CND News and Blog

New Alerts for Mozilla Firefox, Weidmueller, Hitachi Energy, Dell, Hitachi, and Linux. Mozilla  Mozilla has published Critical bulletins for Firefox and Firefox ESR.More info. Weidmueller  Weidmueller industrial ethernet switches are affected by multiple vulnerabilities, including Missing Auth and DoS. Highest CVSSv3 score of 9.8More info...

New Alerts for Siemens, Xerox, Philips, Pepperl+Fuchs, IBM, and Linux. Siemens  SiPass contains an out of bounds read vulnerability that could allow a remote attacker to create a DoS. CVSSv4 score of 8.7More info.SiPass integrated ACC devices do not properly check the integrity of firmware updates. This could allow a remote attacker to upload ...

New Alerts for Google Chrome, Versa (0-Day), Iridium, Tenable, NetApp, and GitLab. Google  Google has updated Chrome Early Stable Desktop to fix 8 security vulnerabilities.More info. Versa 0-Day A researcher has published several critical vulnerabilities in Concerto SD-WAN orchestration platform, including authentication bypass, RCE, and other...

New Alerts for Cisco, OpenSSL, HPE, Mitel, Automated Telematics, ModSecurity, and Linux. Cisco  Cisco has published 10 new bulletins. Highest CVSSv3 score of 8.6More info. OpenSSL  Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.More info. HPE  Multiple securit...

Atlassian has published Monthly Patches. New Alerts for TP-Link, AutomationDirect, Vertiv, BIND, Arista, and Linux. TP-Link  A stack-based buffer overflow vulnerability on the TP-Link Archer AX50 router allows a remote attacker to execute arbitrary code on the device over LAN and WAN networks. CVSSv4 score of 9.2More info. AutomationDirect&nbs...

New Alerts for Spring, PowerDNS, VMware, Sungrow, Netgate, and IBM. Spring  Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. CVSSv3 score of 9.1More info. PowerDNS  A remote attacker can cause a DoS via a crafted TCP connection. CVSSv3 score of 7.5More...

New Alerts for Mozilla (0-Day), Wiedmueller, NetApp, IBM, Dell, Xerox, and Linux. Mozilla 0-Day Mozilla has published Critical updates Firefox and Firefox ESR to fix vulnerabilities identified in a Pwn2Own competition.More info. Weidmueller  Weidmueller product ResMa is affected by a vulnerability in Progress Telerik UI for AJAX that could res...

New Alerts for Microsoft Edge, Rockwell Automation, Wiesemann & Theis, Mozilla, BD, Samsung TV, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. Rockwell Automation  A vulnerability has been identified in the third-party Apache log4net software, impacting the FactoryTalk Historian-ThingWorx Co...

Monthly Patches are out for Palo Alto Networks. New Alerts for Pgpool-II, Google Chrome (Exploit), Hitachi, Progress, Sonicwall, and Linux. Palo Alto Networks  Palo Alto Monthly Patches includes 11 bulletins. Highest CVSSv4 score of 8.2More info. Pgpool-II  An authentication bypass vulnerability exists in the client authentication mechani...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Ivanti. New Alerts for Juniper Networks, and Dell. Microsoft  Microsoft Monthly Patches include 70 patched vulnerabilities, 11 rated Critical, 5 actively exploited, and 1 publicly known. Highest CVSSv3 score of 10More info. And here. Adobe  Adobe has published Monthly Patches wit...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Apple, Phoenix Contact, Linksys, and Linux. Microsoft and Adobe Monthly Patches are out this afternoon. SAP  SAP Monthly Patches include 16 new security notes and 2 updated notes. Of the new security notes, highest CVSSv3 score of 9.1More info. Siemens  Sieme...

New Alerts for BD, IBM, Dell, Xerox, NetApp, and Linux. Tomorrow is Patch Tuesday for at least 5 vendors. BD  BD has published Critical updates for Pyxis, Data Agent, and CCE.More info. IBM IBM has published Critical bulletins for Business Automation Workflow, App Connect Enterprise, Planning Analytics, Operational Decision Manager, watsonx, a...

New Alerts for Microsoft Edge, Crestron, Pixmeo, ASUS, Delta, and Jetty. Microsoft  Microsoft has updated Edge with the latest chromium patches.More info. Crestron  Crestron DM-NAX-8ZSA, DM-NAX-4ZSP, DM-NAX-4ZSA-50 are being updated to fix vulnerabilities in AirPlay Audio SDK. Highest CVSSv3 score of 9.8More info. Pixmeo  OsiriX MD c...

Quarterly Patches are out for F5. Monthly Patches are out for Cisco. New Alerts for Mitel, PostgreSQL, RT-LABS, and Django. F5 F5 Quarterly Patches are out with 12 bulletins, 11 rated High and 1 rated Medium. Highest CVSSv4 score of 9.2More info. Cisco  Cisco has published Monthly Patches with 29 bulletins, 1 rated Critical, 14 rated High, and...

Monthly Patches are out for Google Android, Samsung Semiconductor, and Samsung Android. New Alerts for Google Chrome, Optigo Networks, Ubiquiti, Tenable, OpenBSD, and Linux. Google  Monthly Patches are out for Pixel, with 3 vulnerabilities, plus Android updates.More info.Google has updated Chrome for Desktop to fix 2 security vulnerabilities.M...

Monthly Patches are out for Google Android. New Alerts for TCMAN and IBM. Google  Monthly Patches are out for Android, with 29 vulnerabilities, all rated High, plus Imagination Technologies, Arm, MediaTek, and Qualcomm updates.More info. TCMAN  GIM v11 has been updated to fix 6 security vulnerabilities. Highest CVSSv4 score of 9.3More inf...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for IBM, NetApp, and Linux. Qualcomm  Monthly Patches are out for Qualcomm, with 12 vulnerabilities, 1 rated Critical and the rest High, plus open source software updates. Highest CVSSv3 score of 8.2More info. MediaTek  MediaTek has published Monthly Patches with 6 CVEs, 1 rate...

New Alerts for Microsoft Edge, VMware Tanzu, KUNBUS, Sonicwall, MicroDicom, Dell, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. VMware  Tanzu Greenplum hs been updated to fix several vulnerabilities. Highest CVSSv4 score of 9.1.More info. KUNBUS  KUNBUS Revolution Pi contains several vulne...

New Alerts for Dell, IBM, and Linux. Dell  Dell has published Critical bulletins for APEX Cloud Platform and VxRail.More info. IBM  IBM has published a Critical bulletin for Cognos Analytics.More info. Linux  Oracle Linux has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.sec...

New Alerts for Google Chrome, Mozilla, Tenable, Splunk, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 8 security vulnerabilities.More info. Mozilla  Mozilla has published security updates for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR, all rated High.More info. Tenable  Tenable Identity Exposure has...