CND News and Blog

New Alerts for Microsoft SharePoint (Exploit), Sophos Firewall, Helmholz, MB connect, BD, PowerDNS, and Linux. Microsoft Exploit Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows a remote attacker to execute code over a network. Microsoft is aware that an exploit exists in the wild. Note that public exploits were a...

New Alerts for Leviton, Broadcom, IBM, F5, NetApp, and Linux. Leviton Leviton AcquiSuite and Energy Monitoring Hub contain a vulnerability could allow a remote attacker to craft a malicious payload in URL parameters that would execute in a client browser when accessed by a user, steal session tokens, and control the service. CVSSv3 score of 9.3No r...

New Alerts for Microsoft Edge, Fortra, HPE, Dell, IBM, Philips, and Linux. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fixes and one Edge-specific fix.More info. Fortra Broken access control in Fortra's GoAnywhere MFT allows a remote attacker to cause a DoS. CVSSv3 score of 5.3More info. HPE Security vulnerabilities ...

Atlassian has published Monthly Patches. New Alerts for Delta, Google Chrome, ISC BIND, LITEON, and Linux. Delta Delta DIAView contains a Directory Traversal Information Disclosure. CVSSv3 score of 9.8More info. Google Google has updated Chrome for Desktop to fix six security vulnerabilities.More info.Microsoft is aware. More info. Atlassian Atlass...

Quarterly Patches will be out for Oracle this afternoon, pre-release info is available. New Alerts for SCATI, Unisoc, and Linux. Oracle Oracle's Quarterly Critical Patch Update addresses 305 new security patches, according to the pre-release, 145 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8Patches are expect...

New Alerts for KUNBUS, Omron, IBM, NetApp, and Linux. Oracle Quarterly Patches come out tomorrow. KUNBUS The RevPi Webstatus application is vulnerable to an authentication bypass. CVSSv3 score of 9.8More info. And here. Omron A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac ...

New Alerts for Apache HTTP and Tomcat, GnuTLS, Alcatel Lucent, Broadcom, Dell, Watchguard, and Linux. Apache Apache has published security updates for HTTP Server and Tomcat. HTTP Server has Moderate and Low vulnerabilities. Tomcat has Important and Low vulnerabilities.More info. And here. And here. GnuTLS GnuTLS has published an update that fixes ...

New Alerts for Emerson, Ruckus Wireless, Zoom, Broadcom, IBM, and Linux. Emerson Emerson ValveLink Products contains multiple vulnerabilities including Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, and Improper Input Validation. Highest CVSSv4 score of 9.3More info. Ruckus ...

Monthly Patches are out for Microsoft, Adobe, Palo Alto Networks, Fortinet, and Juniper Networks. New Alerts for HPE and Linux. Microsoft Microsoft Monthly Patches incude 130 fixed vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. Fourteen are rated Critical, 1 was publicly disclosed. H...

Monthly Patches are out for Samsung Android, MediaTek, Siemens, Schneider Electric, and SAP. Quarterly Patches are out for Splunk. New Alerts for Phoenix Contact, WAGO, and Linux. Patches for Microsoft and Adobe are expected this afternoon.  Patches for Palo Alto and Juniper are expected tomorrow.An item of note, there were no security patches...

Monthly Patches are out for Qualcomm and Samsung Semiconductor. New Alerts for NetApp, IBM, and Linux. Tomorrow is Patch Tuesday for at least 8 vendors. Qualcomm Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1More info. Samsung Semiconductor Samsung Semiconductor Mont...

New Alerts for Citrix, ABB, Dell, and Linux. Happy Independence Day to my fellow Americans! Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows a remote attacker to cause unintended control flow and DoS. CVSSv4 score of 9.2More info. ABB ABB RMC-100 with REST interface contains vulnerabilities that allow a...

New Alerts for Cisco, Mitsubishi Electric, Endress+Hauser, and Dell. Cisco Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium. The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager. CVSSv3 score of 10.More info. Mitsubishi Electric A DoS vulnerability exists in MELSEC iQ-F seri...

New Alerts for Microsoft Edge (Exploit), Festo, Voltronic Power, Contec, ModSecurity, IBM, and Linux. Microsoft Exploit Microsoft has updated Edge with the latest chromium vulnerabilities. Exploits are in the wild.More info. Festo FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attack...

New Alerts for Google Chrome, Pilz, Tenable Security Center, Mbed TLS, and Linux. Google Google has published updates for Chrome for Desktop that fixes one security vulnerability rated High that is actively being exploited.More info.Microsoft is aware. More info. Pilz The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remo...

New Alerts for Pilz, ifm electronic, IBM, Dell, NetApp, and Linux. Pilz PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium. A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8More info. ifm electronic A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety sta...

New Alerts for Microsoft Edge, D-Link, IBM, Dell, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes and fixes for 3 Edge-specific vulnerabilities.More info. D-Link D-Link has published 2 bulletins identifying vulnerabilities in EOS/EOL products. No fixes will be provided.More info. And here. IBM IBM has published Critic...

New Alerts for Cisco, Broadcom, Mitsubishi Electric, Ricoh, IBM, and Linux. Cisco Cisco has published 2 new bulletins, 1 Critical and 1 Medium. The Critical bulletin lists vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to issue commands on the underlying operating system ...

New Alerts for Google Chrome, Mozilla, MICROSENS, ControlID, Kaleris, GitLab, and Linux. MICROSENS MICROSENS NMP Web+ contains several vulnerabilities, including Use of Hard-coded, Security-relevant Constants and Insufficient Session Expiration. These could allow a remote attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. H...

New Alerts for MB Connect, Advantech, Westermo, Hitachi Energy, Splunk, Fortinet, and Linux. We have raised a Subject Alert for potential cyber activity from Iran and Israel increasing during the ceasefire. MB Connect The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can allow a remote att...