CND News and Blog

Monthly Patches are out for Fortinet, Microsoft, Adobe, and Ivanti. New Alerts for Google Chrome, Arista, and Linux. Fortinet  Monthly Patches are out with 10 new bulletins, 1 rated Critical, 2 rated High, 5 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.3More info.An unverified password change vulnerability in FortiSwitch GUI may al...

Monthly Patches are out for Google Android, Samsung, SAP, Siemens, and Schneider Electric. New Alerts for VMware Tanzu Greenplum and Linux.  This afternoon Monthly Patches for Microsoft and Adobe are expected. Google  Google has published the Monthly Patches for Android, with 42 vulnerability fixes plus Arm, Imagination Technologies, Medi...

Monthly Patches are out for Qualcomm and MediaTek. New Alerts for Weidmuller, Dell, PowerDNS, and NetApp. Tomorrow is Monthly Patch day for Android, Samsung, Microsoft, Adobe, SAP, Siemens, and Schneider Electric, followed by Palo Alto Networks and Juniper Networks. Qualcomm  Qualcomm Monthly Patches include 20 fixed vulnerabilities, 4 rated C...

New Alerts for Microsoft Edge, Bitdefender, M-Files, Philips, Ivanti (Exploit), and Linux.  Microsoft  Microsoft Edge has been updated to include the latest chromium updates.More info. And here. Bitdefender  Bitdefender has published 3 new bulletins for GravityZone Console. Highest CVSSv3 score of 9.5More info. M-Files  M-Files ...

New Alerts for Cisco, Apache Traffic Server, OpenVPN, IBM, and Linux. Cisco  A vulnerability in chat messaging features of Cisco Enterprise Chat and Email could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5More info. Apache  Apache Traffic Servr is vulnerable to request smuggling via chunked messages.More info. OpenVPN ...

New Alerts for Apple watchOS, Google Chrome, Mozilla, Meinberg, Django, Apache Camel, and Linux. Apple  Apple has published a security bulletin for watchOS.More info. Google  Google has updated Chrome for Desktop to fix 14 security vulnerabilities.More info.Microsoft is aware. More info. Mozilla  Mozilla has published security update...

New Alerts for Apple, Broadcom, and IBM. Apple  Apple has published security bulletins for Safari, Xcode, iOS, iPadOS, macOS, tvOS, and visionOS.More info. Broadcom  NGINX has been updated in VIP Authentication Hub. CVSSv3 score of 9.8More info.Security fixes has been published for Tanzu Greenplum. Highest CVSSv3 score of 9.8More info. An...

New Alerts for IBM and Linux. IBM  IBM has published Critical bulletins for Automation Decision Services, Db2 on Cloud Pak for Data, Db2 Warehouse on Cloud Pak for Data, and App Connect Enterprise.More info. Linux  Red Hat has updated grub2. More info.Oracle Linux has updated the kernel. More info. Security Wizardry Cyber Threat Intellige...

New Alerts for Westermo, DrayTek, NetApp, IBM, Dell, and Linux. Westermo  An issue in WeOS 5 exists where a malformed ESP packet could cause the device to reboot. CVSSv3 score of 5.9More info.Westermo have identified an issue where a remote attacker could gain unauthorized access to a device. CVSSv3 score of 7.5More info. DrayTek  DrayTek...

Quarterly Patches are out for Splunk. New Alerts for Microsoft Edge (Exploit), Mozilla Firefox, Wind River, Dell, BD, and Linux. Microsoft Exploit Microsoft has updated Edge to fix one security vulnerability. Exploits exist in the wild.More info. Splunk  Splunk Quarterly Patches include 13 bulletins, 6 rated High, 6 rated Medium, and 1 rated L...

New Alerts for Google Chrome (Exploit), Inaba Denki Sangyo, HPE, Broadcom, Arista (0-Day), BD, and Linux. Google Exploit Google has updated Chrome for Desktop to fix 1 security vulnerability. Exploits exist in the wild.More info.Microsoft is aware. More info. Inaba Denki Sangyo  Several vulnerabilities exist in CHOCO TEI WATCHER mini. Highest ...

New Alerts for Kubernetes (IngressNightmare), Hitachi Energy, HPE, F5, NetApp, IBM, and Linux. Kubernetes  ingress-nginx has been updated to fix several critical vulnerabilities that have been publicly disclosed. Highest CVSSv3 score of 9.8More info. And here. Hitachi Energy  Hitachi has published 3 new bulletins with updates for RTU500, ...

New Alerts for Next.js, PyTorch, Microsoft Edge, HPE, JTEKT, Apache Commons, and Linux. Next.js  Next.js has been released to address a security vulnerability. It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. CVSSv3 score of 9.1More info. PyTorch  A deserializatio...

New Alerts for CrushFTP, IBM, Dell, and Linux. CrushFTP  A vulnerability exists in CrushFTP that allows unauthenticated HTTP(S) port access.More info. IBM  IBM has published Critical bulletins for Maximo Application Suite - IoT, Cloud Pak for Multicloud Management, and FileNet Content Manager.More info. Dell  Dell has published Criti...

New Alerts for Google Chrome, Spring Security, and Linux.  Google  Google has updated Chrome for Desktop to fix 2 security vulnerabilities, one of which is rated Critical.More info.Microsoft is aware. More info. Spring  Two vulnerabilities have been patched in Spring Security. Highest CVSSv3 score of 7.4More info. Linux  SUSE ha...

Monthly Patches are out for Atlassian. New Alerts for Progress Software and IBM. Progress Software  LoadMaster has been updated to fix a vulnerability that allows a remote attacker to issue a crafted HTTP request that causes a stack-based buffer overflow and potentially execute arbitrary system commands. CVSSv3 score of 9.8More info. Atlassian...

New Alerts for Ricoh, MB Connect, IBM, Helmholz, and CODESYS. Ricoh  Ricoh MFP and Printers contain vulnerabilities in the PostScript interpreter and embeded webserver that could result in RCE. Highest CVSSv3 score of 9.1More info. MB Connect  The data24 service that is bundled with every installation of mbCONNECT24/mymbCONNECT24 has two ...

New Alerts for SICK, Santesoft, IBM, Dell, and Linux. SICK  Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx that could allow a remote attacker to impact availabiltiy, integrity and confidentaility of the products. Highest CVSSv3 score of 9.8No patches, use good security.More info. Santesoft  Multiple vulnerabili...

New Alerts for PHP, expat, Microsoft Edge, Arista, Shibboleth, NetApp, and Linux. PHP  PHP has been updated to fix several vulnerabilities. Highest CVSSv3 score of 7.5More info. expat  expat has been updated to fix a DoS vulnerability. CVSSv3 score of 7.5More info. And here. Microsoft  Microsoft has updated Edge with the latest chrom...

Monthly Patches are out for Cisco and Palo Alto Networks. New Alerts for Microsoft Edge, Xerox, ABB, Lenovo, and Linux. Cisco  Cisco has published 11 bulletins, 8 rated High and 3 rated Medium. Highest CVSSv3 score of 8.6More info.Vulnerabilities in the IPv4 ACL feature, QoS policy feature, and Layer 3 multicast feature of Cisco IOS XR Softwar...