Skip to main content

CND News and Blog

New Vulnerabilities Thursday 04 January

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Google Chrome, Dell, Wireshark, and HPE. Google  Google has updated Chrome for Desktop to fix 6 security vulnerabilities.More info.Google has published the Monthly Android patches with 11 addressed vulnerabilities, all rated High, plus Arm, Imagination Techno...

0
  151 Hits
  0 Comments

New Vulnerabilities Wednesday 03 January

New Alerts for MediaTek, IBM, and ASUS. MediaTek  MediaTek Monthly Patches are out, with 20 addressed vulnerabilities, with 2 rated High, and 18 rated Medium. More info. IBM  Security QRadar Analyst Workflow app for QRadar SIEM is vulnerable to using components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.A PyTorch vul...

0
  178 Hits
  0 Comments

New Vulnerabilities Tuesday 02 January

New Alerts for Qualcomm, IBM, and Linux. Qualcomm  Qualcomm Monthly Patches are out, with 16 addressed vulnerabilities, 2 rated Critical, 12 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.8More info. IBM  Vulnerabilities in Golang Go affect Cloud Pak System Software. Highest CVSSv3 score of 9.8More info. Linux  Debian has ...

0
  178 Hits
  0 Comments

New Vulnerabilities Monday 01 January

New Alerts for IBM and Juniper Networks. IBM  IBM Storage Protect Server uses IBM Db2 and is affected by multiple vulnerabilities including DoS, RCE, or loss of confidentiality, integrity or availability. CVSSv3 score of 9.8More info. Juniper  Multiple vulnerabilities have been resolved in Juniper Secure Analytics. Highest CVSSv3 score of...

0
  163 Hits
  0 Comments

New Vulnerabilities Friday 29 December

New Alerts for Moxa, IBM, and Progress. Moxa  The OnCell G3150A-LTE Series is affected by multiple web application vulnerabilities caused by applying weak cryptographic algorithms and cipher suites. Successful exploitation could allow a remote attacker unauthorized access and unexpected user interaction with the web application. Highest CVSSv3...

0
  142 Hits
  0 Comments

New Vulnerabilities Thursday 28 December

New Alert for D-Link. D-Link  A security issue exists in D-Link D-View 8 prior that could allow a remote attacker to manipulate the probe inventory of the D-View service and result in the disclosure of information or DoS. Tenable rates this Critical.No response from D-Link to Tenable. PoC exists.More info. Security Wizardry Cyber Threat Intell...

0
  150 Hits
  0 Comments

New Vulnerabilities Wednesday 27 December

New Alerts for BD, NetApp, and D-Link. BD  BD has published security patches for BACTEC FX40, Phoenix M50, Assurity Linc, Accuri C6 Plus, ViperLT, FocalPoint, BACTEC FX, and Totalys.More info. NetApp  NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score ...

0
  200 Hits
  0 Comments

New Vulnerabilities Tuesday 26 December

New Alerts for Barracuda (Exploit), Moxa, IBM, NetApp, Apache OFBiz, and Linux. Barracuda Exploit Another vulnerability in third party software has been identified in the ESG appliance that could allow Arbitrary code execution. CVSSv3 score of 9.8More info. And here. Moxa Web vulnerabilities have been identified in ioLogik E1200 Series firmware. Hi...

0
  189 Hits
  0 Comments

New Vulnerabilities Friday 22 December

New Alerts for ProFTPD, BD, GE Gas Power, Microsoft (Exploit), HPE, and NetApp.Have a wonderful holiday season! ProFTPD  A vulnerability in ProFTPD allows a DoS. Probably a CVSSv3 score of 7.5More info. BD  BD has published security patches to fix vulnerabilities in third-party software in Kiestra TLA Track, Kiestra InoqulA+, and Kiestra ...

0
  219 Hits
  0 Comments

New Vulnerabilities Thursday 21 December

New Alerts for Ivanti, Google Chrome (Exploit), Mitsubishi Electric, Dell, Asterisk, and Voltronic Power (0-Day). Ivanti  Avalanche has addressed several security vulnerabilities. Highest CVSSv3 score of 9.8More info. Google Exploit Google has updated Chrome for Desktop with one security fix, rated High.This has been exploited in the wild.More...

0
  180 Hits
  0 Comments

New Vulnerabilities Wednesday 20 December

New Alerts for EuroTel (Exploit), Eaton, IBM, Dell, and HPE. EuroTel Exploit EuroTel ETL3100 radio transmitters contains several vulnerabilities that could allow a remote attacker to gain full access to the system, disclose sensitive information, or access hidden resources. Highest CVSSv3 score of 9.8No patches are available.More info. Eaton  ...

0
  225 Hits
  0 Comments

New Vulnerabilities Tuesday 19 December

New Alerts for Hitachi Energy and Mozilla. Hitachi Energy  A vulnerability exists in the RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. CVSSv3 score...

0
  193 Hits
  0 Comments

New Vulnerabilities Monday 18 December

New Alerts for IBM, WatchGuard, Panasonic, and OpenSSH. IBM  IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.4More info. WatchGuard  BGP software such as FRRRouting FRR and Quagga included as part of Fireware OS enable a remote attacker to incorrectly re...

0
  179 Hits
  0 Comments

New Vulnerabilities Friday 15 December

New Alerts for Unitronics, Microsoft Edge, HP, Tenable, and Linux. Unitronics  Unitronics Vision Series PLCs and HMIs has been updated to correct the use default administrative passwords. A remote attacker can take administrative control of the system. CVSSv3 score of 9.8More info. And here. Microsoft  Microsoft has updated Edge with the ...

0
  157 Hits
  0 Comments

New Vulnerabilities Thursday 14 December

Monthly Patches are out for Palo Alto Networks. New Alerts for IBM, Dell, Squid, HPE, NetApp, and Linux. Palo Alto Networks  Palo Alto Monthly Patches include 7 bulletins, 1 rated High and 6 rated Medium. Highest CVSSv3 score of 7.5More info. IBM  IBM Maximo Application Suite uses gevent, which contains a vulnerability that can be exploit...

0
  238 Hits
  0 Comments

New Vulnerabilities Wednesday 13 December

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Atlassian. New Alerts for Bosch and Linux. Microsoft  Microsoft Monthly Patches include 35 new patches, 4 are rated Critical, 30 are rated Important, and 1 is rated Moderate. There are also 5 chromium vulnerabilities fixed in Edge. Highest CVSSv3 score of 9.6. One vulnerability was pu...

0
  218 Hits
  0 Comments

New Vulnerabilities Tuesday 12 December

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Apple (Exploit), Phoenix Contact, and Linux. Monthly Patches for Microsoft and Adobe are expected later today. SAP  SAP Monthly Patches include 15 new bulletins and 2 updates. Of the new bulletins 2 is rated Hot News, 4 are rated High, 7 are rated Medium, and 2 ar...

0
  209 Hits
  0 Comments

New Vulnerabilities Monday 11 December

New Alerts for HashiCorp, JTEKT, Beckhoff, Atos Unify, and NetApp. HashiCorp  Vault and Vault Enterprise are vulnerable to DoS through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. CVSSv3 score of 7.5More info. JTEKT  Multiple vulnerabilities were found in HMI GC-A2 series...

0
  227 Hits
  0 Comments

New Vulnerabilities Friday 08 December

New Alerts for Johnson Controls, Microsoft Edge, and HPE. Johnson Controls  A vulnerability in Metasys and Facility Explorer allows a remote attacker to send invalid authentication credentials to the login endpoint and cause a DoS. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge to include the latest chromium...

0
  193 Hits
  0 Comments

New Vulnerabilities Thursday 07 December

New Alerts for Apache Struts, Google Pixel, Dell, and Linux. Apache  A vulnerability in Struts allows a remote attacker to manipulate file upload params and enable paths traversal. This can lead to uploading a malicious file which can be used to perform RCE. CVSSv3 score of 9.8More info. Google  Monthly Patches for Google Pixel are out wi...

0
  215 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/