CND News and Blog

New Alerts for Microsoft Edge, MOTEX, Philips, IBM, and Linux. It has been my privilege to provide these blog posts over the years reporting the daily alerts that go on the Radar Page. As we transition to new staff providing the Radar Page services, it has been decided to drop the daily blog posts.  The detail provided in this post can be seen...

New Alerts for Moxa, Squid, Westermo, SICK, LANCOM, NetApp, and Linux. Oracle has published their Pre-Release bulletin for Tuesday's Quarterly Patches. More info. Moxa Moxa is reporting 5 vulnerabilities in their Network Security Appliances and Routers, 3 rated Critical, 1 rated High, and 1 rated Medium. Highest CVSSv4 score of 9.9More info. Squid ...

New Alerts for Samba,Cisco, Broadcom, D-Link, Zoom, Apache ActiveMQ, and Linux. Note that there is a special note about the F5 Compromise, that fixed software was included in the recent Quarterly Patches.More info. Samba Samba has published new bulletins, one of which is a vulnerability that allow a remote attacker to achieve remote code execution....

Monthly Patches are out for Microsoft, Adobe, and Fortinet. Quarterly Patches are out for F5. New Alerts for Google Chrome, TIBCO, and Linux. Microsoft Monthly Patches for Microsoft include 157 vulnerabilities, 8 rated Critical, 1 previously disclosed, and 2 actively exploited. Highest CVSSv3 score of 9.9.More info. And here. Adobe Adobe has publis...

Monthly Patches are out for SAP, Siemens, Schneider Electric, and Ivanti. New Alerts for Rockwell Automation, Phoenix Contact, Mozilla, F5, Murrelektronik, and Linux.  This afternoon Microsoft and Adobe patches come out. Tomorrow more vendors should report Monthly Patches. SAP Monthly Patches for SAP include 13 new security notes and 4 up...

Monthly Patches bulletin for Unisoc is out. New Alerts for Broadcom Tanzu, Google LTS ChromeOS, Dassault Systemes, and Linux. Broadcom Broadcom has published an update for VMware Tanzu for MySQL on Kubernetes that fixes many vulnerabilities. Highest CVSSv3 score of 9.8More info. Google Google has updated the Long Term Support version of ChromeOS to...

Monthly Patches are out for Qualcomm. New Alerts for Microsoft Edge, HPE, Wireshark, NetApp, IBM, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Qualcomm Qualcomm Monthly Patches are out, with 15 vulnerabilities, 3 rated Critical, 9 rated High, and 3 rated Medium. Highest CVSSv3 score of 8.8More info. HPE ...

Monthly Patches are out for Juniper Networks. New Alerts for Checkpoint, GitLab, Moxa, IBM, and Linux. Juniper Networks Juniper Monthly Patches include 20 bulletins, 2 rated Critical, 6 rated High, and 12 rated Medium. Highest CVSSv3 score of 9.0More info. Checkpoint Checkpoint has updated to fix a Lack of TLS validation vulnerability. CVSSv3 ...

Monthly Patches are out for MediaTek. New Alerts for Google Chrome, ESRI, Xerox, Python, IBM, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. MediaTek MediaTek Monthly Patches include 16 vulnerabilities, 7 rated High and 9 rated Medium.More info. ESRI A critical SQL ...

Monthly Patches are out for Samsung Android. New Alerts for B&R Automation, IBM, and Linux.Although this is "Mobile Patch Tuesday", it is an odd one.  Qualcomm put out no Monthly Bulletin yesterday, Google Android's Monthly Bulletin lists no vulnerabilities, but Samsung Android's bulletins lists several Google Android CVEs.  No Monthl...

Monthly Patches are out for Samsung Semiconductor. New Alerts for Oracle (Exploit), PcVue, HAProxy, Dell, and Linux. Oracle Exploit Oracle has published an Out-of-cycle bulletin for an Oracle E-Business Suite vulnerability that is remotely exploitable without authentication. CVSSv3 score of 9.8. This is being actively exploited.More info. And here....

New Alerts for Microsoft Edge, Raise3D printers, NetApp, Dell, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Raise3D Raise3D Pro2 Series contains an authentication bypass vulnerability via an unauthenticated debug port. CVSSv4 score of 8.8Patches are being developed, no timeline provided.More info. NetApp...

New Alerts for Google Chrome, Splunk, Draytek, GTT, VMware, Dell, and Linux. Google Google has updated Chrome for Desktop to fix 21 security vulnerabilities.More info.Microsoft is aware. More info. Splunk Splunk has published 7 new bulletins, 2 rated High and 4 rated Medium. Highest CVSSv3 score of 7.5More info. Draytek A security vulnerability was...

New Alerts for Megasys Enterprises, HPE, Extreme Networks, Mozilla, OpenSSL, Hitachi Energy, and Linux. Megasys Enterprises Megasys Enterprises Telenium Online Web Application contains an OS Command Injection vulnerability. CVSSv4 score of 9.3More info. HPE Four security vulnerabilities had been identified in Telco Service Orchestrator softwar...

New Alerts for Apple, Hitachi, D-Link, VMware, F5, IBM, and Linux. Apple Apple has published security updates for iOS, iPadOS, macOS, and visionOS that fixes one vulnerability.More info. Hitachi Patch Hitachi has published security patches for Ops Center Common Services, Infrastructure Analytics Advisor, Ops Center Analyzer, Ops Center Viewpoint, A...

New Alerts for NetApp, IBM, and Linux. Happy Monday! NetApp Net App has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.7More info. IBM IBM has published Critical bulletins for Event Automation, PowerVC, and Storage Defender Copy Data Management.More info. Linux SU...

New Alerts for Cisco (Exploit), Microsoft (Edge), GitLab, Tenable, Dingtian, IBM, and Linux. Cisco Exploit Cisco has published 19 new bulletins, 2 rated Critical, 8 rated High, 9 rated Medium. Highest CVSSv3 score of 9.9One is actively exploited.More info. And here. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. GitL...

New Alerts for Extreme Networks, Apache (IoTDB), F5, Dell, IBM, and Linux. Extreme Networks A vulnerability in CPython "TarFile" module that can result in an infinite loop and deadlock during the parsing of maliciously crafted tar archives affects ExtremeCloud IQ - Site Engine (XIQ-SE).More info. Apache Apache IoTDB contains 2 vulnerabilities,...

New Alerts for Google Chrome, SolarWinds, WAGO, AutomationDirect, Dell, IBM, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. SolarWinds SolarWinds has published a hotfix for Web Help Desk to fix an unauthenticated AjaxProxy deserialization remote code execution vulne...

New Alerts for Flowise, IBM, and Linux. Flowise RCE and DoS vulnerabilities exists in Flowise. Highest CVSSv3 score of 10.More info. And here. IBM IBM has published a Critical bulletin for InfoSphere Master Data Management Server.More info. Linux SUSE has updated the kernel. More info.Oracle Linux has updated the kernel. More info.Debian has update...