CND News and Blog

New Alerts for Cisco, HPE, NetApp, IBM, and Django. Cisco Cisco has published 10 new bulletins, 1 rated Critical, 2 rated High, and 7 rated Medium.More info.A vulnerability in AWS, Microsoft Azure, and OCI cloud deployments of Cisco ISE could allow a remote attacker to access sensitive data, execute limited administrative operations, modify system ...

Monthly Patches are out for Samsung. New Alerts for Microsoft Edge (Exploit), HPE, Acronis, Python (Mailman 3), HP, and Linux. Samsung Samsung has published Monthly Patches for Android with 19 vulnerabilities, plus Google Android and Samsung Semiconductor vulnerability patches.More info. Microsoft Microsoft has updated Edge with the latest chromium...

Monthly Patches are out for Google Android. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, ABB, Pilz, HPE, ModSecurity, and Linux. Google Google has published monthly patches for Android with 11 vulnerabilities rated High, plus Qualcomm, Imagination Technologies, and Arm vulnerability patches.More info.Google has published an u...

Monthly Patches are out for Qualcomm, MediaTek, and Samsung Semiconductors. New Alerts for HPE, Moxa, NetApp, and Linux. Qualcomm Qualcomm Monthly Patches include 10 new bulletins, 2 rated Critical and 8 rated High. Highest CVSSv3 score of 8.6More info. MediaTek MediaTek Monthly Patches include 7 vulnerabilities, 1 rated High and 6 rated Medium. Mo...

New Alerts for Microsoft Edge, HPE, Instantel, Consilium Safety, Spring, Dell, and Linux. Microsoft Microsoft has updated Edge to update the latest chromium security updates and one Edge-specific vulnerability.More info. HPE Security vulnerabilities have been identified in OneView Software that allow a remote attacker to cause a DoS, code execution...

New Alerts for Mitsubishi Electric, Veritas, Acronis, Dell, IBM, and Linux. Mitsubishi Electric An Information disclosure and DoS vulnerability exists in MELSEC iQ-F series CPU module that allows a remote attacker to read information, or cause a DoS. CVSSv3 score of 9.1More info. Veritas Vulnerabilities were discovered in Arctera/Veritas Deskt...

New Alerts for Mozilla Thunderbird, Google Chrome, Arista, curl, Icinga, IBM, and Linux. Mozilla Mozilla has published Critical bulletins for Thunderbird.More info. Google Google has updated Chrome for Desktop to fix 11 security vulnerabilities.More info.Microsoft is aware. More info. Arista Arista EOS with IPsec enabled and anti-replay protection ...

New Alerts for Mozilla Firefox, Weidmueller, Hitachi Energy, Dell, Hitachi, and Linux. Mozilla  Mozilla has published Critical bulletins for Firefox and Firefox ESR.More info. Weidmueller  Weidmueller industrial ethernet switches are affected by multiple vulnerabilities, including Missing Auth and DoS. Highest CVSSv3 score of 9.8More info...

New Alerts for Siemens, Xerox, Philips, Pepperl+Fuchs, IBM, and Linux. Siemens  SiPass contains an out of bounds read vulnerability that could allow a remote attacker to create a DoS. CVSSv4 score of 8.7More info.SiPass integrated ACC devices do not properly check the integrity of firmware updates. This could allow a remote attacker to upload ...

New Alerts for Google Chrome, Versa (0-Day), Iridium, Tenable, NetApp, and GitLab. Google  Google has updated Chrome Early Stable Desktop to fix 8 security vulnerabilities.More info. Versa 0-Day A researcher has published several critical vulnerabilities in Concerto SD-WAN orchestration platform, including authentication bypass, RCE, and other...

New Alerts for Cisco, OpenSSL, HPE, Mitel, Automated Telematics, ModSecurity, and Linux. Cisco  Cisco has published 10 new bulletins. Highest CVSSv3 score of 8.6More info. OpenSSL  Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.More info. HPE  Multiple securit...

Atlassian has published Monthly Patches. New Alerts for TP-Link, AutomationDirect, Vertiv, BIND, Arista, and Linux. TP-Link  A stack-based buffer overflow vulnerability on the TP-Link Archer AX50 router allows a remote attacker to execute arbitrary code on the device over LAN and WAN networks. CVSSv4 score of 9.2More info. AutomationDirect&nbs...

New Alerts for Spring, PowerDNS, VMware, Sungrow, Netgate, and IBM. Spring  Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. CVSSv3 score of 9.1More info. PowerDNS  A remote attacker can cause a DoS via a crafted TCP connection. CVSSv3 score of 7.5More...

New Alerts for Mozilla (0-Day), Wiedmueller, NetApp, IBM, Dell, Xerox, and Linux. Mozilla 0-Day Mozilla has published Critical updates Firefox and Firefox ESR to fix vulnerabilities identified in a Pwn2Own competition.More info. Weidmueller  Weidmueller product ResMa is affected by a vulnerability in Progress Telerik UI for AJAX that could res...

New Alerts for Microsoft Edge, Rockwell Automation, Wiesemann & Theis, Mozilla, BD, Samsung TV, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium fixes.More info. Rockwell Automation  A vulnerability has been identified in the third-party Apache log4net software, impacting the FactoryTalk Historian-ThingWorx Co...

Monthly Patches are out for Palo Alto Networks. New Alerts for Pgpool-II, Google Chrome (Exploit), Hitachi, Progress, Sonicwall, and Linux. Palo Alto Networks  Palo Alto Monthly Patches includes 11 bulletins. Highest CVSSv4 score of 8.2More info. Pgpool-II  An authentication bypass vulnerability exists in the client authentication mechani...

Monthly Patches are out for Microsoft, Adobe, Fortinet, and Ivanti. New Alerts for Juniper Networks, and Dell. Microsoft  Microsoft Monthly Patches include 70 patched vulnerabilities, 11 rated Critical, 5 actively exploited, and 1 publicly known. Highest CVSSv3 score of 10More info. And here. Adobe  Adobe has published Monthly Patches wit...

Monthly Patches are out for SAP, Siemens, and Schneider Electric. New Alerts for Apple, Phoenix Contact, Linksys, and Linux. Microsoft and Adobe Monthly Patches are out this afternoon. SAP  SAP Monthly Patches include 16 new security notes and 2 updated notes. Of the new security notes, highest CVSSv3 score of 9.1More info. Siemens  Sieme...

New Alerts for BD, IBM, Dell, Xerox, NetApp, and Linux. Tomorrow is Patch Tuesday for at least 5 vendors. BD  BD has published Critical updates for Pyxis, Data Agent, and CCE.More info. IBM IBM has published Critical bulletins for Business Automation Workflow, App Connect Enterprise, Planning Analytics, Operational Decision Manager, watsonx, a...

New Alerts for Microsoft Edge, Crestron, Pixmeo, ASUS, Delta, and Jetty. Microsoft  Microsoft has updated Edge with the latest chromium patches.More info. Crestron  Crestron DM-NAX-8ZSA, DM-NAX-4ZSP, DM-NAX-4ZSA-50 are being updated to fix vulnerabilities in AirPlay Audio SDK. Highest CVSSv3 score of 9.8More info. Pixmeo  OsiriX MD c...