Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Friday 26 July 2024
Microsoft
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Microsoft has updated Edge to correct the latest chromium vulnerabilities and 2 Edge specific updates.
More info.
NetApp
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
New
NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8
No patches yet.
More info.
Thursday 25 July 2024
Tanzu
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
Tanzu has been updated with 14 bulletins marked Medium. Several allow a remote attacker to cause a DoS.
More info. (login required)
Positron
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
New
Broadcast Signal Processor TRA7005 contains an Auth Bypass vulnerability. CVSSv4 score of 8.7
No response from vendor.
More info.
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Acronis
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Acronis Cyber Infrastructure has an RCE vulnerability due to default passwords. CVSSv3 score of 9.8
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Wednesday 24 July 2024
Microsoft
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM QRadar Network Packet Capture includes third-party software with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
BIND
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
BIND has 4 vulnerabilities that have been patched. Highest CVSSv3 score of 7.5
More info.
HPE
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Chrome for Desktop has been updated to fix 24 security vulnerabilities.
More info.
NVidia
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
NVIDIA has released a firmware update for NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XC. Highest CVSSv3 score of 7.5
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Tuesday 23 July 2024
Siemens
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Multiple SICAM products are affected by unauthorized password reset and firmware downgrade vulnerabilities. Highest CVSSv4 score of 9.3
Note this is out of cycle for Siemens.
More info.
HPE
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
A security vulnerability has been identified in certain HPE ProLiant DL/ML/SY/XL and Alletra Servers. The vulnerability could be remotely exploited to allow OOB write. CVSSv3 score of 9.8
More info.
PyTorch
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Dell
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Data Protection Advisor remediation is available for multiple vulnerabilities in third-party software. Dell rates this Critical.
More info.
BD
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
BD has published security updates for Identity Provider Manager, Data Agent, and Alaris products.
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Monday 22 July 2024
Meinberg
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
The LANTIME firmware update includes security updates of various third party libraries and programs.
More info.
Tenda
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
New
Tenda AX2pro could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Routing functionality. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
More info.
NetApp
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
New
NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
No patches yet.
More info.
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM Storage Ceph is vulnerable to assorted vulnerabilities in Grafana. Highest CVSSv3 score of 9.8
More info.
Subnet
Solutions
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
PowerSYSTEM Center contains a Prototype Pollution vulnerability. CVSSv4 score of 6.9
Although the CVSS score shows no privilege required, the description references an authenticated attacker.
More info.
Friday 19 July 2024
SolarWinds
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Access Rights Manager has been updated and fixes 13 vulnerabilities. Highest CVSSv3 score of 9.6
Note ZDI rates several vulnerabilities at 10
More info.
Philips
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Vue PACS contains several vulnerabilities, including: Out-of-bounds Write, Deserialization of Untrusted Data, Uncontrolled Resource Consumption, Use of Default Credentials, Exposure of Sensitive Information to an Unauthorized Actor. Highest CVSSv4 score of 9.3
Upgrades have been available since 2023, however this is the first reporting of this issue.
More info. And here.
Mitsubishi
Electric
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
A DoS vulnerability due to OpenSSL vulnerability exists in MELSOFT MaiLab. A remote attacker can cause a DoS by sending a specially crafted message authentication code. CVSSv3 score of 5.9
More info.
Microsoft
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Microsoft has updated Edge with the latest Chromium updates.
More info.
Bosch
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
PRC7000 firmware uses OpenSSH, and is vulnerable to RCE.
More info.
Ivanti
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
Endpoint Manager for Mobile has been updated to fix several vulnerabilities. Highest CVSSv3 score of 8.8
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Thursday 18 July 2024
Cisco
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Cisco has published 9 new bulletins, 2 rated Critical, 3 rated High, and 4 rated Medium. Highest CVSSv3 score of 10.
More info.
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem could allow a remote attacker to change the password of any user, including administrative users. CVSSv3 score of 10.
More info.
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow a remote attacker to overwrite arbitrary files on the underlying operating system. CVSSv3 score of 9.8
More info.
SonicWall
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Apache
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
Apache HTTP Server has been updated to fix 2 vulnerabilities rated Important. CVSSv3 score of 5.9
More info.
Dell
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Dell ECS remediation is available for multiple security vulnerabilities. Dell rates this Critical.
More info.
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM Security Guardium is affected by multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Mitel
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
A command injection vulnerability in the Platform Webservice component of Unify OpenScape 4000 and Unify OpenScape 4000 Manager could allow a remote attacker to execute arbitrary commands within the context of the system. This is rated Critical.
More info.
A command injection vulnerability in the Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager, could allow a remote attacker to conduct a command injection attack. This is rated Critical.
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Ubuntu has updated the kernel. More info.
Wednesday 17 July 2024
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Google has updated Chrome for Desktop to fix 10 security vulnerabilities.
More info.
Atlassian
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Atlassian has published security updates for Bamboo Data Center and Server, Confluence Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server.
More info.
Rockwell
Automation
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
A Major nonrecoverable fault exists in 5015 – AENFTXT. An input validation vulnerability exists in the affected products when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. CVSSv4 score of 8.7
More info.
An input validation vulnerability exists in the SequenceManager Server that allows a remote attacker to cause a DoS. CVSSv4 score of 8.7
More info.
Dell
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Tuesday 16 July 2024
Oracle
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Oracle Critical Patch Update will be released this afternoon. The Pre-Release shows 353 security vulnerabiliities patched, with 246 remotely exploitable without authorization. Highest CVSSv3 score of 9.8
More info.
Tanzu
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
Patch
Tanzu has published 21 bulletins, all rated Medium, identifying vulnerabilities in third-party software included in the products.
More info.
Microsoft
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Microsoft has updated Edge to incorporate the latest security updates for Chromium and 1 additional Edge-specific update.
More info.
Dell
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Data Protection Search remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.
HPE
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Security vulnerabilities have been identified in HPE Unified OSS Console Assurance Monitoring that could be exploited to allow Remote Arbitrary Code or Command Execution, Local Elevation of Privilege, Local Memory Corruption, Local Buffer Overflow and Local Input Validation Vulnerability. Highest CVSSv3 score of 9.8
More info.
Security vulnerabilities have been identified in HPE ProLiant DL/ML/XL, Synergy, Edgeline and Alletra Servers. These vulnerabilities could be locally and remotely exploited to allow DoS. Highest CVSSv3 score of 5.5
More info.
Alcatel-
Lucent
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Several vulnerabilities have been discovered in OpenSSH that affect FlexLM, OmniPCX Enterprise CS, ALE Enterprise Desk Phones, ALE-2/ALE-3, and H3/H6/M8.
More info.
Linux
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Monday 15 July 2024
Tanzu
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
Tanzu has published several bulletins identifying vulnerabilities in third-party software included in the products.
More info.
NetApp
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
New
NetApp has published 5 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.1
No patches yet.
More info.
IBM
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
IBM QRadar SIEM includes vulnerable components that could be identified and exploited with automated tools. Highest CVSSv3 score of 9.8
More info.
Vulnerability in pdfmake could allow a remote attacker to execute arbitrary code on the system, which could affect IBM Spectrum Control. CVSSv3 score of 9.8
More info.
Protobuf is used by IBM Storage Ceph, and contains a vulnerability. CVSSv3 score of 9.8
More info.
Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager and IBM Security Verify Governance - Identity Manager virtual appliance. Highest CVSSv3 score of 9.8
More info.
Potential code execution vulnerability in Node.js IP package has been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. CVSSv3 score of 9.8
More info.
Check Point
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
An RCE vulnerability in the OpenSSH server included in Quantum Spark appliances can cause an unauthenticated RCE that grants full root access.
More info.
PRODUCT
![](/templates/yootheme/cache/80/CND-blue-80e036a7.jpeg)
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT
![](/templates/yootheme/cache/6e/CND-yellow-6e621ac0.jpeg)
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT
![](/templates/yootheme/cache/8c/CND-red-8ceeef61.jpeg)
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.
![](/templates/yootheme/cache/79/CND-orange-797f48fc.jpeg)
Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.
![](/templates/yootheme/cache/8c/CND-red-8ceeef61.jpeg)
ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.