Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Thursday 13 February 2025


Google

Patch

Google has updated Chrome for Desktop to fix 4 security vulnerabilities.
More info.

Microsoft is aware. More info.


Palo Alto
Networks

Patch

Monthly Patches inculde 10 bulletins, 2 rated High, 6 rated Medium, 2 rated Informational. Highest CVSSv3 of 7.8
More info.


HPE

Patch

Security vulnerabilities have been identified in Unified OSS Console and Unified OSS Console Assurance Monitoring, allowing a remote attacker to achieve code execution and DoS.  Highest CVSSv3 score of 9.8
More info.


PostgreSQL

Patch

Improper neutralization of quoting syntax in PostgreSQL functions allows a database input provider to achieve SQL injection in certain usage patterns. CVSSv4 score of 8.1
More info.


Citrix

Patch

NetScaler ADC, NetScaler Gateway, and NetScaler Console contain theRegreSSHion vulnerability. CVSSv3 score of 8.1
More info.


Hitachi

Patch

Cosminexus Developer's Kit for Java has been updated to fix a security vulnerability. CVSSv3 score of 4.8
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated kpatch. More info.


  

Wednesday 12 February 2025


Microsoft

Patch

Monthly Patches include 141 vulnerabilities, 4 rated Critical, 2 are currently being exploited in the wild, and 1 has been previously disclosed, marking it as a zero-day. Highest CVSSv3 score of 9.0
More info. And here.


Adobe

Patch

Monthly Patches have been published for InDesign, Commerce, Substance 3D Stager, InCopy, Illustrator, Substance 3D Designer, and Photoshop Elements. Highest CVSSv3 of 9.4
More info.


Fortinet

Patch

Monthly Patches include 14 new bulletins affecting their products.  Highest CVSSv3 score of 8.1
More info.


Juniper
Networks

Patch

An authentication bypass vulnerability in Juniper Networks Session Smart Router may allow a remote attacker to bypass authentication and take administrative control of the device. CVSSv4 score of 9.3
More info.


Ivanti

Patch

Monthly Patches include updates for Cloud Service Application, Neurons for MDM, and Connect Secure, Policy Secure and Secure Access Client. Highest CVSSv3 score of 9.9
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Oracle LInux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.


  

Tuesday 11 February 2025


Siemens

Patch

Monthly Patches include 23 bulletins, 14 new and 9 updated. Of the new bulletins, highest CVSSv4 score of 9.4
More info.

SIMATIC S7-1200 CPU family is affected by two denial of service vulnerabilities. Highest CVSSv4 score of 8.7
More info.

Tableau Server component in Opcenter Intelligence contains multiple vulnerabilities. Highest CVSSv4 score of 9.4
More info.

Affected products do not invalidate user sessions upon user logout. This could allow a remote  attacker to re-use a legitimate user's session even after logout. CVSSv4 score of 8.7
More info.

SCALANCE W-700 IEEE 802.11ax devices are affected by multiple vulnerabilities. Highest CVSSv4 score of 8.6
More info.


Schneider
Electric

Patch

Monthly Patches include 6 bulletins, 4 new and 2 updated. Of the new, highest CVSSv4 of 8.7
More info.

Multiple vulnerabilities exist in its ASCO 5310 Remote Annunciator and ASCO 5350 Remote Annunciator products. Highest CVSSv4 score of 8.7
More info.


SAP

Patch

Monthly Patches include 21 Security Notes, 19 new and 2 updated.  Highest CVSSv3 score of 8.7
More info.


Apple

0-Day

Apple has published security updates for iOS and iPadOS. Exploits have been seen.
More info.


Dell

Patch

Dell has published Critical bulletins for Avamar, Networker Virtual Edition and PowerProtect DP Series Appliance.
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


  

Monday 10 February 2025


OPC

Patch

UA.NET Standard Stack has been updated to fix 2 security vulnerabilities. Highest CVSSv3 score of 6.5
More info.


WithSecure

Patch

A DoS vulnerability was discovered in WithSecure Atlant Product.
More info.


NetApp

Patch

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. CVSSv4 score of 7.5
Three have patches.
More info.


IBM

Patch

IBM has published Critical bulletins for watsonx.data, QRadar SIEM, and Db2 Warehouse.
More info.


Linux

Patch

SUSE has updated rsync. More info.
OpenSUSE has updated rsync. More info.
Red Hat has updated the kernel-rt. More info.
Ubuntu has fixed a regression in rsync. More info.
Amazon Linux, Amazon Linux 2, and Amazon Linux 2023 have updated the kernel. More info. And here. And here.
AlmaLinux has updated the kernel and kernel-rt. More info.


  

Friday 07 February 2025


Microsoft

Patch

Microsoft has updated Edge with the latest chromium-based fixes.
More info.


Moxa

Patch

EDS, ICS, IKS, and SDS switches are affected by high-severity vulnerabilities that could allow a remote attacker to cause a DoS or cause a system or service crash.  CVSSv4 score of 8.7
More info. And here.


Orthanc

Patch

Orthanc server does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by a remote attacker. CVSSv4 score of 9.2
More info.


Proftpd

Patch

A buffer overflow vulnerability in Proftpd allows a remote attacker to execute arbitrary code and can cause a DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port.
More info. And here.


HP

Patch

HP LaserJet Pro printers may experience a DoS when a remote attacker sends a raw JPEG file to the printer via IPP. CVSSv4 score of 6.9
More info.


Tenable

Patch

Identity Exposure has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 7.7
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Thursday 06 February 2025


F5

Patch

Quarterly Patches include 17 bulletins, 13 rated High, 3 rated Medium, and 1 rated Low.  Highest CVSSv4 score of 8.9
More info.


Cisco

Patch

Cisco has published 8 bulletins, 1 rated Critical, 1 rated High, and 6 rated Medium. Highest CVSSv2 score of 9.9
More info.


ABB

0-Day

ASPECT Enterprise, NEXUS Series, and Matrix Series have a hard-coded credentials vulnerability that could allow a remote attacker to gain unauthorized access and affect confidentiality, integrity and availability. CVSSv4 score of 9.3
These devices are not supposed to be internet-facing.  This has been publicly disclosed.
More info.


IBM

Patch

IBM has published Critical bulletins for Asset Data Dictionary, Instana Observability, Security QRadar EDR, Cloud Pak for Business Automation iFixes, watsonx.data, Cloud Pak for Network Automation, QRadar Suite, Cloud Pak System, Engineering Lifecycle Optimization, Guardium Data Security Center, Security Verify Access, and Spectrum Protect Plus.
More info.


Dell

Patch

Dell has published Critical bulletins for Data Protection Advisor, and Avamar.  High bulletins have been published for CloudBoost Virtual Appliance, and NetWorker vProxy.
More info.


  

Wednesday 05 February 2025


Google

Patch

Monthly Patches for Pixel includes 1 vulnerability rated High, as well as Android patches.
More info.

Chrome for Desktop has been updated to fix 12 security vulnerabilities. More info.

Microsoft is aware of the chromium vulnerabilities. More info.


F5

Patch

F5 has published several bulletins for BIG-IP.  Highest CVSSv4 score of 8.7
More info.


AutomationDirect

Patch

C-more EA9 HMI contains a function that can be skipped, which could result in a remote attacker causing a DoS or achieving RCE. CVSSv4 score of 9.3
More info.


Elber

New

Communications Equipment contains vulnerabilities that could allow a remote attacker unauthorized administrative access to the affected device. CVSSv4 score of 9.3
Equipment is near EoL, and will not be updated.
More info.


Veeam

Patch

A vulnerability within the Veeam Updater component  allows a remote attacker to utilize MitM to execute arbitrary code on the affected appliance server with root-level permissions. CVSSv3 score of 9.0
More info.


Mozilla

Patch

Mozilla has published security updates rated High for Thunderbird, Thunderbird ESR, Firefox, and Firefox ESR.
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


  

Tuesday 04 February 2025


Google

Patch

Monthly Patches for Android include 26 vulnerabilities, all rated High, as well as Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm patches.
More info.


Samsung

Patch

Monthly Patches include 34 vulnerabilities, 1 rated Critical and 33 rated High, as well as Android patches.
More info.


Dell

Patch

Dell has published a Critical bulletin for VxRail.
More info.


WAGO

Patch

WAGO has updated firmware to correct a vulnerability in CODESYS OPC UA Stack. CVSSv3 score of 7.5
More info.


BD

Patch

BD has published security patches for third-party software included in FACSMelody, FACSCelesta, and FACSymphony A3/A5.
More info.


Linux

Patch

OpenSUSE has updated rsync. More info.


  

Monday 03 February 2025


Qualcomm

Patch

Qualcomm Monthly Patches include 6 vulnerabilities, 1 rated Critical, 5 rated High, as well as open source software updates. Highest CVSSv3 score of 8.8
More info.


MediaTek

Patch

MediaTek Monthly Patches include 16 vulnerabilities, 9 rated High and 7 rated Medium.
More info.


Samsung
Semiconductor

Patch

Monthly Patches include 2 vulnerabilities, both rated Medium. Highest CVSSv3 score of 7.5
More info.


NETGEAR

Patch

XR1000, XR1000v2, and XR500 contains a vulnerability that allows a remote attacker to conduct RCE. CVSSv3 score of 9.8
More info.


Linux

Patch

Mageia has updated the kernel. More info.


  

Friday 31 January 2025


Contec
Health

New

CMS8000 Patient Monitor contains several vulnerabilities that could allow a remote attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data resulting in remote code execution, or leak patient information and sensor data. Highest CVSSv4 score of 9.3
FDA recommends removing these devices from the network.
More info.


New Rock
Technologies

New

OM500 IP-PBX, MX8G VoIP Gateway, and NRP1302/P Desktop IP Phone contains several vulnerabilities.  Highest CVSSv4 score of 9.3
No response from the vendor.
More info.


Microsoft

Patch

Microsoft has updated Edge to include the latest chromium patches.
More info.


Dell

Patch

Dell has published Critical bulletins for PowerProtect DD, Data Protection Central, VxRail, NetWorker, PowerProtect DP Series Appliance.
More info.


NetApp

Patch

NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Two have patches.
More info.


BD

Patch

BD has published security patches for Accuri C6 Plus.
More info.


  

Thursday 30 January 2025


BIND

Patch

A malicious zone can be used to cause a DoS. CVSSv3 score of 7.5
More info.

DNS-over-HTTPS can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. CVSSv3 score of 7.5
More info.


Medtronic

Patch

RemoteView and RemoteControl used by Medtronic representatives to provide remote support for the CareLink 2090 programmer contains a vulnerability in BeyondTrust. CVSSv3 score of 9.8
More info.


Philips

Patch

PICix uses 7-Zip, which has 2 vulnerabilities. Highest CVSSv4 score of 9.8
More info.


Rockwell
Automation

Patch

An encryption vulnerability exists in FactoryTalk AssetCentre. Highest CVSSv4 score of 9.3
More info.


Lexmark

Patch

Lexmark has published 6 new security bulletins for Lexmark devices.  Highest CVSSv3 score of 9.1
More info.


ABB

Patch

ABB has published a bulletin for FLXEON products that identifies vulnerabilities that allow a remote attacker to take remote control of the product and run arbitrary code. Highest CVSSv4 score of 10
These devices are not meant to be Internet-facing.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


  

Wednesday 29 January 2025


Google

Patch

Google has updated Chrome for Desktop to fix 2 security vulnerabilties.
More info.

Microsoft is aware. More info.


Rockwell
Automation

Patch

Rockwell Automation has updated FactoryTalk View to fix several vulnerabilities, including an RCE. Highest CVSSv4 score of 9.3
More info.

A Credential Exposure vulnerability exists in PowerFlex 755. The vulnerability is due to using HTTP resulting in credentials being sent in clear text. CVSSv4 score of 8.7
More info.

A DoS vulnerability was found in KEPServer. CVSSv3 score of 7.5
More info.


Ruckus
Networks

Patch

Unleashed APs and ZoneDirector contain a number of critical vulnerabilities. Collectively, these vulnerabilities allow a remote attacker to gain shell access to the device.. Highest CVSSv4 score of 9.3
More info.


IBM

Patch

IBM has published Critical bulletins for Tivoli Network Manager and Storage Copy Data Management.
More info.


Moxa

Patch

Multiple PT switches are affected by an out-of-bounds write vulnerability caused by insufficient input validation that could result in a denial-of-service attack.  CVSSv4 score of 8.7
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Red Hat has updated rsync. More info.


  

Tuesday 28 January 2025


Apple

Patch

Apple has published security bulletins for visionOS, iOS, iPadOS, macOS, watchOS, tvOS, and Safari. Highest CVSSv3 score of 8.1
More info.


Hitachi

Patch

Hitachi has published 7 new bulletins and 7 updated bulletins. Of the new bulletins, Highest CVSSv3 score of 9.8
More info.


D-Link

Patch

DSL-3788 contains an Unauthenticated RCE vulnerability.
More info.


  

Monday 27 January 2025


Apache

Patch

Solr contains 2 vulnerabilities, zipslip and use of arbitrary files. CVSSv3 score of 8.8
More info. And here.

The request handling in the core in Apache Wicket allows an attacker to create a DoS via multiple requests to server resources. CVSSv3 score of 9.8
More info.


Microsoft

Patch

Edge has been updated with the latest chromium updates and to fix 1 Edge-specific vulnerability.
More info.


Wind River
Systems

New

The password hashing algorithms used in VxWorks are weak and can be cracked efficiently.
No patches, treated as a feature upgrade.
More info.


Supermicro

Patch

Several security issues have been discovered in Supermicro BMC Firmware. CVSSv3 score of 7.5
More info.


Canon

Patch

Multiple buffer overflow vulnerabilities exist in the Canon Laser Printers and Small Office Multifunctional Printers. Highest CVSSv3 score of 9.1
More info.


NetApp

Patch

NetApp has published 14 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.1
Only 1 has patches.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated rsync. More info.
Amazon Linux 2 and 2023 have updated the kernel. More info. And here.
AlmaLinux has updated the kernel. More info.


  

Friday 24 January 2025


Xerox

Patch

Xerox Workplace Suite has been updated for several security vulnerabilities. Highest CVSSv3 score of 9.8
More info.


QNAP

Patch

Multiple vulnerabilities have been reported in rsync, affecting HBS 3 Hybrid Backup Sync. Highest CVSSv3 score of 8.8
More info.


Juniper
Networks

Patch

Multiple vulnerabilities have been fixed in Juniper Secure Analytics. Highest CVSSv3 score of 9.8
More info.


Ubiquiti

Patch

An Improper Certificate Validation on UniFi OS device, with Identity Enterprise configured allows a remote attacker to execute a MitM attack during application update.. CVSSv3 score of 5.9
More info.


IBM

Patch

IBM has published a Critical bulletin for Engineering Lifecycle Optimization. Highest CVSSv3 score of 9.8
More info.


Jenkins

Patch

Jenkins has published an update that fixes several vulnerabilities. Highest CVSSv3 score of 8.8
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.


  

Thursday 23 January 2025


Cisco

Patch

Cisco has published 3 new bulletins, 1 rated Critical, 1 High, and 1 Medium.  Highest CVSSv3 score of 9.9
More info.

A vulnerability in the SIP processing subsystem of  BroadWorks could allow a remote attacker to halt the processing of incoming SIP requests, resulting in a DoS. CVSSv3 score of 7.5
More info.

A vulnerability in the OLE2 decryption routine of ClamAV could allow a remote attacker to cause a DoS. CVSSv3 score of 5.3
More info.


mySCADA

Patch

myPRO contains an OS Command Injection vulnerability that allows a remote attacker to execute arbitrary commands or disclose sensitive information. Highest CVSSv4 score of 9.3
More info.


Google

Patch

Chrome for Desktop has been updated to fix 3 security vulnerabilities.
More info.


SonicWall

Patch

A pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 AMC and CMC, which could enable a remote attacker to execute arbitrary OS commands. CVSSv3 score of 9.8
More info.


M-Files

Patch

Three bulletins have been published identifying vulnerabilities in M-Files Server, the worst of which allows a remote attacker to consume computing resources. Highest CVSSv4 score of 6.3
More info.


ClamAV

Patch

A possible buffer overflow read bug in the OLE2 file parser could cause a DoS. CVSSv3 score of 5.3
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.
Red Hat has updated rsync. More info.


  

Wednesday 22 January 2025


Oracle

Patch

Quarterly Patches include fixes for 318 vulnerabilities, 184 remotely exploitable without authentication. Highest CVSSv3 score of 9.9
More info.


phpMyAdmin

Patch

Three new bulletins have been published, identifying a DoS and XSS vulnerabilities.
More info.


OVN

Patch

OVN is vulnerable to allowing crafted UDP packets to bypass egress ACL rules. This can result in unauthorized access to virtual machines and containers running on the OVN network.
More info.


Mitel

Patch

Mitel has published 2 new bulletins affecting MiContact Center Business and OpenScape 4000.
More info.


I-O Data

Patch

I-O Data has updated UD-LT2 hybrid router to fix 3 security vulnerabilities.  Highest CVSSv3 score of 7.5
More info. And here.


Node.js

Patch

Three vulnerabilities, 1 rated High and 2 rated Medium, have been fixed in the latest version.
More info.


HAProxy

Patch

HAProxy Fusion has been patched for rsync.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.
Mageia has updated rsync. More info.


  

Tuesday 21 January 2025


BD

Patch

BD has published updates for third-party patches in Pyxis and CCE.
More info.


IBM

Patch

IBM has published a Critical bulletin for Instana Observability.
More info.


  

Monday 20 January 2025


Google

Patch

Google has updated ChromeOS to fix vulnerabilities in the included Chrome browser.
More info.


Microsoft

Patch

Microsoft has updated Edge to include the latest chromium fixes.
More info.


HPE

Patch

A security vulnerability has been fixed in Telco Service Orchestrator software that a remote attacker could exploit for unauthorized data injection. CVSSv3 score of 5.3
More info.


F5

New

Traffix SDC contains a vulnerability that allows a remote attacker to bypass authentication and gain unauthorized access to sensitive information or privilege escalation. CVSSv3 score of 9.8
No patches yet.
More info.

Traffix SDC contains a vulnerability in Apache Tomcat that allows a remote attacker to gain access to the information leaking from a previous request/response. CVSSv3 score of 5.3
No patches yet.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
No patches yet.
More info.


Linux

Patch

SUSE has updated rsync. More info.
OpenSUSE has updated rsync. More info.


  

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.