CND News and Blog

New Alerts for IBM, SICK, HPE, Zyxel, and Tenable. IBM  IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. Highest CVSSv3 score of 9.8More info.NSS & NSPR vulnerabilities affect the IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 products. These vulnerabilit...

New Alerts for Apache Tomcat and Mitsubishi Electric. Apache  Apache Tomcat uses Apache Commons FileUpload, which does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.More info. Mitsubishi Electric  MELSOFT iQ AppPortal uses Vis...

New Alerts for Cisco, MISP, and BD. Cisco  Cisco is updating their products for the recent ClamAV vulnerability. CVSSv3 score of 9.8More info. MISP  MISP had two Critical SQL injection vulnerabilities. They obfuscated the fix to the customers, (read the notice), so this was back in November/December. They have just published the notice.Mo...

Monthly Patches are out for Fortinet. New Alerts for Netgate, Sub-IoT, Commscope RUCKUS, WAGO, NetApp, and Linux. Netgate  pfSense login protection managed by sshguard, such as preventing brute force attempts, may not be enforced depending on the content of the request headers in GUI authentication attempts, which may allow an attacker to cont...

New Alerts for Cisco, Weintek, B&R Automation, ClamAV, GitLab, Western Digital, curl, and PHP. Cisco  Cisco has published 4 new bulletins. Highest CVSSv3 score of 7.5More info.A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 7.5More in...

Quarterly Patches are out for Splunk. Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for Mozilla, Intel, IBM, and Linux. Microsoft Exploit Monthly Patches are out, with 80 vulnerabilities, 9 rated Critical, 3 rated Important are being exploited. Highest CVSSv3 score of 9.8More info. And here. Adobe  Adobe has published u...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple (Exploit), Phoenix Contact, and Hitachi Energy.  Monthly Patches are expected for Microsoft and Adobe this afternoon, and Quarterly Patches for Splunk are expected today. Apple Exploit Apple released updates for Safari, iOS, iPadOS, MacOS, tvOS, and watchOS....

New Alerts for ABB, GE Gas Power, BD, IBM, Dell, BaiCells, and Linux.         Tomorrow is Patch Tuesday. ABB  Drive Composer contains several vulnerabilities that could allow a remote attacker to cause a DoS or RCE. Highest CVSSv3 score of 9.8More info. GE Gas Power  GE Gas Power has identified two products that i...

New Alerts for LS Electric, Microsoft Edge, IBM, and Linux. LS Electric  XBC-DN32U PLC Performance modules contain several vulnerabilities, including Missing Authentication for Critical Function, Improper Access Control, Cleartext Transmission of Sensitive Information, and Access of Memory Location After End of Buffer. These vulnerabilities co...

New Alerts for Johnson Controls, IBM, NetApp, WithSecure, and PostgreSQL. Johnson Controls  Johnson Controls has confirmed a vulnerability impacting System Configuration Tool. During a XSS attack, an attacker might access cookies and take over the victim's session.More info. IBM  Multiple vulnerabilities in the Expat library affect IBM Db...

New Alerts for Google Chrome, OpenSSL, IBM, Dell, and Linux. Google  Google has updated Chrome for Desktop to fix 15 security vulnerabilities.More info.Microsoft is aware. More info. OpenSSL  OpenSSL has updated for 5 security vulnerabilities, 1 rated High and the rest Moderate.More info. IBM  IBM has updated Business Automation Mana...

It's Mobile Monthly Patch day, with patches for Qualcomm, Google Android, Google Pixel, and Samsung. New Alert for Google ChromeOS LTS.  Qualcomm  Monthly Patches are out, with 23 bulletins, 4 rated Critical and 19 rated High. Highest CVSSv3 score of 9.8More info. Google  Android Monthly Patches are out with 23 vulnerabilities, all r...

Monthly Patches are out for MediaTek. New Alerts for GE Digital, IBM, and Dell.    Monthly Patches for Qualcomm are expected this afternoon, and tomorrow should bring Monthly Patches for Google Android, Samsung, and Quarterly Patches for Splunk. GE Digital  GE Digital Proficy Historian Software contains Authentication, Access Control...

New Alerts for Biacells, B&R, NetApp, and Microsoft Edge. Biacells  Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. CVSSv3 score of 9.8More info. And her...

New Alerts for Cisco, Atlassian Jira, Moxa, Mitsubishi Electric, Dell, Nagios, OpenSSH, F5, and IBM. Cisco  Cisco has published 5 new bulletins. Highest CVSSv3 score of 7.2More info.A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote...

New Alerts for HPE, VMware, and Cacti. HPE  HPE OneView contains a Use After Free vulnerability in Expat. CVSSv3 score of 9.8More info. VMware  vRealize Operations (vROps) contains a CSRF bypass vulnerability. CVSSv3 score of 6.5More info.Exploit code is out for the Jan 24 Critical bulletin.More info. Cacti  A command injection vulne...

New Alerts for Dell, Hitachi, Trend Micro, and Linux. Dell  Dell has updated PowerFlex Appliance and PowerFlex Rack to fix multiple vulnerabilities in third-party components. Dell rates these Critical.More info. And here. Updates are available for Dell Unity, Dell UnityVSA, and Dell Unity XT to correct multiple security vulnerabilities that ma...

New Alerts for IBM, QNAP, NetApp, and Linux. IBM  Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps. Highest CVSSv3 score of 9.8More info. QNAP  A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious c...

New Alerts for Rockwell Automation, Econolite, Microsoft PPTP, Microsoft Edge, IBM, and HCL Software. Rockwell Automation  Rockwell Automation is aware of multiple products that are affected by vulnerabilities in the GoAhead web server. Exploitation of these vulnerabilities could potentially have a high impact on the confidentiality, integrity...

New Alerts for ISC, Mitsubishi Electric, Tenable, and Linux.  ISC  ISC has published 4 new bulletins identifying DoS vulnerabilities in BIND 9. Highest CVSSv3 score of 7.5More info. Mitsubishi Electric  An authentication bypass vulnerability exists in the robot controller of industrial robot MELFA SD/SQ series and F-series. An attack...