CND News and Blog

New Alerts for CyberPower, PcVue, Microsoft Edge, IBM, NetApp, and Linux. CyberPower  Power Panel has been updated to fix several security vulnerabilities, included hard-coded credentials. Highest CVSSv3 score of 9.8More info. PcVue  A vulnerability has been identified in the TMW IEC 61850 Client libraries resulting from specially crafted...

New Alerts for Dropbox Sign (Exploit), Cisco, SonicWall, Tinyproxy, IBM, and HashiCorp. Dropbox Exploit Dropbox has reported an incident in their Dropbox Sign product that exposed customer information as well as customers simply signing a document.More info. Cisco  Multiple vulnerabilities in Cisco IP Phone firmware could allow a remote attack...

New Alerts for Google Chrome, IBM, Dell, HPE, Aruba, and Linux. Google  Google has updated Chrome for Desktop to fix 2 security vulnerabilities.More info. IBM  Multiple security vulnerabilities have been fixed in IBM Business Automation Manager Open Editions. Highest CVSSv3 score of 9.1More info.Vulnerabilities in OpenSSH and the edge Lin...

New Alerts for Tenable and Linux. Tenable  Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 6.5More info. Linux  SUSE has updated the kernel. More info.Red Hat has updated the kernel. More info.Amazon Linux 2023 has updated the kernel. More info. Security Wizardry Cyber Threat...

New Alerts for Belden, Microsoft Edge, and IBM. Belden  A vulnerability in the HTTP(S) management module of HiEOS devices could allow a remote attacker to bypass authentication for web server resources. CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge to include the latest chromium vulnerability fixes.More info. IBM&nbs...

New Alerts for Honeywell, Secomea, NetApp, and UI. Honeywell  Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC contain security vulnerabilities that could disclose sensitive information, allow privilege escalation, or allow remote code execution. Highest CVSSv4 score of 9.2More info. Secomea  A classic...

New Alerts for Cisco (Exploit), Broadcom, Dell, and HPE. Cisco Exploit A vulnerability in the management and VPN web servers for Cisco ASA and FTD Software could allow a remote attacker to cause the device to reload unexpectedly, resulting in a DoS. CVSSv3 score of 8.6This is actively exploited.More info. Broadcom  Broadcom has published 4 new...

New Alerts for BD, HCL Software, FreeRDP, Moxa, Meinberg, Google Chrome, PowerDNS, and Linux. BD  BD has provided security patches for third-party software for Care Coordination Engine.More info. HCL Software  The Domino Blog template contains a version of Dojo susceptible to a Prototype Pollution vulnerability. CVSSv3 score of 9.8More in...

New Alerts for Hitachi, BD, WatchGuard, and Linux. Hitachi  A session hijacking vulnerability exists in Hitachi Ops Center Analyzer. CVSSv3 score of 7.5More info. BD  BD has provided security patches for third-party software for Pyxis, Alaris, Identity Provider Manager, and Data Agent.More info. WatchGuard  Fireware OS and WSM Manage...

New Alerts for Dräger, Moxa, Siemens (Exploit), IBM, ownCloud, and Linux. Dräger  Dräger Core and M540 Converter Service contains a vulnerability that allows a remote attacker to send a specially crafted SDC message and cause a DoS. CVSSv3 score of 7.5Patches will be provided in the next product release.More info. Moxa  The AIG-301 Series...

New Alert for Palo Alto Networks (all patches are out now), Rockwell Automation, Microsoft Edge, Dell, Xerox, NetApp, and Unitronics. Palo Alto Networks Exploit All patches are now out. CVSSv4 score of 10.Actively exploited. More info. Rockwell Automation  FactoryTalk Production Centre is vulnerable to an Apache ActiveMQ vulnerability. CVSSv3 ...

New Alerts for Palo Alto Networks (PoCs are out), Cisco, Mitel, Broadcom, ClamAV, Atlassian, and Linux. Palo Alto Networks Exploit PoCs are out for the GlobalProtect vulnerability. CVSSv4 score of 10.Actively exploited. More patches expected today and tomorrow.More info. Cisco  Cisco has released 3 new bulletins, 2 rated High and 1 rated Mediu...

New Alerts for Palo Alto GlobalProtect advisory changes, Mozilla, Electrolink, Broadcom, Google Chrome, Ivanti, and Linux. Palo Alto Networks Exploit The GlobalProtect vulnerability guidance is changing, disabling Telemetry, previously reported as a workaround, does not provide protection. CVSSv4 score of 10.Actively exploited. Some patches availab...

Oracle Quarterly Patches are out this afternoon. New Alerts for Hitachi, PuTTY, and Linux. Oracle  Oracle Quarterly Critical Patch Update is out this afternoon, the pre-release notes list 437 security patches, with 285 of these exploitable without authentication.More info. Hitachi  Hitachi has published updates in JP1 and Cosminexus.More ...

New Alerts for Palo Alto Networks (Exploit activity and patches), Microsoft Edge, HPE, HP, NetApp, and Linux. Palo Alto Networks Exploit A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the fi...

New Alerts for Palo Alto Networks (0-Day), Rockwell Automation, Dell, IBM, and Linux. Palo Alto Networks A command injection vulnerability in the GlobalProtect feature for specific PAN-OS versions and distinct feature configurations may enable a remote attacker to execute arbitrary code with root privileges on the firewall. CVSSv4 score of 10Patche...

Monthly Patches are out for Palo Alto Networks and Juniper Networks. New Alerts for Google Chrome, Languages, Spring, IBM, and Linux. Google  Google has updated Chrome for Desktop to fix 3 security vulnerabilities.More info.Microsoft is aware. More info. Palo Alto Networks  Monthly Patches are out for Palo Alto Networks with 8 bulletins, ...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Rust, Pepperl+Fuchs, HPE, and Linux. Microsoft  Microsoft Monthly Patches are out, with 149 vulnerabilities plus chromium vulnerabilities. Three are rated Critical, and 1 is being exploited. Highest CVSSv3 score of 9.0More info. And here. Adobe  Adobe has published...

Monthly Patches are out for SAP, Siemens, Schneider Electric and Unisoc. New Alert for Welotec. Monthly Patches for Microsoft, Adobe, and Node.js are expected this afternoon. SAP  SAP Security Patch Day saw the release of 10 new Security Notes and 2 updated Security Notes. Highest CVSSv3 score of 8.8More info. Siemens  Siemens Monthly Pat...

New Alerts for FRRouting, Westermo, Dell, and OpenSSL. FRRouting  In FRRouting a remote attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. CVSSv3 score of 7.5More info. Westermo  WeOS uses the WebDAV PROPFIND and could allow a remote attacker to obtain sensitive information. CVSSv3 s...