CND News and Blog

A quiet day, new Alerts for Microsoft Edge and Linux. Microsoft Microsoft has updated Edge with the latest chromium fixes.More info. Linux Red Hat has updated the kernel and kernel-rt. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile ...

New Alerts for Mitel, HPE, NetApp, and Linux. Happy Friday! Mitel An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which allows a remote attacker to conduct an authentication bypass attack due to improper access control. CVSSv3 score of 9.4More info. HPE An Unauthorized Access...

New Alerts for ABB, HPE, Arista, Tenable, Dell, IBM, and Linux. ABB A vulnerability exists in the Modbus TCP server functionality that allows a remote attacker to access fragments of Modbus telegrams that have been sent earlier by that PLC. CVSSv4 score of 6.9More info. HPE Security vulnerabilities have been identified in the HP-UX Secure Shell dae...

Samsung has published Monthly Patches for Samsung TV. New Alerts for Google Chrome, Mozilla, DuraComm, Dahua, SonicWall, and Linux. Google Google has published an update for Chrome for Desktop that fixes three security vulnerabilities.More info.Microsoft is aware. More info.Philips has also identified their products affected by Chrome vulnerabiliti...

New Alerts for HPE, F5, Synology, Dell, ASUS, IBM, and Linux. HPE Security vulnerabilities have been identified in third-party software included in HPE Telco Network Function Virtual Orchestrator. Highest CVSSv4 score of 9.3More info. F5 F5OS contains a vulnerability where a certificate with a URI may incorrectly satisfy a URI name constraint that ...

New Alerts for Microsoft SharePoint (Exploit), Sophos Firewall, Helmholz, MB connect, BD, PowerDNS, and Linux. Microsoft Exploit Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows a remote attacker to execute code over a network. Microsoft is aware that an exploit exists in the wild. Note that public exploits were a...

New Alerts for Leviton, Broadcom, IBM, F5, NetApp, and Linux. Leviton Leviton AcquiSuite and Energy Monitoring Hub contain a vulnerability could allow a remote attacker to craft a malicious payload in URL parameters that would execute in a client browser when accessed by a user, steal session tokens, and control the service. CVSSv3 score of 9.3No r...

New Alerts for Microsoft Edge, Fortra, HPE, Dell, IBM, Philips, and Linux. Microsoft Microsoft has updated Edge with the latest chromium vulnerability fixes and one Edge-specific fix.More info. Fortra Broken access control in Fortra's GoAnywhere MFT allows a remote attacker to cause a DoS. CVSSv3 score of 5.3More info. HPE Security vulnerabilities ...

Atlassian has published Monthly Patches. New Alerts for Delta, Google Chrome, ISC BIND, LITEON, and Linux. Delta Delta DIAView contains a Directory Traversal Information Disclosure. CVSSv3 score of 9.8More info. Google Google has updated Chrome for Desktop to fix six security vulnerabilities.More info.Microsoft is aware. More info. Atlassian Atlass...

Quarterly Patches will be out for Oracle this afternoon, pre-release info is available. New Alerts for SCATI, Unisoc, and Linux. Oracle Oracle's Quarterly Critical Patch Update addresses 305 new security patches, according to the pre-release, 145 of which are remotely exploitable without authentication. Highest CVSSv3 score of 9.8Patches are expect...

New Alerts for KUNBUS, Omron, IBM, NetApp, and Linux. Oracle Quarterly Patches come out tomorrow. KUNBUS The RevPi Webstatus application is vulnerable to an authentication bypass. CVSSv3 score of 9.8More info. And here. Omron A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac ...

New Alerts for Apache HTTP and Tomcat, GnuTLS, Alcatel Lucent, Broadcom, Dell, Watchguard, and Linux. Apache Apache has published security updates for HTTP Server and Tomcat. HTTP Server has Moderate and Low vulnerabilities. Tomcat has Important and Low vulnerabilities.More info. And here. And here. GnuTLS GnuTLS has published an update that fixes ...

New Alerts for Emerson, Ruckus Wireless, Zoom, Broadcom, IBM, and Linux. Emerson Emerson ValveLink Products contains multiple vulnerabilities including Cleartext Storage of Sensitive Information in Memory, Protection Mechanism Failure, Uncontrolled Search Path Element, and Improper Input Validation. Highest CVSSv4 score of 9.3More info. Ruckus ...

Monthly Patches are out for Microsoft, Adobe, Palo Alto Networks, Fortinet, and Juniper Networks. New Alerts for HPE and Linux. Microsoft Microsoft Monthly Patches incude 130 fixed vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. Fourteen are rated Critical, 1 was publicly disclosed. H...

Monthly Patches are out for Samsung Android, MediaTek, Siemens, Schneider Electric, and SAP. Quarterly Patches are out for Splunk. New Alerts for Phoenix Contact, WAGO, and Linux. Patches for Microsoft and Adobe are expected this afternoon.  Patches for Palo Alto and Juniper are expected tomorrow.An item of note, there were no security patches...

Monthly Patches are out for Qualcomm and Samsung Semiconductor. New Alerts for NetApp, IBM, and Linux. Tomorrow is Patch Tuesday for at least 8 vendors. Qualcomm Qualcomm Monthly Patches include 20 patched vulnerabilities, 4 rated Critical and 16 rated High. Highest CVSSv3 score of 9.1More info. Samsung Semiconductor Samsung Semiconductor Mont...

New Alerts for Citrix, ABB, Dell, and Linux. Happy Independence Day to my fellow Americans! Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows a remote attacker to cause unintended control flow and DoS. CVSSv4 score of 9.2More info. ABB ABB RMC-100 with REST interface contains vulnerabilities that allow a...

New Alerts for Cisco, Mitsubishi Electric, Endress+Hauser, and Dell. Cisco Cisco has published 4 new bulletins, 1 rated Critical and 3 rated Medium. The Critical bulletin identifies static SSH Credentials for root in Unified Communications Manager. CVSSv3 score of 10.More info. Mitsubishi Electric A DoS vulnerability exists in MELSEC iQ-F seri...

New Alerts for Microsoft Edge (Exploit), Festo, Voltronic Power, Contec, ModSecurity, IBM, and Linux. Microsoft Exploit Microsoft has updated Edge with the latest chromium vulnerabilities. Exploits are in the wild.More info. Festo FESTO Hardware Controller and Hardware Servo Press Kit contain several vulnerabilities that could allow a remote attack...

New Alerts for Google Chrome, Pilz, Tenable Security Center, Mbed TLS, and Linux. Google Google has published updates for Chrome for Desktop that fixes one security vulnerability rated High that is actively being exploited.More info.Microsoft is aware. More info. Pilz The Pilz industrial PC IndustrialPI webstatus application is vulnerable to a remo...