Skip to main content

CND News and Blog

New Vulnerabilities Wednesday 29 November
michele654
Vulnerabilities
New Alerts for Delta Electronics, Google Chrome, Sierra Wireless, IBM, Dell, and Linux. Delta Electronics  InfraSuite Device Master contains several vulnerabilities, including Path Traversal, Deserialization of Untrusted Data, and Exposed Dangerous Method or Function. Successful exploitation could allow a remote attacker to remotely execute ar...
New Vulnerabilities Tuesday 28 November
michele654
Vulnerabilities
New Alerts for Zyxel, Festo, F5, NETGEAR, Hitachi Energy, Xerox, Apache Tomcat, and Linux. Zyxel  Zyxel Firewall and AP products contain several vulnerabilities, one of which could be exploited by a remote attacker to trigger a DoS. CVSSv3 score of 7.5More info. Festo  Festo products use WIBU CodeMeter Runtime. A remote attacker exploitin...
New Vulnerabilities Monday 27 November
michele654
Vulnerabilities
New Alerts for HPE, Arcserve, and Control iD (0-Day). HPE  Vulnerabilities in curl have been addressed in OSS Network Utilities (T1204). Highest CVSSv3 score of 9.8More info. Arcserve  Several vulnerabilities in Arcserve UDP allow a remote attacker to upload and execute arbitrary files, and bypass authentication with a valid UUID.More inf...
New Vulnerabilities Friday 24 November
michele654
Vulnerabilities
New Alerts for Philips, Hikvision, NetApp, and Linux. Philips  IntelliSpace PACS 2 and Universal Data Manager are affected by a BIG-IP Configuration utility unauthenticated remote code execution vulnerability. CVSSv3 score of 9.8No patches yet.More info. Hikvision  Hikvision products have been affected by an authentication bypass vulnerab...
IMG_00-_20231124-142135_1 Splunk: Building a Test Instance
Splunk: Building a Test Instance
James -
Technical
TLDR: Building a Splunk Test instance is really useful, helps protect against prod outages and very performant hardware is now available for a fraction of the price it used to be; if you're willing to deal with some tech challenges! Splunk Test instance Many of our clients rely on Splunk as their production SIEM tool to monitor, detect and respond ...
New Vulnerabilities Wednesday 22 November
michele654
Vulnerabilities
New Alerts for Atlassian, ownCloud, Dell, and Linux. Atlassian  Updates for Atlassian products include 26 vulnerabilities rated High by Atlassian. Products include Jira Software Data Center and Server, Crowd Data Center and Server, Confluence Data Center and Server, Bitbucket Data Center and Server, and Bamboo Data Center and Server. Highest C...
New Vulnerabilities Tuesday 21 November
michele654
Vulnerabilities
New Alerts for Sophos (Exploit), Synology, Phoenix Contact, Mozilla, WithSecure, and Linux. Sophos Exploit Sophos Web Appliance has been updated to fix several vulnerabilities that could allow a remote attacker to execute arbitrary code. Highest CVSSv3 score of 9.8Exploits have been seen in the wild.More info. Synology  Synology Router Manager...
New Vulnerabilities Monday 20 November
michele654
Vulnerabilities
New Alerts for IBM, HPE, Synology, strongSwan, and Tenable. IBM  QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.8More info.IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and DoS due to third-party software. Highest CVSSv3...
New Vulnerabilities Friday 17 November
michele654
Vulnerabilities
Quarterly Patches are out for Splunk. New Alerts for Hitachi Energy, Microsoft Edge, Xerox, and Linux. Splunk  Splunk has published their Quarterly Patches, with Splunk and third-party software updates. Highest CVSSv3 score of 9.8More info. Hitachi Energy  Network Manager DMS/OMS products are affected by the Apache ActiveMQ vulnerability....
New Vulnerabilities Thursday 16 November
michele654
Vulnerabilities
New Alerts for Red Lion, Wireshark, NetApp, IBM, TRENDnet, NetBSD, and Linux. Red Lion  Sixnet RTU contains two vulnerabilities, Authentication Bypass using an Alternative Path or Channel, and Exposed Dangerous Method or Function. Both have CVSSv3 score of 10.Patches and mitigation instructions.More info. And here. Wireshark  Wireshark ha...
New Vulnerabilities Wednesday 15 November
michele654
Vulnerabilities
Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for VMware, Aruba, Google Chrome, Google ChromeOS, Intel, and F5. Microsoft  Microsoft Monthly Patches are out, fixing 64 vulnerabilities, 14 vulnerabilities affecting Microsoft Edge, and 5 vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three vulnerabili...
New Vulnerabilities Tuesday 14 November
michele654
Vulnerabilities
Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Hitachi Energy, Xerox, Zoom, Ivanti, and Linux. Siemens  Siemens Monthly Patches are out, with 14 new bulletins and 18 updated bulletins. Of the new bulletins, highest CVSSv3 score of 9.8More info.Siemens OPC UA Modeling Editor is affected by an XXE injection vuln...
New Vulnerabilities Monday 13 November
michele654
Vulnerabilities
New Alerts for BD, NetApp, and Linux. BD  BD has published security updates for Alaris, Data Agent, and FACSymphony A3/A5/A1More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8Two have patches.More info. Linux  SUSE has upd...
New Vulnerabilities Friday 10 November
michele654
Vulnerabilities
New Alerts for SysAid, Weidmüller, Johnson Controls, Microsoft Edge, and Linux. SysAid  A Patch Traversal vulnerability has been exploited as a 0-day in SysAid On-Prem Software. CVSSv3 score of 9.8More info. Weidmüller  Weidmüller products use WIBU CodeMeter Runtime. A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network s...
New Vulnerabilities Thursday 09 November
michele654
Vulnerabilities
New Alert for Atlassian. Enjoy the break, in my experience tomorrow/next week will make up for it...  Atlassian  The Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server. CVSSv3 score of 10.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber...
New Vulnerabilities Wednesday 08 November
michele654
Vulnerabilities
New Alerts for Lanaccess, Softing, Dell, WithSecure, Google Chrome, and Linux. Lanaccess  An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM. This vulnerability could allow a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. CVSSv3 sco...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/