Alert Details

Computer Network Defence Alert State


secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.



Current Alerts


A critical error condition which can occur when a nameserver is constructing a response.  A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.
More info.

OpenSUSE has updated.  More info.
RedHat has updated.  More info.
Debian updated.  More info.
Ubuntu updated.  More info.
BlueCat has updated.  More info.

F5 has published a bulletin, no patches.  More info.

SuSE has patched.  More info.
CentOS has updated.  More info.
Oracle Linux has updated.  More info.


Local file inclusion and a plain text storage of password vulnerabilities have been identified in American Auto-Matrix’s Building Automation Front-End Solutions application.  User logins and passwords presented in plain text provide an attacker authenticated credentials to all aspects of the system.  There are two versions, one is EOL and one has an update available.
More info.


Google has updated Chrome with 3 security fixes, one marked High.
More info.








There is a remote code execution vulnerability in the Cobalt Strike team server. A hot fix that breaks this particular exploit chain is available. Active exploitation is being reported.
More info.


Novell has patched a java deserialization vulnerability in Sentinel.
More info.


BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.

More info.

BIG-IP devices using CGNAT: NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration.
More info.

A remote attacker may be able to cause a denial-of-service (DoS) attack for an ARX system via a crafted Postscript stream.  No patch for this issue from 2014.
More info.


16 new and 2 updated bulletins from Cisco.
More info.






Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.


ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.


Return to the top of the Alert Details Page


Go to the Radar Page                                                 cndlogo 150x150



Useful Links


These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

Any other comments on our site or the Radar Page are welcome as well!