Vulnerability Details
The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat. Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day.
Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.
Monday 02 December 2024
Qualcomm
Patch
Qualcomm Monthly Patches are out with 7 vulnerabilities, all rated High, plus open source software patches. Highest CVSSv3 score of 8.4
More info.
MediaTek
Patch
Monthly Patches are out with 15 vulnerabilities, 1 rated High and the rest Medium. CVSSv4 score of 8.4
More info.
Samsung
Semiconductor
Patch
Monthly Patches include 4 bulletins, 2 rated High, 1 rated Medium, and 1 Low.
More info.
Acronis
Patch
Acronis has published an update for Electron with 1 vulnerability rated High in third-party software.
More info.
Friday 29 November 2024
IBM
Patch
IBM has published a Critical security bulletin for Security Verify Access Appliance.
More info.
B&R
Automation
Patch
An authentication bypass vulnerability exists in several mapp components. CVSSv4 score of 8.4
More info.
Squid
Patch
Squid is vulnerable to DoS attacks by a trusted server against all clients using the proxy. CVSSv4 score of 7.5
More info.
Jenkins
Patch
Jenkins has published a security bulletin identifying several vulnerabilities in Jenkins Core and other deliverables. Highest CVSSv3 score of 8.0
More info.
NetApp
New
NetApp has published 12 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Only 1 with patches.
More info.
GE Vernova
Patch
GE Vernova has published 19 new bulletins identifying vulnerabilities in their products.
More info.
Linux
Patch
SUSE has updated the kernel. More info.
Thursday 28 November 2024
Wednesday 27 November 2024
HPE
Patch
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. This vulnerability could allow a user to repeatedly fail a password attempt more than the specified number of times. CVSSv3 score of 3.7
More info.
F5
New
Synology
New
A vulnerability allow remote attackers to conduct DoS and obtain sensitive information.
No patches yet.
More info.
Tuesday 26 November 2024
HPE
Patch
Security vulnerabilities have been identified in HPE AutoPass License Server (APLS) that could allow a remote attacker to disclose information, bypass authentication, and execute remote code. Highest CVSSv3 score of 8.0
More info.
F5
New
F5 has published a bulletin for a vulnerable SSH Server included in BIG-IQ Centralized Management. CVSSv3 score of 6.8
No patches yet. Note the vulnerabilities listed are from 2019.
More info.
Mozilla
Patch
Mozilla has published security bulletins for Thunderbird, Firefox, and Firefox ESR.
More info.
Sprecher
Automation
Patch
SPRECON-E, SPRECON-T3, and SPRECON-V460 are vulnerable to BlastRadius. CVSSv3 score of 8.1
More info.
Hitachi
Energy
New
Multiple vulnerabilities affect NSD570 Management Firmware and HMI570 User Interface Software products that allows a remote attacker to cause low severity confidentiality impact. Highest CVSSv3 score of 5.3
No patches.
More info.
IBM
Patch
IBM has published Critical bulletins for Cloud Pak System and Process Mining.
More info.
Linux
Patch
Monday 25 November 2024
Siemens
New
RUGGEDCOM APE1808 uses Palo Alto Networks PAN-OS. Highest CVSSv4 score of 9.3
No patches yet.
More info.
Trellix
Patch
Enterprise Security Manager has been updated to resolve several security vulnerabilities.
More info.
Moxa
Patch
Multiple Moxa Ethernet switches are affected by the security vulnerabilities. Highest CVSSv3 score of 5.9.
More info.
MDS-G4028-L3 and EDS-G512E series are affected by security vulnerabilities. Highest CVSSv3 score of 7.7
More info.
Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. Highest CVSSv3 score of 9.4
More info.
IBM
Patch
IBM has published a Critical security bulletin for SPSS Collaboration and Deployment Services and
More info.
Linux
Patch
Friday 22 November 2024
Microsoft
Patch
Microsoft has updated Edge with the latest chromium updates and one Edge-specific fix.
More info.
BD
Patch
BD has implemented October patches from Microsoft into IDM, Pyxis, Data Agent, CCE, and Alaris.
More info.
Automated
Logic
Patch
QNAP
Patch
QNAP has published 8 new bulletins for Notes Station 3, OpenSSH, Photo Station, AI Core, QuLog Center, QTS and QuTS hero, QuRouter, and Media Streaming Add-on. Highest CVSSv4 score of 9.3.
More info.
mySCADA
Patch
myPRO contains OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, and Path Traversal vulnerabilities that could allow a remote attacker to execute arbitrary commands or disclose sensitive information.. Highest CVSSv4 score of 10.
More info.
NetApp
New
NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.8
No patches yet.
More info.
Thursday 21 November 2024
Wireshark
Patch
Two DoS vulnerabilities have been patched in Wireshark.
More info.
PHP
Patch
Several security vulnerabilities have been fixed in the latest versions of PHP.
More info.
IBM
Patch
Critical bulletins have been published for QRadar SIEM, Robotic Process Automation, Planning Analytics Workspace, and Sterling Connect:Direct Web Services.
More info.
Linux
Patch
Oracle Linux has updated the kernel. More info.
Wednesday 20 November 2024
Patch
Google has updated Chrome for Desktop to fix 3 security vulnerabilities.
More info.
Atlassian
Patch
Monthly Patches include fixes for Bamboo, Bitbucket, Confluence, Crowd, Jira, Jira Service Management, Sourcetree for Mac, and Sourcetree for Windows. Highest CVSSv3 score of 8.8
More info.
Apple
Exploit
Apple has published security updates for Safari, visionOS, iOS, iPadOS, and macOS. Some exploits are reported.
More info.
Spring
Patch
Case Sensitive comparisons can result in authorization rules not working properly. CVSSv3 score of 4.8
More info.
M-Files
Patch
Authentication bypass condition in M-Files allowed user authentication without a password when the LDAP server had the vulnerable configuration. CVSSv4 score of 9.2
More info.
Dell
Patch
Dell has published a Critical bulletin for PowerProtect Data Manager DM5500 Appliance.
More info.
Linux
Patch
Tuesday 19 November 2024
Palo Alto
Networks
Patch
Palo Alto Networks has patched a previously reported and exploited unauthenticated RCE vulnerability. CVSSv4 score of 9.3
More info.
Oracle
Patch
Agile Product Lifecycle Management contains a vulnerability that allows a remote attacker to achieve file disclosure. CVSSv3 score of 7.5
More info.
Mitsubishi
Electric
Patch
A DoS vulnerability exists in MELSEC iQ-F Ethernet Module and EtherNet/IP Module that allows a remote attacker to cause a DoS by sending specially crafted SLMP packets. CVSSv3 score of 7.5
More info.
Synology
Patch
Multipe vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware and Synology Camera TC500 Firmware. Synology rates this Critical.
More info.
Westermo
Patch
WeOS is vulnerable due to an issue in the software component zlib. CVSSv3 score of 7.5
The vulnerability is from 2018.
More info.
Linux
Patch
SUSE has updated the kernel. More info.
Monday 18 November 2024
Veritas
Patch
Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP ports can be exploited due to vulnerabilities that are inherent to the .NET Remoting service. A remote attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. CVSSv3 score of 9.8
Note the pre-requisites.
More info.
Palo Alto
Networks
Exploit
Palo Alto Networks has observed threat activity exploiting a previously reported unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. CVSSv4 score of 9.3
No patches yet.
More info.
Dell
Patch
Dell has published Critical security updates for Connectrix Cisco MDS 900 Series and PowerProtect Data Manager.
More info.
HPE
Patch
Security vulnerabilities have been identified in Unified OSS Console (UOC) and Unified OSS Console Assurance Monitoring (UOCAM). Highest CVSSv3 score of 6.1
More info.
Citrix
Exploit
Friday 15 November 2024
Blackberry
Patch
Multiple vulnerabilities in SecuSUITE Server could allow a remote attacker to enroll an attacker-controlled device to the victim's account and telephone number or inject script commands or other executable content into the server that would run with root privilege. Highest CVSSv3 score of 7.3
More info.
Baxter
New
Life2000 Ventilation System contains several vulnerabilities including hard-coded credentials, missing authentication, cleartext transmission of sensitive information, improper restriction of authentication attempts, and others. Highest CVSSv4 score of 10
Baxter plans an announcement for Q2 2025, until then watch your ventilators well.
More info. And here.
Microsoft
Patch
Microsoft has updated Edge for the latest chromium updates and one Edge-specific vulnerability.
More info.
Spring
Patch
Spring Framework has been updated to fix a DoS via Spring MVC controller method. CVSSv3 score of 5.4
More info.
NetApp
New
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
No patches yet.
More info.
IBM
Patch
IBM has published several bulletins rated Critical, including updates for IBM CloudPak for AIOps, Tivoli Network Manager IP, CICS TX Advanced, DevOps Code ClearCase, Sterling Secure Proxy, and others.
More info.
Linux
Patch
Thursday 14 November 2024
Palo Alto
Networks
Patch
Monthly Patches are out with 9 bulletins, 1 rated High, 4 rated Medium, and 4 rated Low. Several bulletins address DoS vulnerabilities in the firewall. Highest CVSSv3 score of 8.6
More info.
Apache
Patch
Traffic Server is vulnerable to DoS and cache poisoning.
More info.
Siemens
Patch
Siveillance Video is affected by a security bypass vulnerability in the Microsoft .NET implementation of SQL Client. Highest CVSSv3 score of 8.7
More info.
Dell
Patch
Dell has published updates for PowerProtect Data Manager, CyberSense, and PowerProtect CyberRecover to fix vulnerabilities in third-party software. Dell rates these Critical.
More info.
Mozilla
Patch
Mozilla has published 2 new bulletins for Thunderbird, both rated High.
More info.
GitLab
Patch
GitLab has published patches for security vulnerabilities. Highest CVSSv3 score of 8.5
More info.
Wednesday 13 November 2024
Microsoft
Exploit
Adobe
Patch
Monthly Patches include updates for Bridge, Audition, After Effects, Substance 3D Painter, Illustrator, InDesign, Photoshop, and Commerce. Highest CVSSv3 score of 7.8
More info.
Fortinet
Patch
Fortinet Monthly Patches include 18 new and 1 updated bulletin. Highest CVSSv3 score of 7.1
More info.
Ivanti
Patch
Ivanti has released updates for Ivanti Endpoint Manager which addresses high and critical severity vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Ivanti has released updates for Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Secure Access Client ISAC which addresses medium, high and critical vulnerabilities. Highest CVSSv3 score of 9.1
More info.
Ivanti has released updates for Ivanti Avalanche which addresses five high severity vulnerabilities. Highest CVSSv3 score of 7.5
More info.
Patch
Google has updated Chrome for Desktop to fix 12 security vulnerabilities.
More info.
Westermo
Patch
Westermo has published 3 new bulletins for WeOS. Highest CVSSv3 score of 8.8
More info.
Rockwell
Automation
Patch
FactoryTalk Updater has been updated to fix multiple vulnerabilities. Highest CVSSv4 score of 9.1
More info.
HPE
Patch
Security vulnerabilities have been identified in HPE Telco IP Mediation. Highest CVSSv3 score of 9.1
More info.
A security vulnerability has been identified in the HP-UX NTP service running ntpd, ntpq and ntpdc that allows a remote attacker to causeDoS, unauthorized write access to the file system, and null pointer dereference. CVSSv3 score of 5.6
More info.
Broadcom
Patch
Broadcom has published several new bulletins for Brocade SANnav. Highest CVSSv3 score of 7.3
More info.
Linux
Patch
Tuesday 12 November 2024
Schneider
Electric
Patch
Monthly Patches include 4 new bulletins, all remotely exploitable without authentication, and 2 updated bulletins. Of the new bulletins, highest CVSSv4 score of 10
More info.
Siemens
Patch
SAP
Patch
SAP Monthly Patches include 8 new and 2 updated Security Notes. Highest CVSSv3 score of 8.8
More info.
HPE
Patch
A security vulnerability has been identified in the HP-UX NTP service that allows a remote attacker to achieve DoS, unauthorized write access to the file system, and null pointer dereference. Highest CVSSv3 score of 6.4
More info.
Security vulnerabilities in HPE Cray servers could allow a remote attacker to achieve remote buffer overflow and DoS. Highest CVSSv3 score of 8.3
More info.
Citrix
Patch
Two vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway. Highest CVSSv4 score of 8.4
More info.
Zoom
Patch
Improper input validation in some Zoom Apps may allow a remote attacker to conduct a disclosure of information. Highest CVSSv3 score of 8.1
More info.
Linux
Patch
Ubuntu has updated the kernel. More info.
Monday 11 November 2024
Dell
Patch
Dell has published Critical updates for NetWorker, APEX Cloud Platform, Metro node, and VxRail.
More info.
GE
HealthCare
New
A limited number of GE HealthCare products are impacted by vulnerabilities in Mirth Connect from 2023. CVSSv3 score of 9.8
More info.
Extreme
Networks
New
Tenable is reporting a DoS vulnerability in ExtremeXOS. CVSSv3 score of 7.5
The vendor disputes if this is a security vulnerability.
More info.
Linux
Patch
Amazon Linux has updated the kernel.
More info.
Friday 08 November 2024
Synology
Patch
Synology has published 6 new bulletins identifying vulnerabilities in their products discovered during PWN2OWN. All allow remote attackers various access such as RCE and DoS.
Some patches available.
More info.
NETGEAR
Patch
NETGEAR has published 7 new bulletins for their products. Some are remoitly exploitable without authentication. Highest CVSSv3 score of 8.2
More info.
SICK
New
SICK CDE-100 uses the open-source libraries FreeRTOS, lwIP and MCU Boot, which contain vulnerabilities that affect the SICK CDE-100. Highest CVSSv3 score of 9.8
No patches yet.
More info.
Microsoft
Patch
Microsoft has updated Edge with the latest chromium patches.
More info.
Moxa
Patch
The EDS-P510 Series has been enhanced to address several key vulnerabilities. Highest CVSSv3 score of 6.5.
More info.
NetApp
Patch
NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 10
Three include patches.
More info.
Thursday 07 November 2024
Cisco
Patch
Cisco has published 15 new bulletins, 1 rated Critical, 2 rated High, and the rest Medium. Highest CVSSv3 score of 10
More info.
A vulnerability in the web-based management interface of Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow a remote attacker to perform command injection attacks with root privileges on the underlying operating system. CVSSv3 score of 10.
More info.
A vulnerability in the EAAS feature of Enterprise Chat and Email (ECE) could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.
Eaton
New
Eaton has been notified about multiple vulnerabilities affecting Eaton’s IP intruder system adaptor i-WiFi01, including RCE, hardcoded default credentials, factory reset, DoS, and more. They have decided to EoL this product, and recommend upgrade to a new product.
More info.
Patch
Monthly Updates are out for Pixel, with 3 security vulnerabilities as well as Android updates.
More info.
Dell
Patch
Dell has published Critical bulletins for VxRail and PowerProtect DD.
More info.
HPE
Patch
Security vulnerabilities have been identified in Unified OSS Console Assurance Monitoring (UOCAM) software that could be exploited to perform arbitrary code execution and DoS. Highest CVSSv3 score of 10.
More info.
A security vulnerability, OpenSSH RegreSSHion, was discovered in certain HPE Cray servers. CVSSv3 score of 8.1
More info.
Veeam
Patch
A vulnerability in Backup Enterprise Manager allows attackers to bypass the authentication while performing a MITM attack. CVSSv3 score of 7.7
More info.
Wednesday 06 November 2024
HPE
Patch
HPE Aruba Networking has released updates for Access Points running Instant AOS-8 and AOS-10. Highest CVSSv3 score of 9.8
More info.
Patch
Chrome has been updated to fix 2 security vulnerabilities.
More info.
Hitachi
Patch
Hitachi has published updates for Cosminexus/Hitachi Developer's Kit for Java, Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor, and Ops Center.
More info.
Dell
Patch
Dell Avamar, Dell Networker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) have been updated to fix multiple vulnerabilities. Dell rates this Critical.
More info.
curl
Patch
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry.
More info.
HCL
Patch
HCL BigFix WebUI is affected by several open source vulnerabilities. Highest CVSSv3 score of 9.8
More info.
Linux
Patch
Tuesday 05 November 2024
Patch
Android Monthly Patches are out with 21 vulnerabilities, all rated High, plus updates for Imagination Technologies, Mediatek, and Qualcomm patches.
More info.
Samsung
Patch
Samsung Monthly Patches include 12 vulnerabilities, 5 rated High and 7 rated Moderate, plus Android and Samsung Semiconductor patches.
More info.
BD
Patch
BD has published security updates for Synapsys and Phoenix M50, both rated Critical.
More info.
QNAP
Patch
QNAP has updated QuRouter to fix a vulnerability reported from PWN2OWN. QNAP rates this Critical.
More info.
Linux
Patch
Ubuntu has updated the kernel. More info.
Monday 04 November 2024
Qualcomm
Patch
Monthly Patches are out for Qualcomm, with 10 vulnerabilities, 1 rated Critical, 7 rated High, and 2 rated Medium. Highest CVSSv3 score of 8.2
More info.
Mediatek
Patch
Mediatek's Monthly Patches include 11 CVEs, 2 rated High and 9 rated Medium.
More info.
Broadcom
Patch
Broadcom has published several new bulletins for Brocade SANnav. Highest CVSSv3 score of 9.8
More info.
Moxa
Patch
The MDS-G4028-L3 and EDS-G512E series are affected by several vulnerabilities, including allowing unauthorized access and a weak SSL/TLS key exchange. Highest CVSSv3 score of 7.7
More info.
Dell
Patch
Dell has published a security update for Dell Metro node that fixes multiple third-party component vulnerabilities. Dell rates this Critical.
More info.
NetApp
Patch
NetApp has published 13 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8
Only 2 have patches.
More info.
Linux
Patch
PRODUCT
GUARDED
This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.
PRODUCT
INCREASED
This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.
PRODUCT
HIGH
This alert state indicates a more serious vulnerability which is exploitable.
PRODUCT
CRITICAL
This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.
NEW
NEW
This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.
+24hrs
+24hrs
This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.
Patch
PATCH
This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported. It could be paired with Increased or High, and on rare occasions Critical.
Exploit
EXPLOIT
This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported. It could be paired with High or Critical.
ZERO
ZERO DAY
This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known. It could be paired with High or Critical.