Skip to main content

CND News and Blog

New Vulnerabilities Monday 21 November
michele654
Vulnerabilities
New Alerts for BD, Xerox, NetApp, and Linux. BD  BD is aware of and currently monitoring a vulnerability affecting all versions of Fortinet FortiOS products in use by BD Kiestra. CVSSv3 score of 9.6BD has not seen any exploits, but Fortinet reports this is actively exploited. The Fortinet bulletin was published 10 Oct 2022.More info. And here....
New Vulnerabilities Friday 18 November
michele654
Vulnerabilities
New Alerts for Red Lion Controls and Linux. Red Lion Controls  Red Lion Controls Crimson is vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. CVSSv3 score of 7.5More info. Linux  SUSE has ...
New Vulnerabilities Thursday 17 November
michele654
Vulnerabilities
New Alerts for BD, IBM, and Linux. BD  BD has published security bulletins for updates to Microsoft and third-party software in Identity Provider Manager, Alaris, Pyxis, and Data Agent products.More info. IBM  A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8More info. Linux  Ubuntu has ...
New Vulnerabilities Wednesday 16 November
michele654
Vulnerabilities
New Alerts for Mozilla, BD, and Linux. Mozilla  Mozilla has published security bulletins for Firefox, Firefox ESR, and Thunderbird, all rated High. Highest CVSSv3 score of 8.1More info. BD  BD has published security bulletins for updates to Microsoft and third-party software in FACSAria, FACS Sample Prep Assistant Systems, FACSLyric, Pyxi...
New Vulnerabilities Tuesday 15 November
michele654
Vulnerabilities
New Alerts for Phoenix Contact, Mitsubishi Electric, Moxa, Google ChromeOS, and Linux. Phoenix Contact  A denial of service of the HTTPS management interface of FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections, incoming from different source IPs. CVSSv3 score of 7.5More info. And here. Mi...
New Vulnerabilities Monday 14 November
michele654
Vulnerabilities
New Alerts for IBM and Linux. A welcome quiet after a busy couple of weeks. IBM  A command injection vulnerability in IBM InfoSphere DataStage was addressed. CVSSv3 score of 9.8More info. Linux  Alpine Linux has released version 3.16.3. More info. Security Wizardry Cyber Threat Intelligence - The Radar Page https://radar.securitywizardry....
New Vulnerabilities Friday 11 November
michele654
Vulnerabilities
New Alerts for Omron, Moxa, Belden, Microsoft Edge, Dell, NetApp, and Linux. Omron  An Active Debug Code vulnerability exists in the NJ/NX-series Machine Automation Controllers. A remote attacker can illegally access the controllers and use the vulnerability to cause a DoS or RCE. CVSSv3 score of 8.3More info. And here.Use of Hard-coded Creden...
New Vulnerabilities Thursday 10 November
michele654
Vulnerabilities
New Alerts for Apple, IBM, Cisco, Hitachi, Tenable, and Linux. Apple  Apple has published updates for iOS, iPadOS, and macOS Ventura that fixes vulnerabilities in libxml2.More info. And here. And here. IBM  IBM QRadar Network Packet Capture, IBM QRadar Assistant app for IBM QRadar SIEM, IBM Cloud Pak for Security, includes components with...
New Vulnerabilities Wednesday 09 November
michele654
Vulnerabilities
Monthly Patches are out for Microsoft. New Alerts for Intel, Citrix, VMware, Google Chrome, Veeam, Brocade, and Linux.        Adobe had no Monthly Patches this cycle.     Palo Alto Network Monthly Patches should be out this afternoon. Microsoft Exploit Monthly Patches are out, with 68 vulnerabilitie...
New Vulnerabilities Tuesday 08 November
michele654
Vulnerabilities
Monthly Patches are out for Siemens, Schneider Electric, Qualcomm, Google Android, Google Pixel, Samsung, and SAP. New Alerts for NETGEAR and Linux.       This afternoon Microsoft and Adobe Monthly Patches should be out.  Tomorrow is Palo Alto Networks. Schneider Electric  Monthly Patches are out, with 1 new bulletin a...
New Vulnerabilities Monday 07 November
michele654
Vulnerabilities
Monthly Product Security Bulletin is out for Mediatek. New Alerts for Wiesemann & Theis, NetApp, and NETGEAR.   Because last week's Tuesday was the 1st, and Qualcomm publishes their monthly bulletin on the first Monday, Tomorrow is Monthly Patch Day for 8 vendors, including Qualcomm, Google Android, Samsung, Microsoft, Adobe, SAP, Siemens,...
New Vulnerabilities Friday 04 November
michele654
Vulnerabilities
New Alerts for ETIC Telecom, Tenable, IBM, Dell, VMware, and Linux. ETIC Telecom  ETIC Telecom Remote Access Server contains several vulnerabilities, including Insufficient Verification of Data Authenticity, Path Traversal, and Unrestricted Upload of File with Dangerous Type. Successful exploitation of these vulnerabilities could allow an atta...
Digital Isle 2022
Kelsey Chalmers
Technical
CND is excited to announce that we will be at Digital Isle on 10th November. Digital Isle was created to support the tech sector, developing and implementing a strategy to support sustainable economic growth and establishing the Island as a centre of international excellence for the digital economy. Our very own CTO, Jeff, will be providing a lectu...
New Vulnerabilities Thursday 03 November
michele654
Vulnerabilities
Quarterly Patches are out for Splunk. New Alerts for Cisco, CODESYS, SICK, IBM, PHP, and HCL Software. Cisco  Cisco has published 11 new bulletins, 4 rated High and 7 rated Medium. Highest CVSSv3 score of 8.8More info. A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attac...
New Vulnerabilities Wednesday 02 November
michele654
Vulnerabilities
Monthly Patches are out for Fortinet. New Alerts for OpenSSL, Dell, Google LTS ChromeOS, and Linux.      Splunk Quarterly Patches were pushed to today. OpenSSL  OpenSSL released version 3.0.7, which patches two related vulnerabilities rated as High. Although originally rated Critical, it was determined the complexity to exploit ...
New Vulnerabilities Tuesday 01 November
michele654
Vulnerabilities
New Alerts for Microsoft Edge (Exploit), Hitachi, ClamAV, VMware, Apache, Kaspersky, and Linux. Microsoft  Microsoft has updated Edge to include the latest chromium fix for an actively exploited vulnerability.More info. Hitachi  Hitachi has updated NetBackup in JP1/VERITAS. More info. ClamAV  ClamAV has updated to fix 3 vulnerabiliti...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/