CND News and Blog

New Alerts for Moxa, SICK, HP, Endress+Hauser, IBM, Dell, and Linux. Moxa  NE-4100, MiiNePort E1, MiiNePort E2, and MiiNePort E3 contain a vulnerability that allows a remote attacker to retrieve administration passwords without proper authentication. CVSSv3 score of 9.8More info. SICK  A critical vulnerability has been discovered in the ....

New Alerts for Microsoft Edge, Synology, Kieback&Peter, Spring, Belden, OPC Foundation, Hikvision, Moxa, and NetApp. Microsoft  Microsoft has updated Edge to include the latest chromium fixes and 9 Edge-specific vulnerabilities.More info. Synology  Synology Camera BC500, TC500, and CC400W contain vulnerabilities that allow remote atta...

New Alerts for Cisco, Mitsubishi Electric, Meinberg, Elvaco, LCDS, and Linux. Cisco  Cisco has published 3 new bulletins. Highest CVSSv3 score of 8.2More info.Multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmwarecould allow a remote attacker to delete or change the configuration, execute commands as the root user, ...

Monthly Patches are out for Google Pixel. New Alerts for Google Chrome, SolarWinds, Microsoft, HP, Bosch, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities.More info.Google has published the Monthly Patches for Pixel, with 29 vulnerabilities and patches for Android.More info. SolarWinds  Sola...

Quarterly Patches are out for Splunk, and will be out shortly for Oracle. New Alerts for TAI, MB Connect, Helmholz, Kubernetes, Mbed TLS, BD, Mozilla Firefox, and Linux. Oracle  Oracle Quarterly Patches are expected out this afternoon. The pre-release lists 329 new security patches, 204 of which are remotely exploitable without authentication....

New Alerts for Mozilla Thunderbird, Moxa, and NetApp. Mozilla  Thunderbird has been updated to fix a critical vulnerability.More info. Moxa  Moxa's cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. Highest CVSSv4 scor...

New Alerts for Wireshark, Microsoft Edge, HPE, Rockwell Automation, IBM, Dell, and Linux. Oracle Quarterly Patches are next week, the pre-release notice is out, here. Wireshark  Wireshark has been updated to fix 2 DoS vulnerabilities. CVSSv3 score of 7.5More info. Microsoft  Microsoft has updated Edge with the latest chromium updates.More...

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Progress, PEPPERL+FUCHS, GitLab, Ruckus, and Linux. Palo Alto Networks  Monthly Patches include 7 bulletins, 1 rated Critical, 2 rated High, and 4 rated Medium. Highest CVSSv4 score of 9.9More info.Multiple vulnerabilities in Expedition allow a remote attacker ...

Monthly Patches are out for Microsoft, Adobe, and Ivanti. New Alerts for Mozilla, Rockwell Automation, Mitel, and Linux. Microsoft  Monthly Patches include 117 vulnerabilities, 3 are rated Critical, 5 have been previously disclosed, 2 of those are being exploited. Updates include the latest chromium updates for Edge.More info. And here. And he...

Monthly Patches are out for Google Android, Samsung, SAP, Siemens, and Schneider Electric. New Alert for Phoenix Contact. Monthly Patches will be out for Microsoft and Adobe this afternoon. Google  Monthly Patches for Android include 9 vulnerabilities, all rated High, plus updates from Imagination Technologies, MediaTek, and Qualcomm. More inf...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Moxa, NetApp, IBM, Dell, and Linux. Tomorrow is Patch Tuesday for at least 7 vendors. Qualcomm  Monthly Patches include 20 vulnerabilities, 1 rated Critical, 12 rated High, and 7 rated Medium. Highest CVSSv3 score of 9.8More info. MediaTek  Monthly Security Bulletin include...

New Alerts for Delta Electronics, Subnet Solutions, TEM, Xerox, Microsoft Edge, CUPS, and Linux. Delta Electronics  DIAEnergie contains a SQL Injection vulnerability that could allow a remote attacker to retrieve records or cause a DoS. Highest CVSSv4 score of 9.3More info. And here. Subnet Solutions  PowerSYSTEM Center contains several v...

New Alerts for PowerDNS, WithSecure, Cisco, Flexera, DrayTek, and Linux. PowerDNS  An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a DoS. CVSSv3 score of 7.5More info. WithSecure  A DoS vulnerability was discovered in WithSecure Atlant Product th...

New Alerts for Google Chrome, Mitsubishi Electric, Optigo Networks, Mozilla, Bosch, and Linux. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities.More info. Mitsubishi Electric  A DoS vulnerability due to OpenSSL vulnerability exists in MELSEC iQ-F OPC UA Unit. A remote attacker could cause DoS by getting a le...

New Alerts for Diffie-Hellman, Splunk, Hitachi, F5, IBM, and Juniper Networks. Diffie-Hellman  D(HE)at Attack allows a remote attacker to overheat the CPU with computations, resulting in a DoS.More info. Splunk  Splunk has updated the plug-in for AWS to fix a DoS.More info. Hitachi  Cosminexus Component Container has been updated to ...

New Alerts for CUPS, Microsoft Edge, HPE, Atelmo, Progress What's Up Gold, Synology and Linux. CUPS  Linux CUPS has a chain of vulnerabilities that can be used to achieve RCE. Patches are rolling out in the various distros.More info. And here. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. HPE  Secu...

New Alerts for Cisco, BD, IBM, NetApp, GitLab, PHP, Veritas, Franklin Fueling, and Linux. Cisco  Cisco has published 15 new bulletins, 8 rated High and 7 rated Medium. Updates for IOS and IOS XE Software, Catalyst SD-WAN Routers, Catalyst Center, Catalyst 9000, and SD-WAN vEdge. Highest CVSSv3 score of 8.6More info. BD  BD has published t...

New Alerts for Nessus, Google Chrome, HPE, WatchGuard, Dover Fueling, Alisonic, OMNTEC, RAISECOM, and Linux. Nessus  Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 core of 9.8More info. Google  Google has updated Chrome for Desktop to fix 5 security vulnerabilities.More info. HPE&nbs...

New Alerts for BD, Philips, CODESYS, IBM, and Linux. BD  BD has published security updates for third-party software included in IDM, Pyxis, Data Agent, CCE, and Alaris.More info. Philips  Philips Intellispace PACS is affected by VMware vulnerabilities. Highest CVSSv3 score of 9.8No patches yet.More info. CODESYS  Receiving a specific...

New Alerts for Apache Tomcat, NetApp, F5, HPE, and Linux. Apache  Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products...