CND News and Blog

New Alerts for Aveva, Advantech, Dell, and WithSecure. Aveva  InTouch Access Anywhere contains a Relative Path Traversal that could allow a remote attacker with network access to read files on the system outside of the secure gateway web server. CVSSv3 score of 7.5More info. Advantech  Advantech iView contains a SQL Injection vulnerabilit...

Monthly Patches are out for Fortinet. New Alerts for TIBCO, Rockwell Automation, Lenovo, PHP, and Wireshark. TIBCO  TIBCO Nimbus Web Client contains a vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. CVSSv3 score of 9.3More info. Rockwell Automation  Logix Contro...

New Alerts for Cacti, F5, and Linux. Cacti  A command injection vulnerability allows a remote attacker to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. CVSSv3 score of 9.8More info. F5  BIG-IP and BIG-IQ are vulnerable to an issue in Java SE that could allow an attacker ...

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for Intel, Microsoft Edge (Exploit), IBM, and Dell. Intel Potential security vulnerabilities in some Intel Server Board Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure. Highest CVSSv3 score of 8.3More info. Go...

Monthly Patches are out for Qualcomm and Mediatek. New Alerts for PostgreSQL and Google Chrome (Exploit). Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 1 rated Critical, 14 rated High, and 1 rated Medium. Highest CVSSv3 score of 8.4More info. Mediatek  Mediatek Monthly Patches include 19 vulnerabilities, 6 rated Hig...

New Alerts for Sophos, MISP, Horner Automation, IBM, Asterisk, Google ChromeOS, NetApp, and Linux. Sophos  Sophos Firewall has been updated to fix several security vulnerabilities, include RCE via the User Portal and Webadmin. Highest CVSSv3 score of 9.8More info. MISP  The latest version of MISP includes two security fixes for Critcal vu...

New Alerts for Xerox, Eaton, Carrier, Apple, IBM, Rockwell Automation, and Veritas. Xerox  Xerox FreeFlow Print Server v7 and v9 have been updated with Oracle October 2022 patches. CVSSv3 score of 10, according to CERT Bund.More info. And here. Eaton  Form 7 recloser control and Proview NXG use CODESYS components. Eaton has published a bu...

New Alerts for NetBSD, Google Chrome, and Linux. NetBSD  ping contains memory safety bugs that can be triggered by a remote host, causing the ping program to crash. It may be possible for a malicious host to trigger remote code execution in ping. CVSSv3 score of 10, according to CERT Bund.More info. Google  Google has updated Chrome for D...

New Alerts for Festo, Mitsubishi Electric, Moxa, Microsoft Edge (Exploit), F5, and NetApp. Festo  In multiple products by Festo a remote unauthenticated attacker could use functions of undocumented protocols which could lead to a complete loss of confidentiality, integrity and availability. CVSSv3 score of 9.8The solution is to update the docu...

New Alerts for Google Chrome (Exploit), Atos, Moxa, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 1 security vulnerability rated High.More info. Atos  A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Atos Unify OpenScape 4000 Manager that may allow an unauthenticated atta...

New Alerts for HPE and WithSecure. Enter your text here ... HPE  A potential security vulnerability in Apache Tomcat impacts HPE IceWall products. The vulnerability could be exploited resulting in Remote Disclosure of Information. CVSSv3 score of 3.7More info. WithSecure  Multiple DoS vulnerabilities was discovered in F-Secure & WithS...

New Alerts for Mitsubishi Electric, Moxa, and NetApp. Happy Thanksgiving! Mitsubishi Electric  Multiple vulnerabilities exist in Mitsubishi Electric FA engineering software. These vulnerabilities can be exploited by remote attackers to achieve disclosure or alteration of the product's information or view and execute programs. Highest CVSSv3 sc...

New Alerts for Aveva, Aruba, HPE, Bosch, IBM, and SolarWinds. Aveva  AVEVA Edge (formerly known as InduSoft Web Studio) contains multiple security vulnerabilities. A remote attacker can insert malicious DLL files and trick the application into executing code. Highest CVSSv3 score of 9.8More info. And here. Aruba  Aruba has released patche...

New Alerts for Zyxel and Linux. Zyxel  A flaw in the LTE3301-M209 firmware could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled. CVSSv3 score of 9.8More info. Linux  SUSE has updated grub2, binutils, and others. More info.OpenSUSE has updated gru...

New Alerts for BD, Xerox, NetApp, and Linux. BD  BD is aware of and currently monitoring a vulnerability affecting all versions of Fortinet FortiOS products in use by BD Kiestra. CVSSv3 score of 9.6BD has not seen any exploits, but Fortinet reports this is actively exploited. The Fortinet bulletin was published 10 Oct 2022.More info. And here....

New Alerts for Red Lion Controls and Linux. Red Lion Controls  Red Lion Controls Crimson is vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. CVSSv3 score of 7.5More info. Linux  SUSE has ...

New Alerts for BD, IBM, and Linux. BD  BD has published security bulletins for updates to Microsoft and third-party software in Identity Provider Manager, Alaris, Pyxis, and Data Agent products.More info. IBM  A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8More info. Linux  Ubuntu has ...

New Alerts for Mozilla, BD, and Linux. Mozilla  Mozilla has published security bulletins for Firefox, Firefox ESR, and Thunderbird, all rated High. Highest CVSSv3 score of 8.1More info. BD  BD has published security bulletins for updates to Microsoft and third-party software in FACSAria, FACS Sample Prep Assistant Systems, FACSLyric, Pyxi...

New Alerts for Phoenix Contact, Mitsubishi Electric, Moxa, Google ChromeOS, and Linux. Phoenix Contact  A denial of service of the HTTPS management interface of FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections, incoming from different source IPs. CVSSv3 score of 7.5More info. And here. Mi...

New Alerts for IBM and Linux. A welcome quiet after a busy couple of weeks. IBM  A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8More info. Linux  Alpine Linux has released version 3.16.3. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry....