CND News and Blog

Monthly Patches are out for Palo Alto Networks. New Alerts for Hikvision, Microsoft (Edge), QNAP, Lenovo, Riello UPS, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches include 2 bulletins, both rated Medium. Highest CVSSv3 score of 6.7More info. Hikvision  Some of Hikvision's access control/intercom products contain two se...

Monthly Patches are out for Microsoft, Adobe, and Google Pixel. New Alerts for Rockwell Automation, Google Chrome, IBM, and Linux. Microsoft  Microsoft has published their Monthly Patches with 73 vulnerabilities. Six of these vulnerabilities are rated as Critical, in Visual Studio, .net, and Windows PGM. Highest CVSSv3 score of 9.8More info. A...

Monthly Patches are out for Fortinet, Siemens, Schneider Electric, and SAP. New Alerts for HPE, Xerox, Citrix, Phoenix Contact, Apache Struts, and Linux. Fortinet  Fortinet has published their Monthly Patches with 21 bulletins, 1 rated Critical, 7 rated High, 11 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.2More info. A heap-based ...

New Alert for Fortinet. Fortinet  Fortinet has published a patch for a RCE vulnerability in Fortigate devices when SSL-VPN is enabled. CVSSv3 score of 9.8More info. And here. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mob...

New Alerts for Atlas Copco, Johnson Controls, NetApp, and Linux. Atlas Copco  Power Focus 6000 contains several vulnerabilities, including Cleartext Storage and Transmission of Sensitive Information, and Small Space of Random Values. Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the takeover o...

New Alerts for Cisco, Trellix, VMware, IBM, Google ChromeOS, and Barracuda (Exploit). Cisco  Cisco has released 7 new bulletins, 1 rated Critical, 3 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.6More info.A vulnerability in the XCP Authentication Service of the Cisco Unified CM IM&P could allow a remote attacker to cause a DoS...

Monthly Patches are out for MediaTek. New Alerts for Mozilla, Microsoft Edge (Exploit), IBM, and Linux. MediaTek  MediaTek Monthly Patches are out with 31 vulnerabilities rated Medium.More info. Mozilla  Mozilla has published patches for security vulnerabilities in Firefox and Firefox ESR, both rated High.More info. Microsoft  Micros...

Monthly Patches are out for Android and Samsung (Exploit). New Alerts for Google Chrome (Exploit), GitLab, GE Gas Power, Xerox, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 2 security vulnerabilities. Exploits exist in the wild, and can lead to arbitrary code execution.More info. And here.Microsoft is aware. More info.Mont...

Monthly Patches are out for Qualcomm. New Alerts for Moxa, Softing, Microsoft Edge, IBM, Dell, and Linux. Qualcomm  Qualcomm Monthly Patches are out with 26 patches, 5 rated Critical, 15 rated High, and 6 rated Medium. Highest CVSSv3 score of 8.4More info. Moxa  CN2600 Series contains a vulnerability that would allow a remote attacker to ...

Quarterly Patches are out for Splunk. New Alerts for IBM, D-LINK, and STARFACE PBX. Splunk  Splunk patches are out with 15 bulletins, 1 rated Critical, 7 rated High, 6 rated Medium, and 1 rated Low. Highest CVSSv3 score of 9.8More info. IBM  IBM Edge Application Manager addresses a security vulnerability in Webpack. CVSSv3 score of 9.1Mor...

New Alerts for Mitsubishi Electric, NetApp, and Linux. MoveIT Transfer has identified a Critical vulnerability that allows unauthorized access to the environment. Mitsubishi Electric  Multiple vulnerabilities exist in MELSEC iQ-R Series/iQ-F Series EtherNet/IP modules and EtherNet/IP configuration tools. Due to improper handling of the pa...

New Alerts for Google Chrome, VMware, IBM, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 16 security vulnerabilities, the most severe of which could allow for arbitrary code execution.More info. VMware  VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. CVSSv3 score ...

New Alerts for Belden and Hitachi. Belden  Multiple libexpat vulnerabilities exist in HiOS, Classic, HiSecOS, Wireless BAT-C2, Lite Managed, and Edge. Highest CVSSv3 score of 9.8More info.StrongSwan vulnerability exists in Eagle and OWL. CVSSv3 score of 7.5More info. Hitachi  Hitachi has published updates for JP1/Veritas and Cosminexus HT...

New Alerts for IBM, NetApp, and Linux. IBM  IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl. CVSSv3 score of 9.8More info.A vulnerability in Etcd-io could affect IBM CICS TX Standard. CVSSv3 score of 9.8More info. And here.IBM App Connect Enterprise Certified Container is vu...

New Alerts for BD, HPE, and NetApp. BD  BD has published third-party software updates for several products.More info. HPE  A security vulnerability in the OpenSSL Library impacts HPE IceWall products. The vulnerability could be exploited resulting in remote DoS. CVSSv3 score of 7.5More info. NetApp  NetApp Blue XP Connector exposes i...

New Alerts for Zyxel and Wireshark. Zyxel  Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities. CVSSv3 score of 9.8More info. Wireshark  Wireshark has published 9 new bulletins identifying DoS vulnerabilities. CVSSv3 score of 6.5More info. Security Wizardry Cyber Threat Intelligence - The Radar Pa...

New Alerts for Netgate, Hitachi Energy, Bosch, GitLab, Dell, and Linux. Netgate  An IPv6 packet larger than the MTU on an interface can lead to a kernel panic in pf, resulting in a DoS.More info. Hitachi Energy  Multiple vulnerabilities in the libexpat affect the AFS65x, AFS66x, AFS67x, AFR67x and AFF66x series products. Highest CVSSv3 sc...

New Alerts for Mitsubishi Electric, Meinberg, IBM, Hitachi, Apache Tomcat, and Linux. Mitsubishi Electric  DoS and RCE vulnerabilities exists in the MELSEC Series CPU modules. A remote attacker may cause a DoS condition or execute malicious code on a target product by sending specially crafted packets. CVSSv3 score of 10.More info. Meinberg&nb...

All quiet so far, but it's early in the day. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industrie...

New Alerts for Johnson Controls, Carlo Gavazzi (exploit), Apple (exploit), Microsoft Edge, WithSecure, and Linux. Johnson Controls  A vulnerability impacting OpenBlue Enterprise Manager Data Collector allows a remote attacker to expose sensitive information. CVSSv3 score of 10More info. And here. Carlo Gavazzi Exploit Carlo Gavazzi Powersoft h...