firefox and Firefox ESR, the...

2
  1085 Hits
  0 Comments

New Vulnerabilities Tuesday 26 July

New Alerts for IBM, Trellix, FileWave, and Citrix. IBM  Tivoli Netcool Manager has been updated to fix several security vulnerabilities in third-party software. Highest CVSSv3 score of 9.8More info.Tivoli Network Manager has been updated to fix several security vulnerabilities in third-party software. Highest CVSSv3 score of 9.8More info.Ratio...

2
  1046 Hits
  0 Comments

New Vulnerabilities Monday 25 July

New Alerts for SonicWall, Microsoft Edge, and NetApp. SonicWall  An Unauthenticated SQL Injection vulnerability impacts SonicWall GMS and Analytics On-Prem. CVSSv3 score of 9.4More info. Microsoft  Microsoft has updated Edge with the latest chromium security fixes.More info. NetApp  NetApp has published 7 new bulletins identifying vu...

2
  846 Hits
  0 Comments

New Vulnerabilities Friday 22 July

New Alerts for ICONICS, Johnson Controls, Hitachi, Veritas, WithSecure, and Linux. ICONICS  ICONICS GENESIS64, Hyper Historian, AnalytiX, IoTWorX, MobileHMI, GraphWorX64, and GenBrokerX64 contain several vulnerabilities that could result in information disclosure, RCE, or DoS. Highest CVSSv3 score of 9.8More info. Johnson Controls  Johnso...

2
  996 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/