Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Thursday 19 September 2024
GE Vernova
Patch
ControlST – Control Server has been updated to fix several VMware vulnerabilities. Highest CVSSv3 score of 9.8
More info.
IDEC
Patch
WindLDR and Operator Interfaces' Touchscreen Programming Software WindO/I-NV4 contain a Cleartext Storage of Sensitive Information vulnerability. A remote attacker who obtains a project file could obtain user authentication information for the PLC or Operator Interface. CVSSv3 score of 5.9
More info. And here.
PLCs contain Cleartext Transmission of Sensitive Information and Generation of Predictable Identifiers vulnerabilities. Highest CVSSv3 score of 5.3
More info. And here.
MegaSys
Patch
Telenium Online Web Applicationcontains an Improper Input Validation vulnerability that could allow a remote attacker to inject arbitrary Perl code through a crafted HTTP request, leading to RCE. CVSSv4 score of 9.3.
More info.
CoreDNS
Patch
There is a vulnerability in DNS which triggers a resolver to ignore valid responses, thus causing DoS. A remote attacker could forge a response targeting the source port of a vulnerable resolver. CVSSv3 score of 8.2
More info.
SICK
Patch
SICK MSC800 contains a vulnerability that allows a remote attacker to modify the IP address of the product through the SopasET interface, potentially leading to DoS. CVSSv3 score of 7.5
More info.
Grafana
Patch
The grafana plugin SDK bundles build metadata into the binaries it compiles and includes the repository URI. If credentials are included in the repository URI the final binary will contain the full URI, including said credentials. CVSSv4 score of 9.1
More info.
Linux
Patch
Wednesday 18 September 2024
Patch
Google has updated Chrome for Desktop to fix 9 security vulnerabilities.
More info.
VMware
Patch
VMware has updated vCenter Server to address heap-overflow and privilege escalation vulnerabilities. Highest CVSSv3 score of 9.8
More info.
GitLab
Patch
A Critical Patch Release for GitLab fixes an authentication bypass vulnerability. CVSSv3 score of 10.
More info.
Cohesive
Networks
Patch
Four issues in VNS3 allow improperly parsed input to achieve RCE. This requires control plane TCP port 8000 access to a VNS3 controller. Highest CVSSv3 score of 9.8
More info.
Atlassian
Patch
Confluence Data Server contains a DoS vulnerability. CVSSv3 score of 7.5
More info.
Dell
Patch
Dell PowerStore Family remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.
Linux
Patch
Tuesday 17 September 2024
Apple
Patch
Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS 2, Safari, and Xcode.
More info.
D-Link
Patch
D-Link has updated several wireless routers to fix security issues like hardcoded credentials, hidden telnet services, and improper authentication. Highest CVSSv3 score of 9.8
More info.
Circutor
Patch
Updates for Q-SMT and TCP2RS+ have been made available for 6 vulnerabiltiies, 3 rated Critical, 1 High, and 2 Medium. Highest CVSSv3 score of 10.
More info.
Yokogawa
Patch
Yokogawa has updated Dual-redundant Platform for Computer to fix a DoS vulnerability. Highest CVSSv3 score of 7.5
More info.
NetApp
New
NetApp has published a bulletin for ONTAP that identifies vulnerabilities in FreeBSD. Highest CVSSv3 score of 10.
No patch yet.
More info.
Hitachi
Patch
Hitachi has published updates for Command Suite, Automation Directory, Configuration Manager, and Ops Center.
More info.
Linux
Patch
Sunday 15 September 2024
curl
Patch
When curl is built to use the GnuTLS library and told to use OCSP stapling to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.
More info.
WebIQ
New
The Windows version of WebIQ is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. CVSSv3 score of 8.6
No patch yet.
More info.
F5
Patch
Traffix SDC uses CPAN.pm which contains a vulnerability that may allow a remote attacker to inject into the network path and perform a MITM attack, causing confidentiality or integrity issues. CVSSv3 score of 7.4
More info.
ABB
Patch
REF630, REG630, REM630 and RET630 equipment contains vulnerabilities that could result in a DoS. Highest CVSSv4 score of 8.2
More info.
Friday 13 September 2024
Rockwell
Automation
Patch
5015-U8IHFT contains a DoS vulnerability with a malformed CIP Message. CVSSv4 score of 8.7
More info.
FactoryTalk Batch View contains an authentication bypass vulnerability due to shared secrets. CVSSv4 score of 9.2
More info.
FactoryTalk View Site Edition contains a RCE vulnerability. CVSSv4 score of 9.2
More info.
ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 are vulnerable to DoS. CVSSv4 score of 8.7
More info.
Docker
Patch
Docker Desktop has been updated to fix 2 security vulnerabilities that allow RCE. Highest CVSSv4 score of 9.0
More info.
Spring
Patch
NetApp
Patch
NetApp has published 12 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Five have patches.
More info.
Extreme
Networks
Patch
Extreme Networks has published 3 months of vulnerability bulletins, 38 in total. CVSSv3 score of 8.1
More info.
regreSSHion Vulnerability in OpenSSH Server affects several Extreme Networks products. CVSSv3 score of 8.1
More info.
Apache Tomcat DoS in HTTP/2 Connector affects several Extreme Networks products. CVSSv3 score of 5.3
More info.
Amazon Corretto vulnerabilities have been addressed in several Extreme Networks products. CVSSv3 score of 7.4
More info.
Zoom
Patch
A business logic error in some Zoom Workplace Apps may allow a remote attacker to disclose information. CVSSv3 score of 5.3
More info.
Linux
Patch
Thurday 12 September 2024
Cisco
Patch
Cisco has published 8 new bulletins, 6 rated High and 2 rated Medium. Highest CVSSv3 score of 8.8
More info.
A vulnerability in the Mtrace2 feature of Cisco IOS XR Software could allow a remote attacker to exhaust the UDP packet memory of an affected device, resulting in a DoS. CVSSv3 score of 8.6
More info.
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow a remote attacker to cause a DoS on XML TCP listen port 38751. CVSSv3 score of 5.3
More info.
Palo Alto
Networks
Patch
Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High and 5 rated Medium. Highest CVSSv4 score of 8.6
More info.
Prisma Access Browser has incorporated the latest upstream Chromium security fixes. Highest CVSSv3 score of 8.8
More info.
A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. CVSSv4 score of 6.
More info.
iniNet
Patch
SpiderControl SCADA Web Server contains an Unrestricted Upload of File with Dangerous Type vulnerability. CVSSv4 score of 8.7.
More info.
Microsoft
Patch
HPE
Patch
HPE NonStop Vrtual Tape Repository (VTR) contains several vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Zyxel
Patch
Zyxel has released hotfixes addressing command injection vulnerability in two NAS products that have reached EoS. A remote attacker could execute some OS commands by sending a crafted HTTP POST request. CVSSv3 score of 9.8
More info.
Tenable
Patch
Tenable has updated Nessus to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.
GitLab
Patch
GitLab has been updated to fix 17 vulnerabilities, 1 rated Critical, 3 rated High, 11 rated Medium, and 2 rated Low. Highest CVSSv3 score of 8.5
More info.
Dell
Patch
Security update has been published for Dell Data Protection Central for third-party software vulnerabilities.. Dell rates this Critical.
More info.
Dell ThinOS remediation is available for multiple vulnerabilities in third-party software. Dell rates this Critical.
More info.
Dell Avamar remediation is available for Switch OS 10.5.x-Gen5A vulnerabilities. Dell rates this High.
More info.
Dell PowerScale InsightIQ remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.
Linux
Patch
Wednesday 11 September 2024
Microsoft
0-Day
Microsoft Monthly Patches are out, with 79 vulnerabilities, 7 rated Critical and 4 are 0-days currently being exploited. Highest CVSSv3 score of 9.8
More info. And here.
Microsoft recently updated the Edge page to show updates for the latest chromium vulnerabilities, although the dates were more than a week in the past.
More info.
Adobe
Patch
F5
Patch
F5 has published 10 new bulletins, 4 of which are exploitable remotely without authentication. Of those 4, the highest CVSSv3 score is 6.9
More info.
Ivanti
Patch
Ivanti has released updates for Ivanti Endpoint Manager 2024 and 2022 which addresses medium and high vulnerabilities. Successful exploitation could lead to unauthorized access to the EPM core server. Highest CVSSv3 score of 10.
More info.
Carrier
Patch
Patch
Google has updated Chrome for Desktop to fix 5 security vulnerabilities.
More info.
Tuesday 10 September 2024
Siemens
Patch
Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated. Of the new bulletins, 10 address vulnerabilities that are remotely exploitable without authentication with a highest CVSSv4 score of 10.
More info.
Industrial Edge Management contains an Authorization Bypass vulnerability that could allow a remote attacker to impersonate other devices onboarded to the system. CVSSv4 score of 10.
More info.
Schneider
Electric
Patch
Schneider Electric Monthly Patches include 5 bulletins, 2 new and 3 updated. Of the new bulletins, highest CVSSv3 score of 7.8
More info.
SAP
Patch
SAP has published their Monthly Patches, with 19 Security Notes, 16 new and 3 updated. Of the new Notes, highest CVSSv3 score of 6.5
More info.
Endress+
Hauser
Patch
Echo Curve Viewer contains a vulnerability that allows a remote attacker to run malicious c# code included in curve files and execute commands in the users context. CVSSv3 score of 9.8
More info.
Phoenix
Contact
Patch
HPE
Patch
BD
Patch
BD has published updates to fix third-party software in Kiestra TLA/WCA, Kiestra TLA Track, Kiestra ReadA, and Kiestra InoqulA.
More info.
LANCOM
Patch
IBM
Patch
Linux
Patch
Monday 09 September 2024
QNAP
Patch
QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.
More info.
A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.
More info.
A XSS vulnerability has been reported to affect QuLog Center. The vulnerability could allow a remote attacker to inject malicious code. CVSSv3 score of 8.2
More info.
Festo
Patch
Festo products include Siemens Simatic S7-1500 CPUs, which has a memory bypass vulnerability. CVSSv3 score of 9.8
Note the vulnerability is from 2020.
More info.
ownCloud
Patch
ownCloud has published 5 new bulletins, the wors of which allows request forgery. Highest CVSSv3 score of 8.8
More info.
Improper handling of CSRF protection in the diagnostics app in combination with the `SameSite`-Cookie setting being set to `None` allows cross site invocation of an admin API. CVSSv3 score of 3.1
More info.
Server-Side Request Forgery in federated sharing API may allow a remote attacker to identify internal servers or cause a DoS. CVSSv3 score of 5.3
More info.
Friday 06 September 2024
IBM
Patch
QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.9
More info.
IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. CVSSv3 score of 9.8
More info.
Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. CVSSv3 score of 9.1
More info.
There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Highest CVSSv3 score of 9.8
More info.
F5
Patch
F5 has published 5 new bulletins that are exploitable by remote attackers. Highest CVSSv3 score of 8.8
More info.
BIG-IP, BIG-IQ, and Traffix SDC are vulnerable to a DoS due to libarchive. Highest CVSSv3 score of 5.9
More info.
BIG-IP Next SPK and CNF are vulnerable to OpenSSH and could allow RCE. CVSSv3 score of 8.1
More info.
Traffix SDC contains a vulnerability in libjpeg-turbo that allows a remote attacker to cause a DoS or code execution. Highest CVSSv3 score of 8.8
More info. And here.
NetApp
New
NetApp has published 10 new bulletins identifying vulnerabilties in third-party software included in their products. Highest CVSSv3 score of 9.8
No patches yet.
More info.
Xerox
Patch
Xerox has updated FreeFlow Print Server v2 / Window s10 to fix vulnerabilities in third-party software.
More info.
Zoom
Patch
Zoom has published a bulletin for an Information Disclosure vulnerability in Workplace Apps. CVSSv3 score of 5.3
More info.
Linux
Patch
Thursday 05 September 2024
Juniper
Networks
Patch
Juniper has published an "On Demand" bulletin for Secure Analytics identifying several vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Cisco
Patch
Cisco has published 5 new bulletins, 1 rated Critical, 1 rated High, and 3 rated Medium. Highest CVSSv3 score of 9.8
More info.
Multiple vulnerabilities in Cisco Smart Licensing Utility could allow a remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running. CVSSv3 score of 9.8
More info.
Veeam
Patch
Veeam has published a bulletin for several products identifying vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Baxter
Patch
HPE
Patch
Security vulnerabilities in the HP-UX Secure Shell daemon (sshd) could be exploited remotely to allow arbitrary command execution, authentication bypass, or unauthorized use. Highest CVSSv3 score of 9.8
More info.
Dell
Patch
EMC Metronode remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.
CloudBoost Virtual Appliance remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.
Cloud Tiering Appliance remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.
Wednesday 04 September 2024
Patch
Google has published Monthly Patches for Android, with 12 vulnerabilities, all rated High, plus Arm, Imagination Technologies, Unisoc, and Qualcomm updates. Highest CVSSv3 score of 8.8
More info.
Pixel Monthly Patches are out with 6 vulnerabilities, 4 rated Critical and 2 rated High, plus Android patches.
More info.
Android Automotive OS Monthly Patches include 1 vulnerability rated High.
More info.
Samsung
Patch
Samsung Monthly Patches include 23 vulnerabilities, 8 rated High and 14 rated Medium, plus Android patches.
More info.
D-Link
New
D-Link is aware of critical vulnerabilities in DIR-846W router which is EOS. Highest CVSSv3 score of 9.8
No patches because it is EOS/EOL.
More info.
Mozilla
Patch
Mozilla has updated Firefox, Firefox ESR, and Focus for iOS to fix High severity vulnerabilities.
More info.
Moxa
Patch
OnCell 3120-LTE-1 Series are affected by multiple vulnerabilities in the old version of jQuery that can be exploited by a remote attacker. Highest CVSSv3 score of 6.1
More info.
HPE
Patch
Security vulnerabilities have been identified in Unified OSS Console Assurance Monitoring (UOCAM). These vulnerabilities could be exploited to allow authentication bypass, DoS, and escalation of privilege. Highest CVSSv3 score of 7.5
More info.
LOYTEC
Electronics
Patch
LINX series devices contain several vulnerabilities. Highest CVSSv4 score of 9.3
More info.
OpenSSL
Patch
OpenSSL has been updated to fix a DoS in X.509 name checks.
More info.
HAProxy
Patch
HAProxy has updated their products to fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system.
More info.
Tuesday 03 September 2024
Patch
Google has updated Chrome for Desktop to fix 4 security vulnerabilities.
More info.
Zyxel
Patch
An OS command injection vulnerability exists in some AP and security routers. The improper neutralization of special elements could allow a remote attacker to execute OS commands by sending a crafted cookie to a vulnerable device. CVSSv3 score of 9.8
More info.
5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices are affected by a buffer overflow vulnerability that could allow a remote attacker to cause a DoS by sending a crafted HTTP request to a vulnerable device. CVSSv3 score of 7.5
More info.
Zyxel Firewall has been updated to fix several security vulnerabilities. Highest CVSSv3 score of 8.1
More info.
Linux
Patch
Monday 2 September 2024
Qualcomm
Patch
Qualcomm Monthly Patches include 8 patches for proprietary software and 13 patches for open source software, highest CVSSv3 score of 8.4
More info.
MediaTek
Patch
MediaTek Monthly Patches include 6 vulnerabilities, all rated Medium.
More info.
Samsung
Patch
Samsung has published 7 new bulletins for Exynos, all rated Medium.
More info.
Dell
Patch
Cloud Tiering Appliance has been updated to fix multiple third-party vulnerabilities, some dating back to 2020. Dell rates this High.
More info.
Friday 30 August 2024
libexpat
Patch
PHP
Patch
IBM
Patch
IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift. Highest CVSSv3 score of 10.
More info.
Esri
Patch
Portal for ArcGIS Security has been updated to resolve multiple high and medium severity security vulnerabilities. Highest CVSSv4 score of 8.7
More info.
Thursday 29 August 2024
Cisco
Patch
Patch
Google has published an update for Chrome for Desktop that fixes 4 High severity vulnerabilities.
More info.
Wireshark
Patch
Wireshark (older versions) has been updated to fi a DoS vulnerability.
More info.
Dell
Patch
Dell RecoverPoint for Virtual Machines remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.
Dell APEX Cloud Platform for Redhat Openshift remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.
Linux
Patch
Red Hat has updated the kernel and the firmware. More info.
Wednesday 28 August 2024
B&R
Automation
Patch
B&R APROL has been updated to fix 3 vulnerabilities, one of which allows a remote attacker to conduct a Reflected XSS attack. Highest CVSSv4 score of 7.3
More info.
F5
New
Traffix SDC contaions a vulnerability that could allow a remote attacker to access restricted information, modify files, or cause a DoS. CVSSv3 score of 7.5
No patches yet.
More info.
NetApp
New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
One has patches.
More info.
Fortra
Patch
Flowise
New
An unauthenticated DoS vulnerability exists in Flowise leading to a DoS. CVSSv3 score of 7.4
More info.
Tuesday 27 August 2024
Hitachi
Energy
Patch
Multiple vulnerabilities exist in MicroSCADA X SYS600, some of which allow a remote attacker to cause confidentiality, integrity and availability impacts. Highest CVSSv3 score of 9.9
More info.
Monday 26 August 2024
Avtec
Patch
Outpost 0810 and Outpost Uploader Utility contain 2 vulnerabilities, Storage of File with Sensitive Data Under Web Root, and Use of Hard-coded Cryptographic Key. Highest CVSSv4 score of 8.7
More info.
Trumpf
Patch
TruControl laser control software uses OpenSSH server and is affected by the RegreSSHion vulnerability. CVSSv3 score of 8.1
More info.
IBM
Patch
F5
New
BIG-IP contains a vulnerability that allows a remote attacker to crafting HTTP requests with deliberately incorrect URL encoding, potentially bypassing security controls that rely on proper URL parsing and authentication. CVSSv3 score of 7.5
No patch yet.
More info.
NetApp
New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.0
Only 1 has a patch.
More info.
Friday 23 August 2024
Microsoft
Exploit
Microsoft has updated Edge to include the latest chromium patches as well as 4 Edge specific patches. Exploits are in the wild.
More info.
Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant. CVSSv3 score of 7.5
More info.
SonicWall
Patch
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. CVSSv3 score of 8.6
More info.
Rockwell
Automation
Patch
ThinManager ThinServer contains Information Disclosure and RCE vulnerabilities. Highest CVSSv4 score of 9.3
More info.
SolarWinds
Patch
Web Help Desk (WHD) is affected by a hardcoded credential vulnerability, allowing a remote attacker to access internal functionality and modify data. CVSSv3 score of 9.1
More info.
Broadcom
Patch
Tanzu has 20 security bulletins published that identify vulnerabilities in third-party software included in their product. 1 is rated High, 18 Medium, and 1 Low.
More info.
F5
New
BIG-IP (DNS) contains a vulnerability in the BIND process that allows a remote atatcker to cause a DoS. CVSSv3 score of 7.5
No patch yet.
More info.
Thursday 22 August 2024
Cisco
Patch
Exploit
BD
Patch
BD has published third-party software updates for Pyxis, EpiCenter, Data Agent, IDM, and CCE products.
More info.
SpaceLabs
Healthcare
Exploit
Bedside Monitors are vulnerable to Name:Wreck, a DNS vulnerability from 2016. CVSSv3 score of 9.8
More info.
Welotec
Patch
Products from the Edge Gateway Family are affected by the RegreSSHion vulnerability. CVSSv3 score of 8.1
More info.
IBM
Patch
Linux
Patch
Wednesday 21 August 2024
CPython
Patch
Microsoft
Patch
GitHub Enterprise Server has been patched to fix 3 vulnerabilities, one of which exposed signed federation metadata XML, allowing a remote attacker to forge a SAML response to provision and/or gain access to a user account with site administrator privileges. Highest CVSSv4 score of 9.5
More info.
Jira
Patch
Reflected XSS and CSRF vulnerabilities exist in Confluence Data Center and Server. CVSSv3 score of 7.1
More info.
Bosch
Patch
A vulnerability in Bosch IP cameras of families CPP13 and CPP14, allows a remote attacker to retrieve video analytics event data. CVSSv3 score of 7.5
More info.
Mitel
Patch
Linux
Patch
Tuesday 20 August 2024
HPE
Patch
Security vulnerabilities have been identified in HPE SimpliVity AMD Servers. These vulnerabilities could be exploited to allow arbitrary code execution, disclosure of privileged information, buffer overflow, and DoS. Highest CVSSv3 score of 7.5
More info.
OpenFlow
New
Vulnerabilities have been identified in the libfluid_msg library, a core component of the libfluid OpenFlow library that is used to process OpenFlow network packets, that could be used for DoS. Highest CVSSv3 score of 6.5
No patches available.
More info.
Linux
Patch
Monday 19 August 2024
PRODUCT
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.
+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.
Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.
Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.
ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.