CND News and Blog

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for IBM, BD, and Linux. UPDATED TO ADD: Monthly Patches for Microsoft and Adobe are out now. Palo Alto Networks Monthly Patches are expected tomorrow. Microsoft  Microsoft Monthly Patches include 98 vulnerabilities, 11 rated Critical (7 of which allow RCE), 1 pub...

New Alerts for IBM and Synology. IBM  Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.8More info. And here. Synology  A vulnerability allows remote attackers to possibl6 execute arbitrary commands via a susceptible version of Synology VPN Plus Server. CVSSv3 score of 10M...

New Alerts for Digital Arts, HCL Software, and Linux.  Digital Arts  m-FILTER contains an improper authentication vulnerability when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. CVSSv3 score of 5.3More info. And here. HCL Software  HCL Compass is affected by an IBM HTTP Serve...

New Alerts for Dell, ManageEngine, and Linux.  Dell  PowerProtect DD remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this CriticalMore info.Container Storage Modules remediation is available for a golang.org/x/net vulnerability that may b...

Monthly Patches are out for Qualcomm, MediaTek, Google Android, Google Pixel, Samsung, and Fortinet. New Alerts for Dell and Apache Tomcat. Qualcomm  Monthly Patches for Qualcomm are out with 22 vulnerabilities, 3 rated Critical, 17 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.3More info. MediaTek  Monthly Patches for MediaTe...

New Alert for IBM. IBM  Automation Assets in IBM Cloud Pak for Integration is vulnerable to RCE due to an xmldom vulnerability and a webpack loader-utils vulnerability. CVSSv3 score of 9.8More info. And here. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intellig...

No new Alerts today!  Enjoy. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries. https://...

New Alert for IBM. Happy New Year! IBM  In addition to many updates of operating system level packages, Java and Apache security vulnerabilities is addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8More info.IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.j...

New Alerts for MatrixSSL, NetApp, and NETGEAR. MatrixSSL  MatrixSSL has been updated to fix an integer overflow vulnerability. CERT Bund rates this CVSSv3 score of 10.More info. NetApp  NetApp has published 10 new bulletins identifying security vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8...

New Alerts for NETGEAR and Linux.    Along with these, there is a security update for Nintendo, which includes Mario Kart and Animal Crossing: New Horizons, that fixes a remote code execution vulnerability, CVSSv3 score of 9.8.  Although not "business", my adult children both have Nintendo consoles with this, as do many, many ot...

There are no new vulnerabilities to report. (Creating the blog just to document I actually did do the work. )  ;) Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vu...

New Alert for Linux.  Linux  SUSE has updated the kernel. More info.OpenSUSE has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing...

New Alerts for Priva, BD, IBM, Dell NetApp, and Juniper. Priva  Priva TopControl Suite is vulnerable to secure shell (SSH) credentials being deciphered. An attacker could calculate the login credentials for the Priva product and login remotely. CVSSv3 score of 7.5More info. BD  BD has updated CCE, IDM, Data Agent, ViperLT, and Totalys for...

New Alerts for Synology, Mitsubishi Electric, Hikvision, IBM, and Western Digital. Synology  Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM). CERT Bund rates this CVSSv3 score of 10.More info. Mitsu...

New Alerts for D-Link, Dell, NetApp, Zyxel, curl, Open vSwitch, and Linux. D-Link  D-Link DIR-824/EE hardware contains several unauthenticated OS command injection vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell  Dell SRM and Dell Storage Monitoring and Reporting have a security update for multiple third-party xomponent vulner...

New Alerts for Tenable, NVIDIA, Symantec, HCL Software, and Linux. Tenable  Nessus Network Monitor leverages third-party components, two of which were found to contain vulnerabilities. Highest CVSSv3 score of 9.8More info. NVIDIA  NVIDIA DGX A100 server and NVIDIA DGX Station A100 has been updated to address issues that may lead to code e...

New Alerts for BD, Microsoft Edge, IBM, HCL Software, and Linux. BD  BD has updated several products to apply Microsoft and third-party patches.More info. Microsoft  Microsoft has updated Edge to include the latest chromium-based security patches.More info. IBM  IBM Cognos Analytics has addressed multiple vulnerabilities. Highest CVS...

New Alerts for VMware, NetApp, Shibboleth, Samba, and Tenable. VMware  vRealize Network Insight (vRNI) contain command injection and directory traversal vulnerabilities present in the vRNI REST API. A remote attacker can execute commands and read arbitrary files. Highest CVSSv3 score of 9.8More info. VMware Workspace ONE Access and Identity Ma...

New Alerts for Weidmueller, Rockwell Automation, IBM, Google (ChromeOS LTS), and Linux. Weidmueller  Multiple IoT and control products are affected by a JavaScript injection vulnerability in the XML editing system SCHEMA ST4 online help by Quanos Solutions GmbH. CVSSv3 score of 6.1More info. And here. Rockwell Automation  Rockwell Automat...

Monthly Patches are out for Microsoft (Exploit) and Adobe. New Alerts for Apple (Exploit), Contec, Google Chrome, Rockwell Automation, Dell, NETGEAR, and Mozilla. Palo Alto Networks Monthly Patches are expected out this afternoon. Microsoft Exploit Microsoft Monthly Patches include 74 vulnerabilities, 7 are Critical, 1 was previously disclosed, and...