CND News and Blog

New Alerts for Baxter, Meinberg, Apple Vision Pro (Exploit), IBM, Dell, and NetApp. Baxter  Baxter has published a list of products distributed by Baxter that are vulnerable to the Mirth Connect RCE. CVSSv3 score of 9.8Some patches are available, others are expected Q1 2024.More info. Meinberg  Meinberg has updated LANTIME firmware to fix...

New Alerts for Google Chrome, Emerson, Rockwell Automation, Trend Micro, Salt, SICK, and SuperMicro. Google  Google has updated Chrome for Desktop to fix 4 security vulnerabilities. More info. Emerson  Four vulnerabilities exist in Rosemount Gas Chromatographs that allow for a remote attacker to run arbitrary commands in root context, to ...

New Alerts for Festo, Mitsubishi Electric, Hitachi Energy, Hitachi, and Linux. Festo Several high severity vulnerabilities in CODESYS V3 affecting Festo products could lead to RCE or DoS. Highest CVSSv3 score of 8.8More info. Mitsubishi Electric  Authentication bypass and RCE vulnerabilities exist in multiple FA engineering software products. ...

New Alerts for FFmpeg, SE-elektronic, TRUMPF, Dell, HP, Juniper Networks, and Linux. FFmpeg  Two vulnerabilities in FFmpeg allow a remote attacker to conduct RCE and achieve DoS. Highest CVSSv3 score of 9.8More info. And here. SE-elektronic  E-DDC3.3 contains 2 vulnerabilities, one of which could allow a remote attacker to achieve RCE. Hi...

New Alerts for SystemK (Exploit), Microsoft Edge, Lexmark, GnuPG, and Linux. SystemK Exploit NVR 504/508/516 contains a command injection vulnerability that could allow a remote attacker to execute commands with root privileges. CVSSv3 score of 9.8PoC exists. No response from vendor.More info. Microsoft  Microsoft has updated Edge to correct t...

New Alerts for Cisco, HMS, Softing, Dell, HP, NetApp, and Linux. Cisco  Cisco has published 3 new bulletins, highest CVSSv3 score of 9.9More info.A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow a remote attacker to execute arbitrary code on an affected device. CVSSv3 score of 9.9More i...

New Alerts for Google Chrome, Voltronic Power, Fortra, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities, several rated High.More info. And here. Voltronic Power  ViewPower Pro contains several vulnerabilities, including Deserialization of Untrusted Data, Missing Authentication for Critical Functi...

New Alerts for Apple (Exploit), Splunk, TRUMPF, HPE, Mozilla, and Linux. Apple Exploit Apple has published updates for Safari, iOS, iPadOS, macOS, watchOS, and tvOS to fix 29 vulnerabilities among them, 3 of which are being exploited. Highest CVSSv3 score of 9.8More info. And here. Splunk  Splunk has published 4 new security bulletins covering...

New Alerts for Spring, WAGO, and Juniper Networks.  Spring  Spring Framework allows a remote attacker to provide specially crafted HTTP requests that may cause a DoS. CVSSv3 score of 7.5More info. WAGO  A heap-based buffer overflow is possible in CodeMeter Runtime affecting multiple products by WAGO. CVSSv3 score of 9.8More info. Jun...

New Alerts for AVEVA, Apache Tomcat, NetApp, and Linux. AVEVA  PI Server contains several vulnerabilities that could allow a remote attacker to crash the product or throttle the memory leading to a partial DoS. CVSSv3 score of 7.5More info. And here. Apache  Tomcat contains an Information Disclosure vulnerability. CVSSv3 score of 7.5More ...

New Alerts for Nextcloud, Microsoft Edge (Exploit), IBM, HPE, BD, and Linux. Nextcloud  Global Site Selector password verification method allows a remote attacker to authenticate as another user. CVSSv3 score of 9.6More info. Microsoft Exploit Microsoft has updated Edge for the latest Chromium security updates. One has been exploited.More info...

New Alerts for Integration Objects, ABB, X.Org, Dell, Google Chrome (Exploit), BD, and Linux. Integration Objects  OPC UA Server Toolkit contains an Improper Output Neutralization for Logs vulnerability. Successful exploitation of this vulnerability allows a remote attacker to add content to the log file. CVSSv3 score of 5.3No response from ve...

Oracle Quarterly Patches are out this afternoon. New Alerts for Atlassian and Citrix. Oracle  Oracle's Quarterly Critical Patch Update is out today, pre-release notice reports 387 new security patches, 243 remotely exploitable without authentication. Highest CVSSv3 score of 9.8The Pre-release announcement becomes the regular announcement, so t...

New Alert for Linux. Tomorrow Oracle Quarterly Critical Patch Update is out. Linux  CentOS 7 has updated the kernel-firmware. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry R...

New Alerts for Rapid Software, Microsoft Edge, D-Link (Exploit), GitLab, TRENDnet, NetApp, and Linux. Rapid Software  Successful exploitation of vulnerabilities in Rapid SCADA could result in a remote attacker connecting to the server and perfoming attacks using the high privileges of a service, obtaining administrator passwords, learning sens...

Monthly Patches are out for Juniper Networks. New Alerts for Ivanti (Exploit), Cisco, BD, and NVIDIA. Ivanti Exploit Vulnerabilities have been discovered in Ivanti Connect Secure (ICS). These vulnerabilities used together allow a remote attacker to craft malicious requests and execute arbitrary commands on the system. Highest CVSSv3 score of 9.1Pat...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. Quarterly Patches are out for Splunk. New Alerts for Google Chrome, HPE, IBM, and Linux. Microsoft  Microsoft Monthly Patches are out with 48 patched vulnerabilities plus chromium updates for Edge. Of the Microsoft vulnerabilities, 2 are rated Critical. Highest CVSSv3 score of 9.1More...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for Palo Alto Networks, BD, Google ChromeOS, and Linux. Microsoft and Adobe Monthly Patches are expected this afternoon.  Siemens  Siemens has published their Monthly Patches, with 6 new bulletins and 11 updated bulletins. Of the new bulletins, highest CVSSv3 sco...

New Alerts for QNAP, Bosch, Microsoft, HPE, HP, NetApp, and Linux. QNAP  A vulnerability has been reported in Netatalk which affects QNAP OS. CVSSv3 score of 9.8More info.A prototype pollution vulnerability affects QNAP OS. The vulnerability allows a remote attacker to override existing attributes which causes the system to crash. CVSSv3 score...

New Alerts for BD, Moxa, and Linux. BD  BD has published security updates for Alaris, Data Agent, Pyxis, Identity Provider Manager, Care Coordination Engine, EpiCenter, and Max.More info. Moxa  Moxa has added PT-7728 and PT-7828 series products to a bulletin from Nov 2023. Highest CVSSv3 score of 6.9More info. Linux  Ubuntu has updat...