CND News and Blog
New Alerts for Apple, D-Link, Circutor, Yokogawa, NetApp, Hitachi, and Linux. Apple Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS 2, Safari, and Xcode. More info. D-Link D-Link has updated several wireless routers to fix security issues like hardcoded credentials, hidden telnet services, and improper authen...
New Alerts for curl, WebIQ, F5, and ABB. curl When curl is built to use the GnuTLS library and told to use OCSP stapling to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.More info. WebIQ The Windows version of WebIQ is affected by a directory tra...
New Alerts for Rockwell Automation, Docker, Spring (VMware), NetApp, Extreme Networks, Zoom, and Linux. Rockwell Automation 5015-U8IHFT contains a DoS vulnerability with a malformed CIP Message. CVSSv4 score of 8.7More info. FactoryTalk Batch View contains an authentication bypass vulnerability due to shared secrets. CVSSv4 score of 9.2More i...
Monthly Patches are out for Palo Alto Networks. New Alerts for Cisco, iniNet, Microsoft Edge, HPE, Zyxel, HPE, Tenable, Dell, and Linux. Cisco Cisco has published 8 new bulletins, 6 rated High and 2 rated Medium. Highest CVSSv3 score of 8.8More info. A vulnerability in the Mtrace2 feature of Cisco IOS XR Software could allow a remote attacker...
Monthly Patches are out for Microsoft (0-Days), Adobe, and F5. New Alerts for Ivanti, Carrier (Viessmann), Google Chrome, and Linux. Microsoft 0-Day Microsoft Monthly Patches are out, with 79 vulnerabilities, 7 rated Critical and 4 are 0-days currently being exploited. Highest CVSSv3 score of 9.8More info. And here.Microsoft recently updated the Ed...
Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Endress+Hauser, Phoenix Contact, BD, HPE, LANCOM, IBM, and Linux. Monthly Patches for Microsoft and Adobe are expected later today. Siemens Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated. Of the new bulletins, 10 address vulnerabili...
New Alerts for QNAP, Festo, and ownCloud. QNAP QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.More info.A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.More info.A XSS vulnerability has been reported to affect QuLo...
New Alerts for IBM, F5, NetApp, Xerox, Zoom, and Linux. IBM QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.9More info.IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. CVSSv3 score of 9.8More info.Apache Derby could allow a remote attacker to bypass sec...
New Alerts for Juniper Networks, Cisco, Veeam, Baxter, HPE, and Dell. Juniper Networks Juniper has published an "On Demand" bulletin for Secure Analytics identifying several vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco Cisco has published 5 new bulletins, 1 rated Critical, 1 rated High, and 3 rated Medium. Highest CVSSv3...
Monthly Patches are out for Google Android, Pixel, and AAOS, as well as Samsung. New Alerts for D-Link, Mozilla, Moxa, HPE, LOYTEC Electronics, OpenSSL, and HAProxy. Google Google has published Monthly Patches for Android, with 12 vulnerabilities, all rated High, plus Arm, Imagination Technologies, Unisoc, and Qualcomm updates. Highest CVSSv3...
New Alerts for Google Chrome, Zyxel, and Linux. Google Android/Pixel and Samsung Android patches are expected out today. The Labor Day holiday put them off a bit. Google Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info. Zyxel An OS command injection vulnerability exists in some AP and security rout...
Monthly Patches are out for Qualcomm, MediaTek, and Samsung Exynos. New Alert for Dell. Qualcomm Qualcomm Monthly Patches include 8 patches for proprietary software and 13 patches for open source software, highest CVSSv3 score of 8.4More info. MediaTek MediaTek Monthly Patches include 6 vulnerabilities, all rated Medium.More info. Samsu...
New Alerts for libexpat, PHP, IBM, and Esri. libexpat Several buffer overflow vulnerabilities have been identified in libexpat.More info. And here. And here. PHP PHP has been updated to fix several vulnerabilities. CVSSv3 score of 7.5More info. And here. IBM IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift. ...
New Alerts for Cisco, Google Chrome, Wireshark, Dell, and Linux. Cisco Cisco has published 6 new bulletins, 1 rated High and the rest Medium. Highest CVSSv3 score of 8.6More info.A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8.6More info. Googl...
New Alerts for B&R Automation, F5, NetApp, Fortra, and Flowise. B&R Automation B&R APROL has been updated to fix 3 vulnerabilities, one of which allows a remote attacker to conduct a Reflected XSS attack. Highest CVSSv4 score of 7.3More info. F5 Traffix SDC contaions a vulnerability that could allow a remote attacker to acce...
New Alerts for Hitachi Energy and Linux. Hitachi Energy Multiple vulnerabilities exist in MicroSCADA X SYS600, some of which allow a remote attacker to cause confidentiality, integrity and availability impacts. Highest CVSSv3 score of 9.9More info. Linux Red Hat has updated the firmware. More info.Mageia has updated systemd. More info. ...
New Alerts for Avtec, Trumpf, IBM, F5, and NetApp. Avtec Outpost 0810 and Outpost Uploader Utility contain 2 vulnerabilities, Storage of File with Sensitive Data Under Web Root, and Use of Hard-coded Cryptographic Key. Highest CVSSv4 score of 8.7More info. Trumpf TruControl laser control software uses OpenSSH server and is affecte...
New Alerts for Microsoft Edge (Exploit) and Entra ID, SonicWall, Rockwell Automation, SolarWinds, Broadcom, and F5. Microsoft Exploit Microsoft has updated Edge to include the latest chromium patches as well as 4 Edge specific patches. Exploits are in the wild.More info.Improper access control in Decentralized Identity Services allows an unathentic...
New Alerts for Cisco, Google Chrome (Exploit), Microsoft Edge (Exploit), BD, SpaceLabs Healthcare, Welotec, IBM, and Linux. Cisco Cisco has published 5 new bulletins and 1 updated bulletin. Highest CVSSv3 score of 8.6More info.A vulnerability in the SIP call processing function of Unified CM and Unified CM SME could allow a remote attac...
New Alerts for CPython, Microsoft GitHub, Jira, Bosch, Mitel, and Linux. CPython A vulnerability in the parse_cookie function could be exploited by sending specially crafted cookie values to trigger significant delays, resulting in a DoS. CVSSv3 score of 7.5More info. And here. Microsoft GitHub Enterprise Server has been patched to fix ...
By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/