CND News and Blog
Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, ABB, Fortra, Nedap Librix, Mozilla, Splunk, and Linux. Google Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info.Google has published Monthly Patches for Pixel, which includes Android and Qualcomm patches.More info. ABB Multiple vulner...
Monthly Patches are out for Google Android and Samsung. New Alerts for IBM, OpenVPN, and Linux. Google Google has published Android Monthly Patches with 24 vulnerabilities, 5 rated Critical and the rest High, and updates for Imagination Technologies, MediaTek, and Qualcomm.More info. Samsung Monthly Patches are out for Samsung with 22 v...
Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alert for HPE. HPE Security vulnerabilities have been identified in HPE SAN switches with Brocade Fabric OS (FOS). Highest CVSSv3 score of 7.9More info. Qualcomm Monthly Patches are out for Qualcomm with 11 vulnerabilities, all rated High, plus open source so...
New Alerts for IBM, Dell, HPE, Moxa, and NetApp. IBM IBM has published Critical updates for Db2 Big SQL. Highest CVSSv3 score of 9.8More info. Dell Dell has published a Critical bulletin for OpenManage Server Administrator to fix a vulnerability in Apache Tomcat.More info. HPE Security vulnerabilities have been identified in Unifi...
New Alert for IBM. IBM IBM has published Critical updates for Cloud Pak System, Db2 on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data. Highest CVSSv3 score of 9.9More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Rada...
New Alerts for Moxa, IBM, and NetApp. Moxa TN-G4500 Series has enhanced its cryptographic algorithm and cipher suite.More info. IBM Maximo Application Suite - Monitor Component is vulnerable to third-party software. CVSSv3 score of 9.1More info. NetApp NetApp has published 10 new bulletins identifying vulnerabilities in third-part...
New Alert for Palo Alto Networks (Exploit). Palo Alto Networks Exploit A DoS vulnerability in the DNS Security feature of PAN-OS software allows a remote attacker to send malicious packets to reboot the firewall. Repeated attempts to will cause the firewall to enter maintenance mode. CVSSv3 score of 8.7Actively exploited.More info. Security ...
New Alert for libxml2. libxml2 In libxml2 the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content, allowing classic XXE attacks. CVSSv3 score of 9.1More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threa...
New Alert for Adobe (ColdFusion, PoC). Adobe 0-Day ColdFusion has been updated for a vulnerability that allows arbitrary file system read. CVSSv3 score of 7.4PoC is available.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Rada...
New Alerts for Tenable, IBM, and Linux. Tenable Tenable has updated Security Center with fixes in third-party software. Highest CVSSv3 score of 9.8More info. IBM IBM has published a Critical bulletin for Planning Analytics Workspace.More info. Linux SUSE has updated the kernel. More info.Ubuntu has updated the kernel. More info. S...
New Alerts for Microsoft Edge, Sophos, NetApp, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Sophos Sophos has fixed 3 security vulnerabilities in Sophos Firewall, which could allow a remote attacker to achieve RCE. Highest CVSSv3 score of 9.8More info. NetApp NetApp has published 1...
New Alerts for Google Chrome, HPE, and Linux. Google Google has updated Chrome for Desktop to fix 5 security vulnerabilities.More info. HPE A security vulnerability exists in the B-Series SANnav Management Portal. This vulnerability could be exploited to bypass authentication. CVSSv3 score of 6.5More info. Linux SUSE has updated t...
New Alerts for BeyondTrust, Rockwell Automation, BD, Xerox, IBM, and Linux. BeyondTrust A critical vulnerability has been discovered in Privileged Remote Access and Remote Support products which can allow a remote attacker to inject commands that are run as a site user. CVSSv3 score of 9.8More info. Rockwell Automation PowerMonitor 1000...
New Alerts for Hitachi, SHARP, Apache Tomcat, and Linux. Hitachi Hitachi has published updates for Infrastructure Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint. Highest CVSSv3 score of 9.4More info. SHARP SHARP routers contain multiple vulnerabilities. Highest CVSSv3 score of 9.8It appears this is also resold by other...
Monthly Patches are out for PaperCut. New Alerts for Siemens, Dell, NetApp, and Linux. Siemens Siemens has published an OOB bulletin for a heap-based buffer overflow in Opcenter, SIMATIC PCS, SINEC NMS, and TIA Portal allowing a remote attacker to conduct RCE. CVSSv4 score of 9.3Not everything is patched.More info. Dell Dell has p...
New Alerts for Cleo (Exploit), Microsoft, Dell, HPE, Progress, IBM, and Linux. Cleo Exploit An unrestricted file upload and download vulnerability could lead to RCE in Harmony, VLTrader, and LexiCom. This is actively exploited.More info. And here. And here. And here. Microsoft Deserialization of untrusted data in Microsoft Update Catalog allo...
Quarterly Patches are out for Splunk. Monthly Patches are out for Ivanti. New Alerts for Apple, Tenable, Palo Alto Networks, GitLab, and Linux. Ivanti Ivanti has joined the second Tuesday Monthly Patch club. Monthly Patches are out with five bulletins, for Cloud Service Application, Desktop and Server Management, Connect Secure and Policy Sec...
Monthly Patches are out for Microsoft, Adobe, and Atlassian. New Alerts for Google Chrome, MOBATIME, Apache Struts, and Linux. Microsoft Exploit Monthly Patches are out with fixes for 71 vulnerabilities, 16 are considered Critical, 1 is being exploited with details publicly available. Highest CVSSv3 score of 9.8More info. And here.Microsoft is awar...
Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Check Point, Broadcom, and Dell. Monthly Patches for Microsoft and Adobe are expected this afternoon. SAP Monthly Patches are out, with 9 new Notes and 3 updated Notes. Of the new Notes, 1 is rated Hot News, 2 are rated High, 4 are rated Medium, and 2 are Low. Hi...
New Alerts for Phoenix Contact, SICK, QNAP, Python, IBM, Dell, and Linux. Phoenix Contact PLCnext Firmware has been updated for Critical vulnerabilities in third-party software. Highest CVSSv3 score of 9.8Moreinfo. And here. SICK Multiple critical vulnerabilities were found in the SICK products InspectorP61x, InspectorP62x and TiM3xx. T...
By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/