CND News and Blog

Quarterly Patches for Oracle are out this afternoon. Pre-release notice is available. New Alerts for Mitsubishi Electric, IBM, and Linux. Mitsubishi Electric  An authorization bypass vulnerability exists in the WEB server function of the MELSEC iQ-F/iQ-R Series. An unauthenticated remote attacker may be able to access the WEB server function b...

New Alerts for Xerox, Google ChromeOS, and Linux. Xerox  Xerox has updated Xerox WorkCentre models to correct vulnerabilities including insecure password encryption, show embedded system accounts, and remove the ability to disable functionality.More info. Google  Google has published a security update for ChromeOS / ChromeOS Flex.More inf...

New Alerts for Sewio, InHand Networks, SAUTER, Microsoft Edge, IBM, NetApp, and Linux. Sewio  RTLS Studio contains multiple vulnerabilities, including Use of Hard-coded Password, OS Command Injection, Out-of-bounds Write, Cross-Site Request Forgery, Improper Input Validation, and Cross-site Scripting. Highest CVSSv3 score of 10.More info. InHa...

Quarterly Patches are out for Juniper Networks. New Alerts for Cisco, WAGO, IBM, Zyxel, and Linux. Cisco  Cisco has published 11 new bulletins, 1 Critical, 3 High, and the rest Medium. Highest CVSSv3 score of 9.0More info.Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Rout...

New Alerts for Google Chrome, Moxa, Westermo, MAHO-PBX, NetApp, Western Digital, Black Box, and Linux. Google  Google has updated Chrome for Desktop to fix 17 security vulnerabilities.More info.Microsoft is aware. More info. Moxa  TN-4900 Series contains a Use of Hard-coded Credentials vulnerability that allows an attacker to gain privile...

Monthly Patches are out for Siemens, Schneider Electric, and SAP. New Alerts for IBM, BD, and Linux. UPDATED TO ADD: Monthly Patches for Microsoft and Adobe are out now. Palo Alto Networks Monthly Patches are expected tomorrow. Microsoft  Microsoft Monthly Patches include 98 vulnerabilities, 11 rated Critical (7 of which allow RCE), 1 pub...

New Alerts for IBM and Synology. IBM  Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Highest CVSSv3 score of 9.8More info. And here. Synology  A vulnerability allows remote attackers to possibl6 execute arbitrary commands via a susceptible version of Synology VPN Plus Server. CVSSv3 score of 10M...

New Alerts for Digital Arts, HCL Software, and Linux.  Digital Arts  m-FILTER contains an improper authentication vulnerability when emails are being sent under certain conditions, and unintended emails may be sent by a remote attacker. CVSSv3 score of 5.3More info. And here. HCL Software  HCL Compass is affected by an IBM HTTP Serve...

New Alerts for Dell, ManageEngine, and Linux.  Dell  PowerProtect DD remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. Dell rates this CriticalMore info.Container Storage Modules remediation is available for a golang.org/x/net vulnerability that may b...

Monthly Patches are out for Qualcomm, MediaTek, Google Android, Google Pixel, Samsung, and Fortinet. New Alerts for Dell and Apache Tomcat. Qualcomm  Monthly Patches for Qualcomm are out with 22 vulnerabilities, 3 rated Critical, 17 rated High, and 2 rated Medium. Highest CVSSv3 score of 9.3More info. MediaTek  Monthly Patches for MediaTe...

New Alert for IBM. IBM  Automation Assets in IBM Cloud Pak for Integration is vulnerable to RCE due to an xmldom vulnerability and a webpack loader-utils vulnerability. CVSSv3 score of 9.8More info. And here. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intellig...

No new Alerts today!  Enjoy. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries. https://...

New Alert for IBM. Happy New Year! IBM  In addition to many updates of operating system level packages, Java and Apache security vulnerabilities is addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8More info.IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.j...

New Alerts for MatrixSSL, NetApp, and NETGEAR. MatrixSSL  MatrixSSL has been updated to fix an integer overflow vulnerability. CERT Bund rates this CVSSv3 score of 10.More info. NetApp  NetApp has published 10 new bulletins identifying security vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8...

New Alerts for NETGEAR and Linux.    Along with these, there is a security update for Nintendo, which includes Mario Kart and Animal Crossing: New Horizons, that fixes a remote code execution vulnerability, CVSSv3 score of 9.8.  Although not "business", my adult children both have Nintendo consoles with this, as do many, many ot...

There are no new vulnerabilities to report. (Creating the blog just to document I actually did do the work. )  ;) Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing vu...

New Alert for Linux.  Linux  SUSE has updated the kernel. More info.OpenSUSE has updated the kernel. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry.com/ Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page A mobile version of our Security Wizardry Radar Page, providing...

New Alerts for Priva, BD, IBM, Dell NetApp, and Juniper. Priva  Priva TopControl Suite is vulnerable to secure shell (SSH) credentials being deciphered. An attacker could calculate the login credentials for the Priva product and login remotely. CVSSv3 score of 7.5More info. BD  BD has updated CCE, IDM, Data Agent, ViperLT, and Totalys for...

New Alerts for Synology, Mitsubishi Electric, Hikvision, IBM, and Western Digital. Synology  Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM). CERT Bund rates this CVSSv3 score of 10.More info. Mitsu...

New Alerts for D-Link, Dell, NetApp, Zyxel, curl, Open vSwitch, and Linux. D-Link  D-Link DIR-824/EE hardware contains several unauthenticated OS command injection vulnerabilities. Highest CVSSv3 score of 9.8More info. Dell  Dell SRM and Dell Storage Monitoring and Reporting have a security update for multiple third-party xomponent vulner...