Skip to main content

CND News and Blog

New Vulnerabilities Thursday 09 November

New Alert for Atlassian. Enjoy the break, in my experience tomorrow/next week will make up for it...  Atlassian  The Apache ActiveMQ RCE Vulnerability impacts Bamboo Data Center and Server. CVSSv3 score of 10.More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber...

0
  264 Hits
  0 Comments

New Vulnerabilities Wednesday 08 November

New Alerts for Lanaccess, Softing, Dell, WithSecure, Google Chrome, and Linux. Lanaccess  An improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM. This vulnerability could allow a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure. CVSSv3 sco...

0
  303 Hits
  0 Comments

New Vulnerabilities Tuesday 07 November

Monthly Patches are out for Google Android, Google Pixel, and Samsung. New Alerts for GE Gas Power, Hitachi, Dell, and Linux. GE GasPower  GE Gas Power products include the vulnerable web UI feature of Cisco IOS XE Software, although the feature is not on by default. If you turned it on, turn it off.More info. Google  Google Monthly Patch...

0
  322 Hits
  0 Comments

New Vulnerabilities Monday 06 November

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Samsung, FRRouting, QNAP, NetApp, Veeam, NextGen Healthcare, and Linux. Qualcomm  Qualcomm Monthly Patches are out, with 16 vulnerabilities, 4 rated Critical, 7 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  MediaTek Monthly Patches include ...

0
  269 Hits
  0 Comments

New Vulnerabilities Friday 03 November

New Alerts for Weintek, Franklin Fueling System, Crimson, Microsoft Edge, Moxa, and Linux. Weintek  Weintek EasyBuilder Pro has a Use of Hard-coded Credentials vulnerability that could allow a remote attacker to obtain remote control of a victim's computer as a privileged user. CVSSv3 score of 9.8More info. Franklin Fueling System  Frankl...

0
  332 Hits
  0 Comments

New Vulnerabilities Thursday 02 November

New Alerts for Cisco, VMware, IBM, Mitsubishi Electric, Moxa, Hitachi Energy, and Linux. Cisco  Cisco has published 24 new bulletins, 1 rated Critical, 9 rated High, and 14 rated Medium. Highest CVSSv3 score of 9.9.More info.Vulnerabilities in Cisco FTD Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8....

0
  334 Hits
  0 Comments

New Vulnerabilities Wednesday 01 November

New Alerts for Zavio (Exploit), INEA, Tenable, IBM, Google Chrome, and Linux.     Zavio Exploit Zavio IP Cameras contain several vulnerabilities, including Buffer Overflow and OS Command Injection. Highest CVSSv3 score of 9.8EoL, Zavio is out of business, pick another product and replace.More info. INEA  INEA EME RTU contai...

0
  397 Hits
  0 Comments

New Vulnerabilities Tuesday 31 October

New Alerts for Atlassian, Hitachi, D-Link, and Linux. Atlassian  An Improper Authorization vulnerability exists in Confluence Data Center and Server. CVSSv3 score of 9.1More info. Hitachi  Cosminexus has been updated for Oracle Java.More info. D-Link  D-Link DSVS products contain 2 vulnerabilities that can be used for DDoS or RCE.Mor...

0
  367 Hits
  0 Comments

New Vulnerabilities Monday 30 October

New Alerts for Apache ActiveMQ, ABB, Microsoft Edge, Dell, and NetApp. Apache  Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types. CVSSv3 score of 9.8More info. ABB Exploit COM600 product firm...

0
  320 Hits
  0 Comments

New Vulnerabilities Friday 27 October

New Alerts for Sielco (Exploit), Dingtian (Exploit), F5, BD, and IBM. Sielco Exploit Sielco PolyEco1000 contains several vulnerabilities, including Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control. Highest CVSSv3 score of 9.8No response from vendor, exploit exists.More info.Analog FM Transmitters ...

0
  374 Hits
  0 Comments

New Vulnerabilities Thursday 26 October

New Alerts for Apple (Exploit), Tenable, Rockwell Automation, Meinberg, IBM, and Linux. Apple Exploit Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, and Safari. One vulnerability is being exploited in older iOS versions. Highest CVSSv3 score of 9.8More info. Tenable  Tenable has updated Nessus Network Monitor with updates f...

0
  371 Hits
  0 Comments

New Vulnerabilities Wednesday 25 October

New Alerts for Google Chrome, VMware, Mozilla, Tenable, SICK, IBM, F5, and OpenSSL. Google  Google has updated Chrome for Desktop with 2 security fixes.More info. VMware  vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. Highest CVSSv3 base score of 9.8.More info. Mozilla  Mozi...

0
  329 Hits
  0 Comments

New Vulnerabilities Tuesday 24 October

New Alerts for VMware, Bosch, Squid, and Linux. VMware  Aria Operations for Logs contains an authentication bypass vulnerability. CVSSv3 score of 8.1More info. Bosch  The SLC-0-GPNT00300 from Bosch Rexroth contains technology from SICK AG, which contained an authentication bypass by capture-replay. Exploiting the vulnerability would allow...

0
  321 Hits
  0 Comments

New Vulnerabilities Monday 23 October

New Alerts for Cisco, Microsoft Edge, IBM, HP, NETGEAR, and Linux. Cisco  Cisco has begun patching their products for the IOS XE Software bug reported 16 October, CVSSv3 score of 10. These patches are in the most current version, older versions are TBD, and then there will be the products that use IOS XE Software as their base.More info. Micro...

0
  364 Hits
  0 Comments

New Vulnerabilities Friday 20 October

New Alerts for VMware, Baker Hughes, Yokogawa, GE Gas Power, NetApp, and Linux. VMware  VMware Aria Operations for Logs contains an authentication bypass vulnerability and a deserialization vulnerability. CVSSv3 score of 8.1More info. Baker Hughes  Baker Hughes – Bently Nevada 3500 System TDI Firmware has a vulnerability in the password r...

0
  350 Hits
  0 Comments

New Vulnerabilities Thursday 19 October

New Alerts for Google ChromeOS, Apache HTTP Server, and Dell. Google  Google has updated ChromeOS and ChromeOS Flex to fix an unspecified number of security vulnerabilities, some rated Critical.More info. Apache  Apache HTTP Server has been updated with 3 security fixes, 1 rated Moderate (HTTP/2 Rapid Reset) and 2 rated Low.More info. Del...

0
  302 Hits
  0 Comments

New Vulnerabilities Wednesday 18 October

New Alerts for Sophos, Atlassian, Google Chrome, Rockwell Automation (Exploit), Dell, and Linux. Sophos  Sophos has fixed a password disclosure vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall when the password type is set to "specified by sender". Sophos has fixed. CVSSv3 score of 6.5More info. Atlassian Atlassian has...

0
  267 Hits
  0 Comments

New Vulnerabilities Tuesday 17 October

Oracle Quarterly Patches are out today. New Alerts for Cisco (Exploit), Paessler, IBM, and Linux. Cisco Exploit Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet. This vulnerability allows a remote attacker to create an account on an affected syste...

0
  307 Hits
  0 Comments

New Vulnerabilities Monday 16 October

New Alerts for BD, Rockwell Automation, Microsoft Edge, Dell, NetApp, and Linux. Oracle Quarterly Patch Update comes out tomorrow.  The pre-release announcement is available here. BD  BD has published third-party software security updates for Pyxis, Identity Provider Manager, Alaris, Care Coordination Engine, and Data Agent.More info. Roc...

0
  282 Hits
  0 Comments

New Vulnerabilities Friday 13 October

New Alerts for BD, HP, NetApp, Node.js, Yifan (0-Day), and Linux. BD  BD has published third-party software security updates for ViperLT.More info. HP  A security vulnerability has been identified in the HP ThinUpdate utility which may lead to information disclosure. CVSSv3 score of 4.8More info. NetApp  NetApp has published a bullet...

0
  274 Hits
  0 Comments

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/