CND News and Blog

New Alerts for IBM, NetApp, and Linux. IBM  IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl. CVSSv3 score of 9.8More info.A vulnerability in Etcd-io could affect IBM CICS TX Standard. CVSSv3 score of 9.8More info. And here.IBM App Connect Enterprise Certified Container is vu...

New Alerts for BD, HPE, and NetApp. BD  BD has published third-party software updates for several products.More info. HPE  A security vulnerability in the OpenSSL Library impacts HPE IceWall products. The vulnerability could be exploited resulting in remote DoS. CVSSv3 score of 7.5More info. NetApp  NetApp Blue XP Connector exposes i...

New Alerts for Zyxel and Wireshark. Zyxel  Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities. CVSSv3 score of 9.8More info. Wireshark  Wireshark has published 9 new bulletins identifying DoS vulnerabilities. CVSSv3 score of 6.5More info. Security Wizardry Cyber Threat Intelligence - The Radar Pa...

New Alerts for Netgate, Hitachi Energy, Bosch, GitLab, Dell, and Linux. Netgate  An IPv6 packet larger than the MTU on an interface can lead to a kernel panic in pf, resulting in a DoS.More info. Hitachi Energy  Multiple vulnerabilities in the libexpat affect the AFS65x, AFS66x, AFS67x, AFR67x and AFF66x series products. Highest CVSSv3 sc...

New Alerts for Mitsubishi Electric, Meinberg, IBM, Hitachi, Apache Tomcat, and Linux. Mitsubishi Electric  DoS and RCE vulnerabilities exists in the MELSEC Series CPU modules. A remote attacker may cause a DoS condition or execute malicious code on a target product by sending specially crafted packets. CVSSv3 score of 10.More info. Meinberg&nb...

All quiet so far, but it's early in the day. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industrie...

New Alerts for Johnson Controls, Carlo Gavazzi (exploit), Apple (exploit), Microsoft Edge, WithSecure, and Linux. Johnson Controls  A vulnerability impacting OpenBlue Enterprise Manager Data Collector allows a remote attacker to expose sensitive information. CVSSv3 score of 10More info. And here. Carlo Gavazzi Exploit Carlo Gavazzi Powersoft h...

New Alerts for Cisco (Exploit), Mitsubishi Electric, IBM, Dell, Xerox, NetApp, and Aruba. Cisco Exploit Cisco has published 9 new bulletins and 1 updated bulletin. Of the new bulletins, 1 is rated Critical, the rest are Medium. Highest CVSSv3 score of 9.8More info.Multiple vulnerabilities in the web-based user interface of certain Cisco Small Busin...

New Alerts for Google Chrome, Snap One, WAGO, ZIBM, and Linux. Google  Google has published an update for Chrome for Desktop that includes 12 security fixes. At least 1 is rated Critical.More info.Microsoft is aware. More info. Snap One  OvrC Cloud, OvrC Pro Devices contain several vulnerabilities that allow a remote attacker to impersona...

New Alerts for SICK, IBM, Hitachi, vm2, and Linux. SICK  Multiple security vulnerabilities in the SICK FTMg device that could allow a remote attacker to impact the availabiltiy or confidentaility of the FTMg device. Highest CVSSv3 score of 7.5More info. IBM  IBM Edge Application Manager addresses security vulnerabilities in open source so...

New Alerts for OPC, IBM, Tenable, Vyper, and Linux. OPC  OPC has resolved a vulnerability in the OPC UA Legacy Java Stack that enables a remote attacker to block OPC UA server applications so that they can no longer serve client application. CVSSv3 score of 7.5More info. IBM  IBM Cloud Pak for Network Automation addresses multiple securit...

New Alerts for SDG Technologies, Rockwell Automation, Teltonika, IBM, Dell, and Netapp. SDG Technologies  The PnPSCADA system contains a critical unauthenticated error-based PostgreSQL Injection vulnerability allowing a remote attacker to engage with the underlying database seamlessly and passively. CVSSv3 score of 9.8No patch yet.More info. R...

Monthly patches are out for Palo Alto networks. New Alerts for F5, Mozilla, Tenda (Exploit), and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches includes 2 bulletins, highest CVSSv3 score of 6.5More info. F5  F5OS contains a vulnerability in python that can by used by a remote attacker to perform RCE. Highest CVSSv3 score of...

New alerts for Aruba, IBM, Dell, Mozilla, Tenable, and Linux. Aruba  Aruba has released patches for Aruba access points running InstantOS and ArubaOS 10 that address multiple security vulnerabilities that could allow a remote attacker to execute code or cause a DoS. Highest CVSSv3 score of 9.8More info. IBM  Multiple issues were identifie...

Monthly Patches are out for Microsoft, Adobe, and Siemens. Microsoft  Microsoft Monthly Patches include fixes for 49 vulnerabilities, 6 rated Critical and 2 being exploited. Exploited vulnerabilities include Secure Boot Security feature bypass, and Win32k EoP. Highest CVSSv3 score of 9.8More info. And here. And here.NFS contains a RCE vulnerab...

Monthly Patches are out for Schneider Electric and SAP. New Alert for F5.     Monthly Patches for Siemens, Microsoft, and Adobe expected this afternoon.  Palo Alto Networks might put out patches tomorrow. Schneider Electric  Schneider Electric Monthly Patches are out, with 4 new bulletins and 2 updated bulletins. Of th...

New Alerts for SICK, Microsoft Edge, and NetApp. SICK  SICK discovered a vulnerability in several Flexi Classic and Flexi Soft Gateways that allows a remote attacker to impact the availabiltiy of the gateways. CVSSv3 score of 7.5More info. Microsoft  Microsoft has updated Edge with the latest chromium updates and to fix Edge specific vuln...

Monthly Patches are out for MediaTek. New Alerts for Synology and Linux. MediaTek  MediaTek has published their Monthly Security Bulletin with details of vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT and TV chipsets. Seven vulnerabilities are rated High, And 19 vulnerabilities are rated Medium,...

Fortinet has put out Monthly Patches. New Alerts for Cisco, OPC, and libssh. Cisco  A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow a remote attacker to execute arbitrary code on an affected device. CVSSv3 score of 9.8 Product is EOL, no updates will be provided.More info. OPC  A vul...

New Alerts for Google Chrome, Atos, F5, IBM, and Linux. Splunk Quarterly Patches have been pushed off 2 weeks. Google  Chrome for Desktop has been updated to correct 15 security vulnerabilities, most of which are rated Medium or Low.More info.Microsoft is aware. More info. Atos  Multiple vulnerabilities have been identified in Unify OpenS...