Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Tuesday 03 October 2023


MediaTek

Patch

MediaTek has published their Monthly Patches with 3 vulnerabilities rated High, 9 rated Medium.
More info.


Google

Patch

Google Monthly Patches for Android are out, with 1 Critical vulnerability, and 31 High, with Arm, MediaTek, Unisoc, and Qualcomm patches as well.
More info.


IBM

Patch

IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities.  Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Red Hat has updated the kernel. More info.


  

Monday 02 October 2023


Exim

0-Day

A vulnerability in Exim allows remote attackers to execute arbitrary code on affected installations of Exim. CVSSv3 score of 9.8
This was released as a 0-day.
More info. And here.


BD

Patch

BD has published security updates for Phoenix M50, Assurity Linc, and BACTEC FX40.
More info.


Qualcomm

Patch

Qualcomm Monthly Patches are out with 17 vulnerabilities, 3 rated Critical, 13 rated High, and 1 rated Medium. Highest CVSSv3 score of 9.8
More info.


Microsoft

Exploit

Microsoft has updated Edge to fix the libvpx vulnerability that is being exploited.
More info.


NetApp

Patch

NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Six have patches.
More info.


  

Friday 29 September 2023


Progress
Software

Patch

Vulnerabilities in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface have been identified. Highest CVSSv3 score of 10.
More info.


Dell

Patch

Dell Container Storage Modules remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.  Dell rates this Critical.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.
Alpine Linux has published 3.18.4. More info.


  

Thursday 28 September 2023


Cisco

Patch

Cisco has published 15 new bulletins, 1 rated Critical, 7 rated High, and 7 rated Medium. Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow an attacker to access an affected instance or cause a DoS on an affected system. Highest CVSSv3 score of 9.8
More info.

Vulnerabilities in Cisco IOS XE Software could allow a remote attacker to cause a DoS. CVSSv3 score of 8.6
More info. And here. And here. And here.

A vulnerability in Cisco DNA Center could allow a remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. CVSSv3 score of 8.6
More info.

A vulnerability in the networking component of Cisco AP software could allow a remote attacker to cause a DoS. CVSSv3 score of 5.8
More info.


Google

Exploit

Google has published an update for Chrome for Desktop that fixes 10 security vulnerabilities, one of which is exploited in the wild.
More info.


IBM

Patch

Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps.  Highest CVSSv3 score of 9.8
More info.

IBM Cloud Pak System has addresssed vulnerabilities in Golang Go.  Highest CVSSv3 score of 9.8
More info.


HPE

Patch

Security vulnerabilities has been identified in OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass. CVSSv3 score of 9.8
More info.


Mozilla

Exploit

Mozilla has updated Firefox, Firefox ESR, Firefox for Android, and Firefox Focus for Android  Mozilla rated this Critical, and it is actively exploited.
More info.


  

Wednesday 27 September 2023


Baker
Hughes

New

Bently Nevada 3500 Rack (TDI Firmware) contains several vulnerabilities including exposure of sensitive information, cleartext transmission of sensitive information, and authentication bypass by capture-replay.  Highest CVSSv3 score of 7.5
No patches, only mitigation.
More info.


Squid

Patch

Due to a NULL pointer dereference bug Squid is vulnerable to a DoS attack against Squid's Gopher gateway. CVSSv3 score of 7.5
More info.


Apple

Patch

Apple has published security updates for Safari and macOS.
More info.


Belden

Patch

Multiple Expat vulnerabilities exist in Hirschmann HiOS products, HiSecOS products, BAT-C2, and GECKO. Highest CVSSv3 score of 9.8
More info.


Juniper
Networks

Exploit

A new exploit for a previously reported code execution vulnerability in Junos OS works without a previous file upload. Highest CVSSv3 score of 9.8
More info.


Mozilla

Patch

Mozilla has published bulletins rated High for Firefox, Firefox ESR, and Thunderbird.
More info.


Linux

Patch

SUSE has updated the kernel.  More info.
OpenSUSE has updated the kernel. More info.


  

Tuesday 26 September 2023


Hitachi
Energy

New

Hitachi Energy includes libexpat open-source software in their AFx series products. There are multiple vulnerabilities in the libexpat component that allow a remote attacker to compromise the targeted devices availability, integrity, and confidentiality. Highest CVSSv3 score of 9.8
More info.


IBM

Patch

Multiple vulnerabilities in third-party software affect IBM Application Performance Management products.  Highest CVSSv3 score of 9.8
More info. And here. And here. And here. And here.


Dell

Patch

Dell EMC VPlex Metro Node remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this Critical.
More info.

Dell Connectrix (Brocade) remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system. Dell rates this High.
More info.


Linux

Patch

Oracle Linux has updated the kernel.  More info.
Amazon Linux has updated the kernel. More info.


  

Monday 25 September 2023


WAGO

New

WAGO products e!COCKPIT and WAGO-I/O-Pro both include vulnerable WIBU Systems Codemeter product. Highest CVSSv3 of 9.8
More info.


BD

Patch

BD has published Microsoft and third-party software updates for FACSCanto 10-Color System, FACSCelesta, FACSAria, FACSCanto II System, LSRFortessa, FocalPoint, EpiCenter, and Totalys.
More info.


Elasticsearch

Patch

A vulnerability exists in how Elasticsearch handled incoming requests on the HTTP layer. A remote attacker could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. CVSSv3 score of 7.5
More info.


Linux

Patch

Oracle Linux has updated the kernel.  More info.


  

Friday 22 September 2023

Apple

Exploit

Apple has updated iOS, iPadOS, watchOS, macOS, and Safari to fix Exploited, Critical vulnerabilities.
More info.


Real Time
Automation

Exploit

Real Time Automation 460MCBS contains a Cross-site Scripting vulnerability that could allow an attacker to run malicious JavaScript content. CVSSv3 score of 9.4
Public PoC exists.
More info.


D-Link

Exploit

D-Link DIR-823G was discovered to contain stack overflow vulnerabilities. CVSSv3 score of 9.8
PoC exists.
More info. And here.


QNAP

Patch

Vulnerabilities in Apache, Legacy QTS, and Multimedia Console affect QNAP products.  These are rated Medium and High.
More info.


NetApp

New

NetApp has published 7 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.8
No patches yet.
More info.


Linux

Patch

SUSE has updated the kernel.  More info.


  

Thursday 21 September 2023

Ingeteam

Patch

 Three vulnerabilities have been identified in Ingeteam INGEPAC DA 3451 and INGEPAC EF MD.  Highest CVSSv3 score of 8.6
More info.


Frauscher
Sensortechnik

Patch

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi are prone to multiple vulnerabilities which could lead up to a full compromise of the FDS101 device. Highest CVSSv3 score of 9.8
More info.


Dell

Patch

Dell Secure Connect Gateway has been updated to correct multiple security vulnerabilities in third-party software.  Dell rates this Critical.
More info.


Rockwell
Automation

Patch

A buffer overflow vulnerability exists in Logix communication devices. If exploited, a remote attacker could leverage this vulnerability to perform RCE. CVSSv3 score of 9.8
More info.

Connected Components Workbench utilizes CefSharp that contains a use after free vulnerability in Google Chrome. A remote attacker could perform a sandbox escape via a crafted HTML page. CVSSv3 score of 9.6
More info.

An input/output validation vulnerability exists in third-party software used inPanelView 800 that could lead to a disclosure of sensitive information, addition or modification of data, or a DoS.  CVSSv3 score of 9.8
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Wednesday 20 September 2023

Omron

Patch

Omron CJ/CS/CP series programmable logic controllers use the FINS protocol, which is vulnerable to brute-force attacks. The controllers do not enforce any rate limit on password guesses to password-protected memory regions. CVSSv3 score of 7.5
More info.


Atlassian

Patch

Four high-severity vulnerabilities have been fixed in Atlassian products. Highest CVSSv3 score of 8.5
More info.


BIND

Patch

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. CVSSv3 score of 7.5
More info.

An issue with Recursion depth may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. CVSSv3 score of 7.5
More info.


Linux

Patch

SUSE has updated the kernel and kernel-rt. More info.
OpenSUSE has updated the kernel and kernel-rt. More info.
Red Hat has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


  

Tuesday 19 September 2023

Phoenix
Contact

Patch

Multiple products are affected by WIBU Codemeter vulnerabilities. Highest CVSSv3 score of 10.
More here.


Google

Patch

Google updates for Pixel include Android security patches and 1 Pixel-specific security vulnerability rated High, currently being exploited.
More info.


IBM

Patch

Vulnerabilities in Bash affect ProtecTIER.  Note these are the ShellShock vulnerabilities, 9 years later. Highest CVSSv3 score of 10.
More info.

Multiple vulnerabilities in jackson-databind affect IBM Application Performance Management products. Highest CVSSv3 score of 9.8
More info.

Vulnerabilities in "Go" affect IBM CICS TX Standard and Advanced. Highest CVSSv3 score of 9.8
More info. And here.

Due to use of Golang Go, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Apple

Patch

Apple has published iOS 17, iPadOS 17, watchOS 10, and tvOS 17, all in the security updates table, but with no details.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Ubuntu has updated the kernel. More info.



  

Monday 18 September 2023

Open5Gc

Patch

Free5Gc contains a CSRF vulnerability that could allow a remote attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". CVSSv3 score of 9.8
More info. And here.


NetApp

New

NetApp has published 14 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
No patches yet.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.



  

ALERT DEFINITIONS

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.