CND News and Blog

New Alerts for Cisco, Mitsubishi Electric, Endress+Hauser, and Dell. Cisco Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium. The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager. CVSSv3 score of 10.More info. Mitsubishi Electric A DoS vulnerability exists in MELSEC iQ-F seri...

New Alerts for Microsoft Edge (Exploit), Festo, Voltronic Power, Contec, ModSecurity, IBM, and Linux. Microsoft Exploit Microsoft has updated Edge with the latest chromium vulnerabilities. Exploits are in the wild.More info. Festo FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attack...

New Alerts for Google Chrome, Pilz, Tenable Security Center, Mbed TLS, and Linux. Google Google has published updates for Chrome for Desktop that fixes one security vulnerability rated High that is actively being exploited.More info.Microsoft is aware. More info. Pilz The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remo...

New Alerts for Pilz, ifm electronic, IBM, Dell, NetApp, and Linux. Pilz PiCtory has three vulnerabilities, 2 rated Critical, 1 rated Medium. A remote attacker can bypass of authentication. Highest CVSSv3 score of 9.8More info. ifm electronic A vulnerability has been disclosed in PLC ifm AC4xxS that allows a remote attacker to trigger the safety sta...

New Alerts for Microsoft Edge, D-Link, IBM, Dell, and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes and fixes for 3 Edge-specific vulnerabilities.More info. D-Link D-Link has published 2 bulletins identifying vulnerabilities in EOS/EOL products. No fixes will be provided.More info. And here. IBM IBM has published Critic...

New Alerts for Cisco, Broadcom, Mitsubishi Electric, Ricoh, IBM, and Linux. Cisco Cisco has published 2 new bulletins, 1 Critical and 1 Medium. The Critical bulletin lists vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) could allow a remote attacker to issue commands on the underlying operating system ...

New Alerts for Google Chrome, Mozilla, MICROSENS, ControlID, Kaleris, GitLab, and Linux. MICROSENS MICROSENS NMP Web+ contains several vulnerabilities, including Use of Hard-coded, Security-relevant Constants and Insufficient Session Expiration. These could allow a remote attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. H...

New Alerts for MB Connect, Advantech, Westermo, Hitachi Energy, Splunk, Fortinet, and Linux. We have raised a Subject Alert for potential cyber activity from Iran and Israel increasing during the ceasefire. MB Connect The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can allow a remote att...

New Alerts for Microsoft Edge, F5, NetApp, and IBM. Microsoft Microsoft has updated Edge to apply the latest chromium-based fixes.More info. F5 BIG-IP Next CNF contains a vulnerability in Ruby that allows a remote attacker to smuggle a message to the client/server without the intermediary being aware of it. CVSSv3 score of 7.5More info. NetApp NetA...

New Alerts for Delta, Dell, IBM, and Linux. Happy Weekend! Delta Delta's Langflow online service contains Code Injection and Weak Password vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell Dell has published a Critical bulletin for Container Storage Modules.More info. IBM IBM has published Critical bulletins for CloudPak for Data and wats...

New Alerts for Broadcom Tanzu, ClamAV, Cisco, UniFi, IBM, and Linux. Broadcom Broadcom has published 10 new bulletins identifying security vulnerabilities in Tanzu products. Highest CVSSv3 score of 9.8More info. ClamAV ClamAV has been updated to fix DoS and RCE vulnerabilities. Highest CVSSv3 score of 9.8More info. Cisco A vulnerability in the AnyC...

Monthly Patches are out for Atlassian. New Alerts for Google Chrome, Dover Fueling Solutions, Citrix, OpenBSD, and Linux. Google Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Dover Fueling Dover Fueling Solutions ProGauge MagLink LX consoles contain a Missing Authentication vul...

New Alerts for Apache Commons and Tomcat, Anthropic, BD, IBM, and Linux. Apache Apache Commons FileUpload contains a vulnerability in multi-part file uploads that can cause a DoS.More info. And here.Apache Tomcat contains the DoS vulnerability in Commons FileUpload and other vulnerabilities.More info. And here. Anthropic MCP Inspector is vulnerable...

New Alerts for Microsoft Edge, WAGO, SICK, PostgreSQL JDBC, NetApp, and Splunk. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fixes.More info. WAGO Vulnerabilities exist in the WAGO Device Manager that allow remote attackers to send requests and read server responses through crafted web applications or to access the fi...

New Alerts for GitLab, PTZOptics and other PTZ camera vendors, Siemens, Mitel, Ricoh, and XWiki. GitLab The latest GitLab release includes 10 security fixes, 4 rated High, 5 rated Medium, 1 rated Low. Highest CVSSv4 score of 8.7More info. PTZOptics PTZOptics and other Pan-Tilt-Zoom Camera providers contain several vulnerabilities including Hardcode...

Monthly Patches are out for Palo Alto Networks. New Alerts for Moxa, Meinberg, Mozilla, SinoTrack, MicroDicom, and Linux. Palo AltoNetworks Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High, 2 rated Medium, and 3 rated Low. Highest CVSSv3 score of 8.6More info. And here. Moxa Moxa PT-G7728 and PT-G7828 series are affected by a hi...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Google Pixel. New Alerts for Google Chrome, GFI, and Trend Micro. Microsoft Microsoft Monthly Patches include 67 vulnerabilities. 10 rated Critical, 1 actively exploited, and 1 publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Adobe Patch Monthly Patches from Adobe includ...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Bosch, Hitachi, SolarWinds, CoreDNS, Trend Micro, Hugging Face, and Linux. Three more vendors are expected to publish Monthly Patches this afternoon.  Siemens Siemens Monthly Patches include 6 new bulletins and 19 updated bulletins. Of the new bulletins Highest CV...

New Alerts for Hongding Technology, QNAP, and Linux. Hongding Technology Hongding Technology Smart Parking Management System contains an exposure of sensitive information vulnerability. CVSSv4 score of 9.3More info. QNAP QNAP has identified vulnerabilities in OpenSSH that affect QTS and QuTShero. Highest CVSSv3 score of 6.8More info. Linux Red...

New Alerts for CyberData, ZIV, NetApp, Dell, IBM, and Linux. CyberData CyberData 011209 SIP Emergency Intercom contains several vulnerabilities, including Authentication Bypass, Missing Authentication, SQL Injection, Insufficiently Protected Credentials, and Path Traversal. Highest CVSSv4 score of 9.3More info. ZIV Eight vulnerabilities have been i...