CND News and Blog

New Alerts for Microsoft Bing, Moxa, Cisco, HPE, BIND, Wireshark, and Linux. Microsoft  Missing Authentication for Critical Function in Microsoft Bing allows a remote attacker to execute code. CVSSv3 score of 8.6More info. Moxa  Multiple PT switches are affected by a high-severity vulnerability which could allow a remote attacker to cause...

New Alerts for Google Chrome, Mozilla Firefox, D-Link, UniFi, Atlassian, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info. Mozilla  Mozilla has updated Firefox to fix 1 security vulnerability.More info. D-Link  DIR-823 firmware in routers has been retired, and 7 vulnerabilities have...

New Alerts for OpenSSH and Linux. OpenSSH  Two vulnerabilities have been fixed in OpenSSH. Highest CVSSv3 score of 7.5More info. Linux  SUSE has updated the kernel and microcode. More info.Mageia has updated the microcode. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security ...

New Alerts for Siemens, Microsoft Edge, HP, NetApp, Dell, and Linux. Siemens  An Out-of-Cycle bulletin addresses vulnerabilities in DotNetZip that affects SiPass. CVSSv3 score of 9.1More info. Microsoft  Microsoft has updated Edge to fix the latest chromium vulnerabilities and 1 Edge-specific vulnerability.More info. HP  HP LaserJet ...

New Alerts for mySCADA, Dingtian, Broadcom, WatchGuard, Outback Power, IBM, and Linux. mySCADA  myPRO Manager contains several vulnerabilities that could allow a remote attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials. Highest CVSSv4 score of 10.More info. Dingti...

Monthly Patches are out for Palo Alto Networks. New Alerts for Google Chrome, HPE, PostgreSQL, Citrix, Hitachi, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info. Microsoft is aware. More info. Palo Alto Networks  Monthly Patches inculde 10 bulletins, 2 rated High, 6 rated Medium, 2 rated...

Monthly Patches for Microsoft, Adobe, Fortinet, and Ivanti are out. New Alerts for Juniper Networks and Linux. Microsoft  Monthly Patches include 141 vulnerabilities, 4 rated Critical, 2 are currently being exploited in the wild, and 1 has been previously disclosed, marking it as a zero-day. Highest CVSSv3 score of 9.0More info. And here. Adob...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Apple (0-Day), Dell, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Monthly Patches include 23 bulletins, 14 new and 9 updated. Of the new bulletins, highest CVSSv4 score of 9.4More info.SIMATIC S7-1200 CPU family is affec...

New Alerts for OPC, WithSecure, NetApp, IBM, and Linux. OPC  UA.NET Standard Stack has been updated to fix 2 security vulnerabilities. Highest CVSSv3 score of 6.5More info. WithSecure  A DoS vulnerability was discovered in WithSecure Atlant Product.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities i...

New Alerts for Microsoft Edge, Moxa, Orthanc, Proftpd, HP, Tenable, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium-based fixes.More info. Moxa  EDS, ICS, IKS, and SDS switches are affected by high-severity vulnerabilities that could allow a remote attacker to cause a DoS or cause a system or service crash. CVSSv...

F5 Quarterly Patches are out. New Alerts for Cisco, ABB (0-Day), IBM, and Dell. F5  Quarterly Patches include 17 bulletins, 13 rated High, 3 rated Medium, and 1 rated Low. Highest CVSSv4 score of 8.9More info. Cisco  Cisco has published 8 bulletins, 1 rated Critical, 1 rated High, and 6 rated Medium. Highest CVSSv2 score of 9.9More info. ...

Monthly Patches for Google Pixel are out. New Alerts for Google Chrome, F5, AutomationDirect, Elber, Veeam, Mozilla, and Linux. Google  Monthly Patches for Pixel includes 1 vulnerability rated High, as well as Android patches.More info.Chrome for Desktop has been updated to fix 12 security vulnerabilities. More info.Microsoft is aware of the c...

Monthly Patches are out for Google Android and Samsung Android. New Alerts for Dell, WAGO, BD, and Linux. Google  Monthly Patches for Android include 26 vulnerabilities, all rated High, as well as Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm patches.More info. Samsung Monthly Patches include 34 vulnerabilities, 1 rated Critica...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alerts for NETGEAR and Linux. Qualcomm  Qualcomm Monthly Patches include 6 vulnerabilities, 1 rated Critical, 5 rated High, as well as open source software updates. Highest CVSSv3 score of 8.8More info. MediaTek  MediaTek Monthly Patches include 16 vulnerabilit...

New Alerts for Contec Health, New Rock Technologies, Microsoft Edge, Dell, NetApp, and BD. Contec Health  CMS8000 Patient Monitor contains several vulnerabilities that could allow a remote attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data resulting...

New Alerts for BIND, Medtronic, Philips, Rockwell Automation, Lexmark, ABB, and Linux. BIND  A malicious zone can be used to cause a DoS. CVSSv3 score of 7.5More info.DNS-over-HTTPS can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. CVSSv3 score of 7.5More info. Medtronic  RemoteVie...

New Alerts for Google Chrome, Rockwell Automation, Ruckus Networks, IBM, Moxa, and Linux. Google  Google has updated Chrome for Desktop to fix 2 security vulnerabilties.More info.Microsoft is aware. More info. Rockwell Automation  Rockwell Automation has updated FactoryTalk View to fix several vulnerabilities, including an RCE. Highest CV...

New Alerts for Apple, Hitachi, and D-Link. Apple  Apple has published security bulletins for visionOS, iOS, iPadOS, macOS, watchOS, tvOS, and Safari. Highest CVSSv3 score of 8.1More info. Hitachi  Hitachi has published 7 new bulletins and 7 updated bulletins. Of the new bulletins, Highest CVSSv3 score of 9.8More info. D-Link  DSL-378...

New Alerts for Apache Solr and Wicket, Microsoft Edge, Wind River Systems, Supermicro, Canon, NetApp, and Linux. Apache  Solr contains 2 vulnerabilities, zipslip and use of arbitrary files. CVSSv3 score of 8.8More info. And here.The request handling in the core in Apache Wicket allows an attacker to create a DoS via multiple requests to server...

New Alerts for Xerox, QNAP, Juniper Networks, Ubiquiti, IBM, Jenkins, and Linux. Xerox  Xerox Workplace Suite has been updated for several security vulnerabilities. Highest CVSSv3 score of 9.8More info. QNAP  Multiple vulnerabilities have been reported in rsync, affecting HBS 3 Hybrid Backup Sync. Highest CVSSv3 score of 8.8More info. Jun...