CND News and Blog

New Vulnerabilities Wednesday 05 October
michele654
Vulnerabilities
New Alerts for IBM and Google ChromeOS. IBM  Vulnerabilities in React, webpack and Node.js modules affect Tivoli Netcool/OMNIbus WebGUI. Highest CVSSv3 score of 9.8More info.The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is vulnerable to RCE. CVSSv3 score of 9.8M...
New Vulnerabilities Tuesday 04 October
michele654
Vulnerabilities
Monthly Patches are out for Qualcomm, Google Android, Google Pixel, and Samsung. New Alerts for Microsoft Edge, Dell, and StrongSwan.  Qualcomm  Monthly Patches are out for Qualcomm, with 12 bulletins. Two are rated Critical, 7 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.8More info. Google  Android Monthly Patches are o...
New Vulnerabilities Monday 03 October
michele654
Vulnerabilities
New Alerts for Microsoft (Exploit patched), MediaTek Monthly Patches, and NetApp. Microsoft Exploit (Patch) Microsoft has patched the Exchange Server RCE vulnerabilities. Note that authenticated user access is required.More info. And here. MediaTek Monthly Patches MediaTek has published their monthly patches with 2 vulnerabilities rated High and 9 ...
New Vulnerabilities Friday 30 September
michele654
Vulnerabilities
New Alerts for ZGR and WithSecure/F-Secure. ZGR  Four vulnerabilities in ZGR TPS200 NG have been identified, including Improper Access Control, exposure of sensitive information, and CSRF. Highest CVSSv3 score of 10.More info. WithSecure  Multiple DoS vulnerabilities were discovered in F-Secure & WithSecure products whereby the aerdl....
New Vulnerabilities Thursday 29 September
michele654
Vulnerabilities
New Alerts for Cisco, Mitsubishi Electric, Brocade, and Linux. Cisco  Cisco has published 21 new bulletins, 13 rated High and the rest Medium. Highest CVSSv3 score of 8.6More info.A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an u...
New Vulnerabilities Wednesday 28 September
michele654
Vulnerabilities
New Alerts for Google Chrome, HPE Unix, Aruba, and HCL Software. Google  Google has updated Chrome for Desktop with 20 security fixes.More info.Microsoft is aware. More info. HPE  Multiple security vulnerabilities have been identified in HP-UX OpenSSL. These vulnerabilities may cause local and remote DoS, arbitrary command execution or sc...
New Vulnerabilities Tuesday 27 September
michele654
Vulnerabilities
New Alerts for Advantech, Veritas, NetApp, and Linux. Advantech  An SQL injection vulnerability in Advantech iView. An unauthenticated remote attacker bypass checks to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. CVSSv3 score of 9.8More info. Veritas  The NetBackup Pr...
New Vulnerabilities Monday 26 September
michele654
Vulnerabilities
New Alerts for Sophos (Exploit), Carlo Gavazzi Controls, NetApp, and IBM. Sophos Exploit A code injection vulnerability allowing remote code execution was discovered in the User Portal and Webadmin of Sophos Firewall. The vulnerability has been fixed. CVSSv3 score of 9.8More info. Carlo Gavazzi Controls  The UWP 3.0 family of Monitoring G...
New Vulnerabilities Friday 23 September
michele654
Vulnerabilities
New Alerts for Dell and Linux. Dell  Dell has published updates for VxRail for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.More info. Linux  Oracle Linux has updated the kernel More info.Ubuntu has updated the kernel. More info. Security Wizardry ...
New Vulnerabilities Thursday 22 September
michele654
Vulnerabilities
New Alerts for Rockwell Automation, IBM, HP, BIND, and Linux. Rockwell Automation  A vulnerability in the ThinManager ThinServer software could allow an attacker to make the software unresponsive or execute arbitrary code. CVSSv3 score of 8.1More info. IBM  Postgresql is shipped with IBM Tivoli Netcool Impact and contains security vulnera...
New Vulnerabilities for Wednesday 21 September
michele654
Vulnerabilities
New Alerts for Dataprobe, Bosch, Microsoft, VMware, Mozilla, Dell, Tenable, and Linux. Dataprobe  Dataprobe iBoot-PDU FW contains multiple vulnerabilities, including: OS Command Injection, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Improper Access Control, Improper Authorization, Incorrect Authorization, and SS...
New Vulnerabilities Tuesday 20 September
michele654
Vulnerabilities
New Alerts for Festo, Zyxel, Mozilla Thunderbird, and Linux. Festo  Festo control block CPX-CEC-C1 and CPX-CMXX allow unauthenticated, remote access to critical webpage functions which may cause a DoS. CVSSv3 score of 7.5No updates, replace the product.More info. Zyxel  Zyxel has released patches for GS1900 series switches affected by an ...
New Alerts Monday 19 September
michele654
Vulnerabilities
New Alerts for IBM, HPE, WithSecure, and Linux. IBM  Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and MitM attacks may affect Spectrum Protect Plus and Spectrum Copy Data Management. Highest CVSSv3 score of 9.8.More info. And here.Apache Commons Configuration could allow a remote attacker...
New Vulnerabilities Friday 16 September
michele654
Vulnerabilities
New Alerts for Microsoft Edge, Synology, NetApp, Node.js, and Linux. Microsoft  Microsoft has updated Edge with the latest chromium updates.More info. NetApp  NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8 All vulnerabilities are public, onl...
New Vulnerabilities Thursday 15 September
michele654
Vulnerabilities
Monthly Patches are out for Palo Alto Networks. New Alerts for Cisco, BD, Google Chrome, Zoom, and Linux. Palo Alto Networks  Palo Alto Networks Monthly Patches are out, with 1 bulletin rated Medium and 3 Informational bulletins. CVSSv3 score of 5.5More info. Cisco  Cisco has published three new bulletins, all requiring authentication or ...
New Vulnerabilities Wednesday 14 September
michele654
Vulnerabilities
Monthly Patches for Microsoft and Adobe. New Alerts for Delta Industrial Automation, Kingspan, Brocade, and Linux. Microsoft Exploit Microsoft Monthly Patches are out, with 79 vulnerabilities, 5 are critical with CVSSv3 scores of 9.8, 2 were previously disclosed, and 1 privilege escalation vulnerability is already being exploited.More info. And her...

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.