CND News and Blog

New Alerts for SICK, Santesoft, IBM, Dell, and Linux. SICK  Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx that could allow a remote attacker to impact availabiltiy, integrity and confidentaility of the products. Highest CVSSv3 score of 9.8No patches, use good security.More info. Santesoft  Multiple vulnerabili...

New Alerts for PHP, expat, Microsoft Edge, Arista, Shibboleth, NetApp, and Linux. PHP  PHP has been updated to fix several vulnerabilities. Highest CVSSv3 score of 7.5More info. expat  expat has been updated to fix a DoS vulnerability. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge with the latest chrom...

Monthly Patches are out for Cisco and Palo Alto Networks. New Alerts for Microsoft Edge, Xerox, ABB, Lenovo, and Linux. Cisco  Cisco has published 11 bulletins, 8 rated High and 3 rated Medium. Highest CVSSv3 score of 8.6More info.Vulnerabilities in the IPv4 ACL feature, QoS policy feature, and Layer 3 multicast feature of Cisco IOS XR Softwar...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Apple, HPE, Optigo Networks, and Linux. Microsoft Exploit Monthly Patches include 51 fixes with 6 rated Critical. Six vulnerabilities are actively exploited. Highest CVSSv3 score of 8.8More info. And here.Microsoft is aware of exploits in the wild for Edge vulnerabilities.No...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Google Chrome, Apache, Zoom, and Linux. Monthly Patches for Microsoft and Adobe are expected this afternoon. Siemens  Monthly Patches include 27 bulletins, 11 new and 16 updated. Highest CVSSv4 score of 9.5More info.Multiple products contain two authentication byp...

New Alerts for Broadcom, Microsoft Edge, F5, HPE, QNAP, IBM, and Linux. Broadcom  Brocade ASCG contains a vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 7.5More info. Microsoft  Microsoft has updated Edge with the latest chromium fixes and one Edge-specific fix.More info. F5 BIG-IP Next contains a vulnerabilit...

New Alerts for NetApp, Dell, and Linux. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.1Only 1 has patches.More info. Dell  Dell has published a Critical bulletin for PowerStore Family.More info. Linux  Ubuntu has updated the kern...

New Alerts for Moxa, Synology, Jenkins, IBM, Dell, and Linux. Moxa  Moxa PT switches are vulnerable to an authentication bypass because of flaws in their authorization mechanism. CVSSv4 score of 9.2More info. Synology  DSM product contain a vulnerability that allows a remote attacker to read any file via NFS. This is rated Important.More ...

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, Edimax, Weidmueller, Mozilla, F5, BD, and Linux. Google  Pixel Monthly Patch bulletin includes 7 vulnerabilities, 1 rated Critical, 2 rated High, and 4 rated Moderate, plus Android patches.More info.Chrome for Desktop has been updated to fix 14 security vulnerabilities.Mor...

Monthly Patches are out for Google Android and Samsung Android. New Alerts for Meinberg, HP, IBM, Dell, and Linux. Google  Google has published the Android Monthly Patch bulletin, with 35 vulnerabilities plus MediaTek and Qualcomm patches. The most Critical vulnerabilities allow RCE.More info. Samsung  Monthly Patches for Android include ...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductor. New Alerts for Veritas, IBM, and Dell. Qualcomm  Qualcomm has published Monthly Patches, 7 rated Critical, 5 rated High, and 2 rated Medium. Highest CVSSv4 score of 7.9More info. MediaTek  Monthly Patches include 10 bulletins, 3 rated High and 7 rated Medium. Highe...

New Alerts for Dario Health, Synology, IBM, NetApp, and Linux. Dario Health  USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure contain several vulnerabilities, including Information Disclosure, Improper storage of sensitive data, cleartext transmission of sensit...

New Alerts for Extreme Networks, Philips, IBM, and Dell. Extreme Networks  ExtremeCloud IQ Controller contains a race condition in sshd that allows a remote attacker to achieve RCE as root.More info. Philips  Philips is reporting malicious, unauthorized versions of DICOM viewer have been identified.Only download DICOM viewer from authoriz...

New Alerts for Google Chrome, HPE, Hitachi Energy, Hitachi, Ruby, and Linux. Google  Chrome for Desktop has been updated to fix 1 security vulnerability.More info.Microsoft is aware. More info. HPE  HPE NonStop CLIM has two OpenSSH vulnerabilities that could lead to remote code execution. Highest CVSSv3 score of 9.8More info.Security vuln...

New Alerts for Pepperl+Fuchs and Linux. Pepperl+Fuchs  A Windows TCP/IP RCE vulnerability exists in HMI devices. CVSSv3 score of 9.8Update WIndows, no actual response from the vendor.More info. Linux  Ubuntu has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ ...

New Alerts for Moxa, IBM, and Linux. Moxa  EN 50155 Switches are affected by an out-of-bounds write vulnerability that allows a remote attacker to cause a DoS. CVSSv4 score of 8.7More info. IBM  IBM has published Critical security bulletins for Cloud Pak for Multicloud Management, Data Virtualization on Cloud Pak for Data, and MaaS360 Clo...

New Alerts for Microsoft Edge, F5, Philips, BD, NetApp, Dell, and Linux.  Microsoft  Edge has updated to include the latest chromium updates and 4 Edge specific vulnerabilities.More info. F5  BIG-IP, APM Clients, and BIG-IQ Centralized Management are affected by a vulnerability. Highest CVSSv3 score of 9.8More info. Philips  Vue...

New Alerts for Microsoft Bing, Moxa, Cisco, HPE, BIND, Wireshark, and Linux. Microsoft  Missing Authentication for Critical Function in Microsoft Bing allows a remote attacker to execute code. CVSSv3 score of 8.6More info. Moxa  Multiple PT switches are affected by a high-severity vulnerability which could allow a remote attacker to cause...

New Alerts for Google Chrome, Mozilla Firefox, D-Link, UniFi, Atlassian, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info. Mozilla  Mozilla has updated Firefox to fix 1 security vulnerability.More info. D-Link  DIR-823 firmware in routers has been retired, and 7 vulnerabilities have...

New Alerts for OpenSSH and Linux. OpenSSH  Two vulnerabilities have been fixed in OpenSSH. Highest CVSSv3 score of 7.5More info. Linux  SUSE has updated the kernel and microcode. More info.Mageia has updated the microcode. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security ...