The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. VMware rates this Critical, CVSSv3 score of 9.8.
More info. And CISA bulletin is here.
A vulnerability in the OPC UA Legacy Java Stack that allows a remote attacker to send messages that prevent a server from accepting new requests, resulting in a DoS. CVSSv3 score of 7.5
More info.
Apple has published a security update for iTunes for Windows.
More info.
Dell Technologies PowerProtect DataDomain has been updated to correct an iDRAC9 VNC Console authentication vulnerability. CVSSv3 score of 9.6
More info.
Dell EMC Enterprise Hybrid Cloud has been updated to correct the latest VMware vulnerability that may be exploited by remote attackers to compromise the affected system. CVSSv3 score of 9.8
More info.
Traffix SDC contains a vulnerability in Cyrus SASL that allows an attacker to run arbitrary SQL commands. CVSSv3 score of 8.6
More info.
ISC BIND is vulnerable to a denial of service, caused by an assertion failure when a TLS connection to a configured http TLS listener with a defined endpoint is ended prematurely. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a DoS. CVSSv3 score of 7.5
More info.
Red Hat has updated the kernel. More info.
Multiple DoS vulnerabilities exist in MELSEC iQ-F series CPU module. These vulnerabilities could allow a remote attacker to cause a DoS condition for a product's program execution or communication. In one instance a system reset is required to recover. Highest CVSSv3 score of 8.6.
More info.
In Spring Security RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers allowing an authorization bypass. CVSSv3 score of 8.2
More info.
OpenSUSE has updated the kernel. More info.
SonicWall SSLVPN SMA1000 series appliances are affected by multiple vulnerabilities, including an unauthenticated access control bypass, and a shared and hard-coded encryption key. Highest CVSSv3 score of 8.2.
More info.
Microsoft has updated chromium-based Edge to include the latest chromium security updates.
More info.
NetApp has published 6 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.
SUSE has updated the kernel. More info.
Cambium Networks cnMaestro contains multiple vulnerabilities, including OS Command Injection, SQL Injection, Path Traversal, and Use of Potentially Dangerous Function, Successful exploitation of these vulnerabilities could allow a remote attacker to gain RCE, sensitive data exfiltration, and complete takeover of the main multi-tenant cloud infrastructure. Highest CVSSv3 score of 9.8
More info.
InHand Networks has confirmed the vulnerabilities impacting the Industrial Router IR302, which will allow attackers to execute arbitrary commands, file uploading, increase privileges or steal cookies via specific request. Highest CVSSv3 score of 9.9
More info.
Apache Tomcat has a Request Mix-up vulnerability that could result in connections using the same object concurrently which could result in information disclosure. Apache rates this High.
More info.
Zyxel has released patches for an OS command injection vulnerability. CVSSv3 score of 9.8
More info.
Monthly Patches are out for Palo Alto Networks, with 4 bulletins, 1 rated High and 3 rated Medium. Highest CVSSv3 score of 7.2
More info.
MELSOFT iQ AppPortal is affected by vulnerabilities in third party software used by the server software VisualSVN Server. Exploits for these vulnerabilities may allow a remote attacker to disclose or tamper with information with the product, cause a DoS, or execute malicious programs. Highest CVSSv3 score of 9.8
More info.
Dell has published an update for EMC iDRAC9 the corrects an Improper Authentication vulnerability that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical. CVSSv3 score of 9.6
More info.
Dell Unity, Dell UnityVSA, and Dell Unity XT contain a XSS vulnerability that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical. CVSSv3 score of 6.1
More info.
Xerox has updated FreeFlow Print Server v2 to include security fixes for Windows 10, OpenJDK, and Firefox.
More info.
Ubuntu has updated the kernel. More info.
Microsoft Monthly Patches are out, with 75 vulnerabilities. Of these, 8 are Critical, 3 were previously disclosed, and one is already being exploited. Highest CVSSv3 score of 9.8
More info. And here. And here.
Windows Network File System and Windows LDAP contain remotely exploitable RCE vulnerabilities. CVSSv3 score of 9.8
More info. And here.
Adobe Monthly Patches include updates Critical vulnerabilities in Character Animator, ColdFusion, InDesign, Framemaker, and InCopy.
More info.
Adminer database management tool used in Industrial products contains a vulnerability that allows a remote attacker to read database credentials and steal data. CVSSv3 score of 7.5
More info.
Phoenix Contact RAD-ISM-900-EN-BD devices use third-party software with multiple vulnerabilities. CVSSv3 score of 9.1
More info.
TIBCO Managed File Transfer Command Center and Internet Server contain a XXE vulnerability exploitable by remote attackers. CVSSv3 swcore of 8.6
More info.
Information disclosure and DoS vulnerabilities due to out-of-bounds read and integer overflow in OpenSSL exist in the MELSOFT GT OPC UA Client. Highest CVSSv3 score of 7.5
More info.
curl has several Medium and Low vulnerabilities that have been fixed in the latest release.
More info.
Check Point has updated ZoneAlarm Extreme Security to fix a security vulnerability. This is rated Critical.
More info.
Monthly Patches are out for Siemens, with 12 new bulletins and 15 updated bulletins. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities exist in the webserver of SICAM P850 and SICAM P855 devices. These include unauthenticated access to web-interface functionality, missing HTTPS or impersonation as well as cross-site scripting related vulnerabilities. Highest CVSSv3 score of 9.8
More info.
A vulnerability exists in the OPC Foundation Local Discovery Server of several industrial products. A remote attacker could cause a DoS. CVSSv3 score of 7.5
More info.
Desigo PXC3, PXC4, PXC5 and DXR2 devices contain multiple vulnerabilities in the webserver application that could allow an attacker to potentially intercept unencrypted transmission of sensitive information, cause a DoS, or perform RCE. Highest CVSSv3 score of 9.0
More info.
A vulnerability in Desigo DXR and PXC controllers has been identified that could allow an attacker to disable and reset a device to factory state using a DoS. CVSSv3 score of 7.5
More info.
Monthly Patches are out for Schneider Electric with 3 new bulletins and 3 updated bulletins.
More info.
Schneider Electric is aware of multiple vulnerabilities in its Wiser Smart products, including hard-coded credentials, failure to limit authentication attempts, and others. Highest CVSSv3 score of 9.4
More info.
SAP Monthly Patches are out with 10 new Security Notes, and 4 updated notes. Of the new Notes, 3 are rated Hot News, 2 rated High, and 5 rated Medium. Highest CVSSv3 score of 9.8
More info.
Nessus Network Monitor has been updated to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.
The operation management interface of FUJITSU Network IPCOM provided by FUJITSU LIMITED contains multiple vulnerabilities. A remote attacker may execute arbitrary commands, obtain and/or alter sensitive information, or cause a DoS. CVSSv3 score of 9.8
More info.
Rockwell Automation has identified FactoryTalk Linx Gateway as vulnerable to APT cyber tools targeting ICS/SCADA devices (PIPEDREAM/INCONTROLLER).
More info.
Multiple vulnerabilities in VMware vCenter plugins affect IBM Cloud Pak System. Highest CVSSv3 score of 9.8
More info.
A vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands. QNAP rates this Critical.
More info.
A vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. QNAP rates this High.
More info.
Multiple vulnerabilities have been reported to affect QTS, QuTS hero, and QuTScloud. If exploited, these vulnerabilities allows remote attackers to run arbitrary commands, traverse the file system to unintended locations and read or overwrite files, inject malicious code, or redirect users to an untrusted page that contains malware. QNAP rates this High.
More info.
A path traversal vulnerability in thttpd has been reported to affect QNAP devices running QTS, QuTS hero, and QuTScloud. If exploited, this vulnerability allows attackers to access and read sensitive data. QNAP rates this Medium.
More info.
Multiple vulnerabilities have been reported to affect QNAP NAS running certain versions of Video Station. If exploited, this vulnerability allows remote attackers to access sensitive data, perform unauthorized actions, and compromise the security of the system. QNAP rates this Medium.
More info.
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in IBM WebSphere Application Server. CVSSv3 score of 9.8
More info.
IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities in third-party software and IBM WebSphere Application Server Liberty. Highest CVSSv3 score of 9.8
More info.
Sophos Firewall has been updated to fix several security vulnerabilities, including an authentication bypass vulnerability allowing RCE rated Critical.
More info.
NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.
Dell EMC NetWorker vProxy updates are available for multiple security vulnerabilities in SUSE that may be exploited by remote attackers to compromise the affected system. Dell rates this Critical.
More info.
Aruba has released updates to ClearPass Policy Manager that address multiple security vulnerabilities, including vulnerabilities in the web-based management interface of ClearPass Policy Manager that could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Highest CVSSv3 score of 9.8
More info.
Mozilla has published security updates for Thunderbird, rated High.
More info.
F5 Monthly Patches are out, with 43 Security Advisories, and another 10 Security Exposures. One advisory is rated Critical, 17 are rated High, 24 are rated Medium, and 1 Low. Highest CVSSv3 score of 9.8
More info.
Fortinet Monthly Patches are out with 9 bulletins, 1 rated Critical, 2 are rated High, and 6 are rated Medium. Highest CVSSv3 score of 9
More info.
Yokogawa has updated a previous bulletin to include the ProSafe-RS product as vulnerable. Highest CVSSv3 score of 7.5
More info.
Several moderate vulnerabilities in OpenSSL have been patched in the latest updates.
More info.
Rockwell Automation Factory Talk Production Center products contain third-party software that has several vulnerabilities. If exploited, these vulnerabilities could allow RCE, information disclosure, and DoS on FTPC products.
More info.
Hitachi Energy Gatway Station and FACTS Control Platform products are affected by multiple open-source software vulnerabilities. An attacker could eavesdrop on the traffic between network source and destination, gain unauthorized access to information or cause a DoS. Highest CVSSv3 score of 8.1
More info. And here.
Mozilla has published security updates for Firefox and Firefox ESR, rated High.
More info.
Emerson AVENTICS AF2 Series flow sensor with Ethernet communication interface has multiple, specific cybersecurity vulnerabilities. The vulnerabilities may allow attackers to disrupt the embedded web server of the device under very specific circumstances and could allow denial of view functions and possibly exposure of system resources. Highest CVSSv3 score of 5.8
More info.
Oracle Linux has updated the kernel. More info.
Qualcomm Monthly Patches are out, with 13 CVEs in proprietary software, and 10 more in open-source software. Of the proprietary CVEs, 2 are rated Critical, 10 are rated High, and 1 Medium. Several vulnerabilities are remotely exploitable without Authentication. Highest CVSSv3 score of 9.3
More info.
Samsung Monthly Patches include 18 additional SVEs, along with Android patches.
More info.
Debian has updated the kernel. More info.
TRUMPF TruTops Fab, TruTops Boost, and TruTops Monitor contain a missing authentication vulnerability. CVSSv3 score of 9.8
More info.
The PLC application of the control systems ctrlX CORE, IndraLogic, IndraMotion MTX, IndraMotion MLC and IndraMotion MLD contains PLC technology from CODESYS GmbH. Exploiting vulnerabilities in the CODESYS protocol allows remote attackers to stop the web server communication with the PLC runtime or a temporary blocking of the communication to the PLC runtime. Highest CVSSv3 score of 7.5
More info.
SICK has reported a DoS vulnerability in Gateway Flexi Soft, due to a mishandling of Read Implicit Request services. An attacker could use this vulnerability to affect the availability of the Gateway Flexi Soft. CVSSv3 score of 7.5
More info.
Dell has published updates for Dell Unity, Dell UnityVSA, and Dell Unity XT security vulnerabilities and third-party software. Dell rates this Critical.
More info.
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.