Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  

Current Alerts

AlertTitleNovell

Patch for Identity Manager 4.5 JDBC Fanout.
More info.

AlertTitleOracle

Oracle Quarterly patches are out.  If it's Oracle, there's a patch...
9 new security fixes for the Oracle Database Server.  5 of these vulnerabilities may be remotely exploitable without authentication.
40 new security fixes for Oracle Fusion Middleware.  35 of these vulnerabilities may be remotely exploitable without authentication.
1 new security fix for Oracle Hyperion.  This vulnerability is remotely exploitable without authentication.
10 new security fixes for Oracle Enterprise Manager Grid Control.  7 of these vulnerabilities may be remotely exploitable without authentication.
23 new security fixes for the Oracle E-Business Suite.  21 of these vulnerabilities may be remotely exploitable without authentication.

25 new security fixes for the Oracle Supply Chain Products Suite.  13 of these vulnerabilities may be remotely exploitable without authentication.
7 new security fixes for Oracle PeopleSoft Products.  5 of these vulnerabilities may be remotely exploitable without authentication.
1 new security fix for Oracle JD Edwards Products.  This vulnerability is remotely exploitable without authentication.
16 new security fixes for Oracle Siebel CRM.  6 of these vulnerabilities may be remotely exploitable without authentication.
16 new security fixes for Oracle Communications Applications.  10 of these vulnerabilities may be remotely exploitable without authentication.
4 new security fixes for Oracle Financial Services Applications.  3 of these vulnerabilities may be remotely exploitable without authentication.
5 new security fixes for Oracle Health Sciences Applications.  1 of these vulnerabilities may be remotely exploitable without authentication.
8 new security fixes for Oracle Insurance Applications.  None of these vulnerabilities may be remotely exploitable without authentication.
16 new security fixes for Oracle Retail Applications.  6 of these vulnerabilities may be remotely exploitable without authentication.
3 new security fixes for Oracle Utilities Applications.  None of these vulnerabilities may be remotely exploitable without authentication.
4 new security fixes for Oracle Policy Automation.  None of these vulnerabilities may be remotely exploitable without authentication.
15 new security fixes for the Oracle Primavera Products Suite.  8 of these vulnerabilities may be remotely exploitable without authentication.
13 new security fixes for Oracle Java SE.  9 of these vulnerabilities may be remotely exploitable without authentication.
34 new security fixes for the Oracle Sun Systems Products Suite.  21 of these vulnerabilities may be remotely exploitable without authentication.
4 new security fixes for Oracle Virtualization.  3 of these vulnerabilities may be remotely exploitable without authentication.
22 new security fixes for Oracle MySQL.  3 of these vulnerabilities may be remotely exploitable without authentication.
More info.

There are 14 new security fixes for Oracle Solaris.  12 of these vulnerabilities may be remotely exploitable without authentication.
More info.

There are 27 new security fixes for Oracle Linux.  20 of these vulnerabilities may be remotely exploitable without authentication.
More info.

There are 86 new security fixes for Oracle VM Server for x86.  65 of these vulnerabilities may be remotely exploitable without authentication.
More info.

UPDATE:
RedHat has updated Java.  More info.
CentOS has updated Java.  More info.

UPDATE 2:
Ubuntu has updated MySQL.  More info.
Debian has updated MySQL.  More info.

AlertTitleLenovo

SanDisk’s firmware used to erase the data on these SSDs did not meet Lenovo’s specifications and it was determined that even after running the ThinkPad Drive Erase Utility for the Resetting the Cryptographic Key and the Erasing the Solid State Drive or executing the Secure Erase function in the BIOS, data on the impacted SanDisk drives may potentially be recoverable under certain conditions. For example, a hacker would need physical possession of a discarded SSD and know how to recover data from it.
More info.

AlertTitleHP

A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS).
More info.

AlertTitleNetwork

The Network ASN1.C issue has been publicized for days.  Now vendors are starting to put out their statements.

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. Cisco is promising a patch soon.
More info.

Huawei was notified about the information of heap overflow vulnerability in code generated by Objective Systems ASN1C (CVE-2016-5080). Huawei immediately launched a thorough investigation.
More info.

AlertTitleNessus

SecurityCenter uses third-party libraries to provide certain standardized functionality. Two of these libraries were found to contain vulnerabilities and were fixed upstream.
More info.

AlertTitleCisco

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could allow an authenticated, remote attacker to execute arbitrary commands.
More info.

AlertTitleRSA

RSA Security Analytics Security Update for Multiple Embedded Components
More info. (login required to see bulletin)

AlertTitleChrome

Google has published a new version of Chrome that includes 48 security fixes.

More info.

AlertTitleIBM

IBM InfoSphere Information Server Framework, Information Server Governance Catalog and Information Server Business Glossary are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
More info.

AlertTitleCA
CA has published a security bulletin about CA eHealth.  Details require a login.

More info.
 

AlertTitleBlank

 
 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/