Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Monday 02 December 2024


Qualcomm

Patch

Qualcomm Monthly Patches are out with 7 vulnerabilities, all rated High, plus open source software patches. Highest CVSSv3 score of 8.4
More info.


MediaTek

Patch

Monthly Patches are out with 15 vulnerabilities, 1 rated High and the rest Medium.  CVSSv4 score of 8.4
More info.


Samsung
Semiconductor

Patch

Monthly Patches include 4 bulletins, 2 rated High, 1 rated Medium, and 1 Low.
More info.


Acronis

Patch

Acronis has published an update for Electron with 1 vulnerability rated High in third-party software.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.


  

Friday 29 November 2024


IBM

Patch

IBM has published a Critical security bulletin for Security Verify Access Appliance.
More info.


B&R
Automation

Patch

An authentication bypass vulnerability exists in several mapp components.  CVSSv4 score of 8.4
More info.


Squid

Patch

Squid is vulnerable to DoS attacks by a trusted server against all clients using the proxy. CVSSv4 score of 7.5
More info.


Jenkins

Patch

Jenkins has published a security bulletin identifying several vulnerabilities in Jenkins Core and other deliverables. Highest CVSSv3 score of 8.0
More info.


NetApp

New

NetApp has published 12 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Only 1 with patches.
More info.


GE Vernova

Patch

GE Vernova has published 19 new bulletins identifying vulnerabilities in their products.
More info.


Linux

Patch

SUSE has updated the kernel. More info.


  

Thursday 28 November 2024


IBM

Patch

IBM has published Critical security bulletins for Cloud Pak for Network Automation, Maximo Predict, and Analytics Content Hub.
More info.


GitLab

Patch

GitLab has put out an update for 6 security vulnerabities, 1 rated High and 5 rated Medium.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Mageia has updated the microcode. More info.


  

Wednesday 27 November 2024


HPE

Patch

A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. This vulnerability could allow a user to repeatedly fail a password attempt more than the specified number of times. CVSSv3 score of 3.7
More info.


F5

New

Vulnerabilities in Qt affect BIG-IP. Highest CVSSv3 score of 6.5
No patches yet.
More info. And here.


Synology

New

A vulnerability allow remote attackers to conduct DoS and  obtain sensitive information.
No patches yet.
More info.


  

Tuesday 26 November 2024


HPE

Patch

Security vulnerabilities have been identified in HPE AutoPass License Server (APLS) that could allow a remote attacker to disclose information, bypass authentication, and execute remote code. Highest CVSSv3 score of 8.0
More info.


F5

New

F5 has published a bulletin for a vulnerable SSH Server included in BIG-IQ Centralized Management. CVSSv3 score of 6.8
No patches yet. Note the vulnerabilities listed are from 2019.
More info.


Mozilla

Patch

Mozilla has published security bulletins for Thunderbird, Firefox, and Firefox ESR.
More info.


Sprecher
Automation

Patch

SPRECON-E, SPRECON-T3, and SPRECON-V460 are vulnerable to BlastRadius.  CVSSv3 score of 8.1
More info.


Hitachi
Energy

New

Multiple vulnerabilities affect NSD570 Management Firmware and HMI570 User Interface Software products that allows a remote attacker to cause low severity confidentiality impact. Highest CVSSv3 score of 5.3
No patches.
More info.


IBM

Patch

IBM has published Critical bulletins for Cloud Pak System and Process Mining.
More info.


Linux

Patch

SUSE has updated the microcode. More info.
OpenSUSE has updated the microcode. More info.
Red Hat has updated the kernel. More info.


  

Monday 25 November 2024


Siemens

New

RUGGEDCOM APE1808 uses Palo Alto Networks PAN-OS.  Highest CVSSv4 score of 9.3
No patches yet.
More info.


Trellix

Patch

Enterprise Security Manager has been updated to resolve several security vulnerabilities.
More info.


Moxa

Patch

Multiple Moxa Ethernet switches are affected by the security vulnerabilities. Highest CVSSv3 score of 5.9.
More info.

MDS-G4028-L3 and EDS-G512E series are affected by security vulnerabilities. Highest CVSSv3 score of 7.7
More info.

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that could lead to unauthorized access and system compromise. Highest CVSSv3 score of 9.4
More info.


IBM

Patch

IBM has published a Critical security bulletin for SPSS Collaboration and Deployment Services and
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.
Debian has updated the kernel. More info.


  

Friday 22 November 2024


Microsoft

Patch

Microsoft has updated Edge with the latest chromium updates and one Edge-specific fix.
More info.


BD

Patch

BD has implemented October patches from Microsoft into IDM, Pyxis, Data Agent, CCE, and Alaris.
More info.


Automated
Logic

Patch

WebCTRL Premium Server contains several vulnerabilities that could allow a remote attacker to execute arbitrary commands on the server hosting WebCTRL or redirect legitimate users to malicious sites. Highest CVSSv4 score of 10.
More info. Carrier's bulletin here.


QNAP

Patch

QNAP has published 8 new bulletins for Notes Station 3, OpenSSH, Photo Station, AI Core, QuLog Center, QTS and QuTS hero, QuRouter, and Media Streaming Add-on. Highest CVSSv4 score of 9.3.
More info.


mySCADA

Patch

myPRO contains OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, and Path Traversal vulnerabilities that could allow a remote attacker to execute arbitrary commands or disclose sensitive information.. Highest CVSSv4 score of 10.
More info.


NetApp

New

NetApp has published 11 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.8
No patches yet.
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Mageia has updated the kernel. More info.


  

Thursday 21 November 2024


Wireshark

Patch

Two DoS vulnerabilities have been patched in Wireshark.
More info.


PHP

Patch

Several security vulnerabilities have been fixed in the latest versions of PHP.
More info.


IBM

Patch

Critical bulletins have been published for QRadar SIEM, Robotic Process Automation, Planning Analytics Workspace, and Sterling Connect:Direct Web Services.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.


  

Wednesday 20 November 2024


Google

Patch

Google has updated Chrome for Desktop to fix 3 security vulnerabilities.
More info.


Atlassian

Patch

Monthly Patches include fixes for Bamboo, Bitbucket, Confluence, Crowd, Jira, Jira Service Management, Sourcetree for Mac, and Sourcetree for Windows. Highest CVSSv3 score of 8.8
More info.


Apple

Exploit

Apple has published security updates for Safari, visionOS, iOS, iPadOS, and macOS. Some exploits are reported.
More info.


Spring

Patch

Case Sensitive comparisons can result in authorization rules not working properly. CVSSv3 score of 4.8
More info.


M-Files

Patch

Authentication bypass condition in M-Files allowed user authentication without a password when the LDAP server had the vulnerable configuration. CVSSv4 score of 9.2
More info.


Dell

Patch

Dell has published a Critical bulletin for PowerProtect Data Manager DM5500 Appliance.
More info.


Linux

Patch

Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


  

Tuesday 19 November 2024


Palo Alto
Networks

Patch

Palo Alto Networks has patched a previously reported and exploited unauthenticated RCE vulnerability. CVSSv4 score of 9.3
More info.


Oracle

Patch

Agile Product Lifecycle Management contains a vulnerability that allows a remote attacker to achieve file disclosure. CVSSv3 score of 7.5
More info.


Mitsubishi
Electric

Patch

A DoS vulnerability exists in MELSEC iQ-F Ethernet Module and EtherNet/IP Module that allows a remote attacker to cause a DoS by sending specially crafted SLMP packets. CVSSv3 score of 7.5
More info.


Synology

Patch

Multipe vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware and Synology Camera TC500 Firmware. Synology rates this Critical.
More info.


Westermo

Patch

 WeOS is vulnerable due to an issue in the software component zlib. CVSSv3 score of 7.5
The vulnerability is from 2018.
More info.


Linux

Patch

SUSE has updated the kernel. More info.


  

Monday 18 November 2024


Veritas

Patch

Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP ports can be exploited due to vulnerabilities that are inherent to the .NET Remoting service. A remote attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. CVSSv3 score of 9.8
Note the pre-requisites.
More info.


Palo Alto
Networks

Exploit

Palo Alto Networks has observed threat activity exploiting a previously reported unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. CVSSv4 score of 9.3
No patches yet.
More info.


Dell

Patch

Dell has published Critical security updates for Connectrix Cisco MDS 900 Series and PowerProtect Data Manager.
More info.


HPE

Patch

Security vulnerabilities have been identified in Unified OSS Console (UOC) and Unified OSS Console Assurance Monitoring (UOCAM). Highest CVSSv3 score of 6.1
More info.


Citrix

Exploit

WatchTowr has reported a vulnerability in Virtual Apps and Desktops. An exposed MSMQ instance can be exploited, via HTTP, to enable a remote attacker to achieve RCE. Highest CVSSv3 score of 9.8
No patches yet, actively exploited.
More info. And here.


  

Friday 15 November 2024


Blackberry

Patch

Multiple vulnerabilities in SecuSUITE Server could allow a remote attacker to enroll an attacker-controlled device to the victim's account and telephone number or inject script commands or other executable content into the server that would run with root privilege. Highest CVSSv3 score of 7.3
More info.


Baxter

New

Life2000 Ventilation System contains several vulnerabilities including hard-coded credentials, missing authentication, cleartext transmission of sensitive information, improper restriction of authentication attempts, and others. Highest CVSSv4 score of 10
Baxter plans an announcement for Q2 2025, until then watch your ventilators well.
More info. And here.


Microsoft

Patch

Microsoft has updated Edge for the latest chromium updates and one Edge-specific vulnerability.
More info.


Spring

Patch

Spring Framework has been updated to fix a DoS via Spring MVC controller method. CVSSv3 score of 5.4
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
No patches yet.
More info.


IBM

Patch

IBM has published several bulletins rated Critical, including updates for IBM CloudPak for AIOps, Tivoli Network Manager IP, CICS TX Advanced, DevOps Code ClearCase, Sterling Secure Proxy, and others.
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Amazon Linux 2023 has updated the kernel. More info.


  

Thursday 14 November 2024


Palo Alto
Networks

Patch

Monthly Patches are out with 9 bulletins, 1 rated High, 4 rated Medium, and 4 rated Low. Several bulletins address DoS vulnerabilities in the firewall. Highest CVSSv3 score of 8.6
More info.


Apache

Patch

Traffic Server is vulnerable to DoS and cache poisoning.
More info.


Siemens

Patch

Siveillance Video is affected by a security bypass vulnerability in the Microsoft .NET implementation of SQL Client. Highest CVSSv3 score of 8.7
More info.


Dell

Patch

Dell has published updates for PowerProtect Data Manager, CyberSense, and PowerProtect CyberRecover to fix vulnerabilities in third-party software. Dell rates these Critical.
More info.


Mozilla

Patch

Mozilla has published 2 new bulletins for Thunderbird, both rated High.
More info.


GitLab

Patch

GitLab has published patches for security vulnerabilities. Highest CVSSv3 score of 8.5
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Red Hat has updated the kernel. More info.


  

Wednesday 13 November 2024


Microsoft

Exploit

Monthly Patches are out with 83 vulnerabilities, 3 rated Critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Highest CVSSv3 score of 9.9
More info. And here.


Adobe

Patch

Monthly Patches include updates for Bridge, Audition, After Effects, Substance 3D Painter, Illustrator, InDesign, Photoshop, and Commerce. Highest CVSSv3 score of 7.8
More info.


Fortinet

Patch

Fortinet Monthly Patches include 18 new and 1 updated bulletin. Highest CVSSv3 score of 7.1
More info.


Ivanti

Patch

Ivanti has released updates for Ivanti Endpoint Manager which addresses high and critical severity vulnerabilities. Highest CVSSv3 score of 9.8
More info.

Ivanti has released updates for Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Secure Access Client ISAC which addresses medium, high and critical vulnerabilities. Highest CVSSv3 score of 9.1
More info.

Ivanti has released updates for Ivanti Avalanche which addresses five high severity vulnerabilities. Highest CVSSv3 score of 7.5
More info.


Google

Patch

Google has updated Chrome for Desktop to fix 12 security vulnerabilities.
More info.


Westermo

Patch

Westermo has published 3 new bulletins for WeOS. Highest CVSSv3 score of 8.8
More info.


Rockwell
Automation

Patch

FactoryTalk Updater has been updated to fix multiple vulnerabilities. Highest CVSSv4 score of 9.1
More info.


HPE

Patch

Security vulnerabilities have been identified in HPE Telco IP Mediation. Highest CVSSv3 score of 9.1
More info.

A security vulnerability has been identified in the HP-UX NTP service running ntpd, ntpq and ntpdc that allows a remote attacker to causeDoS, unauthorized write access to the file system, and null pointer dereference. CVSSv3 score of 5.6
More info.


Broadcom

Patch

Broadcom has published several new bulletins for Brocade SANnav. Highest CVSSv3 score of 7.3
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


  

Tuesday 12 November 2024


Schneider
Electric

Patch

Monthly Patches include 4 new bulletins, all remotely exploitable without authentication, and 2 updated bulletins. Of the new bulletins, highest CVSSv4 score of 10
More info.


Siemens

Patch

Monthly Patches include 12 new bulletins and 13 updated bulletins. Of the new bulletins, highest CVSSv4 score of 10.
More info.

TeleControl Server Basic contains a deserialization vulnerability allows a remote attacker to execute arbitrary code. CVSSv4 score of 10.
More info.


SAP

Patch

SAP Monthly Patches include 8 new and 2 updated Security Notes. Highest CVSSv3 score of 8.8
More info.


HPE

Patch

A security vulnerability has been identified in the HP-UX NTP service that allows a remote attacker to achieve DoS, unauthorized write access to the file system, and null pointer dereference. Highest CVSSv3 score of 6.4
More info.

Security vulnerabilities in HPE Cray servers could allow a remote attacker to achieve remote buffer overflow and DoS. Highest CVSSv3 score of 8.3
More info.


Citrix

Patch

Two vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway. Highest CVSSv4 score of 8.4
More info.


Zoom

Patch

Improper input validation in some Zoom Apps may allow a remote attacker to conduct a disclosure of information. Highest CVSSv3 score of 8.1
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.


  

Monday 11 November 2024


Dell

Patch

Dell has published Critical updates for NetWorker, APEX Cloud Platform, Metro node, and VxRail.
More info.


GE
HealthCare

New

A limited number of GE HealthCare products are impacted by vulnerabilities in Mirth Connect from 2023.  CVSSv3 score of 9.8
More info.


Extreme
Networks

New

Tenable is reporting a DoS vulnerability in ExtremeXOS. CVSSv3 score of 7.5
The vendor disputes if this is a security vulnerability.
More info.


Linux

Patch

Amazon Linux has updated the kernel.
More info.


  

Friday 08 November 2024


Synology

Patch

Synology has published 6 new bulletins identifying vulnerabilities in their products discovered during PWN2OWN.  All allow remote attackers various access such as RCE and DoS.
Some patches available.
More info.


NETGEAR

Patch

NETGEAR has published 7 new bulletins for their products. Some are remoitly exploitable without authentication. Highest CVSSv3 score of 8.2
More info.


SICK

New

SICK CDE-100 uses the open-source libraries FreeRTOS, lwIP and MCU Boot, which contain vulnerabilities that affect the SICK CDE-100. Highest CVSSv3 score of 9.8
No patches yet.
More info.


Microsoft

Patch

Microsoft has updated Edge with the latest chromium patches.
More info.


Moxa

Patch

The EDS-P510 Series has been enhanced to address several key vulnerabilities. Highest CVSSv3 score of 6.5.
More info.


NetApp

Patch

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 10
Three include patches.
More info.


  

Thursday 07 November 2024


Cisco

Patch

Cisco has published 15 new bulletins, 1 rated Critical, 2 rated High, and the rest Medium. Highest CVSSv3 score of 10
More info.

A vulnerability in the web-based management interface of Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow a remote attacker to perform command injection attacks with root privileges on the underlying operating system.  CVSSv3 score of 10.
More info.

A vulnerability in the EAAS feature of Enterprise Chat and Email (ECE) could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.


Eaton

New

Eaton has been notified about multiple vulnerabilities affecting Eaton’s IP intruder system adaptor i-WiFi01, including RCE, hardcoded default credentials, factory reset, DoS, and more. They have decided to EoL this product, and recommend upgrade to a new product.
More info.


Google

Patch

Monthly Updates are out for Pixel, with 3 security vulnerabilities as well as Android updates.
More info.


Dell

Patch

Dell has published Critical bulletins for VxRail and PowerProtect DD.
More info.


HPE

Patch

Security vulnerabilities have been identified in Unified OSS Console Assurance Monitoring (UOCAM) software that could be exploited to perform arbitrary code execution and DoS. Highest CVSSv3 score of 10.
More info.

A security vulnerability, OpenSSH RegreSSHion, was discovered in certain HPE Cray servers. CVSSv3 score of 8.1
More info.


Veeam

Patch

A vulnerability in Backup Enterprise Manager allows attackers to bypass the authentication while performing a MITM attack. CVSSv3 score of 7.7
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
AlmaLinux has updated the kernel. More info.


  

Wednesday 06 November 2024


HPE

Patch

HPE Aruba Networking has released updates for Access Points running Instant AOS-8 and AOS-10. Highest CVSSv3 score of 9.8
More info.


Google

Patch

Chrome has been updated to fix 2 security vulnerabilities.
More info.


Hitachi

Patch

Hitachi has published updates for Cosminexus/Hitachi Developer's Kit for Java, Command Suite, Automation Director, Configuration Manager, Infrastructure Analytics Advisor, and Ops Center.
More info.


Dell

Patch

Dell Avamar, Dell Networker Virtual Edition (NVE) and Dell PowerProtect DP Series Appliance / Dell Integrated Data Protection Appliance (IDPA) have been updated to fix multiple vulnerabilities. Dell rates this Critical.
More info.


curl

Patch

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry.
More info.


HCL

Patch

HCL BigFix WebUI is affected by several open source vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


  

Tuesday 05 November 2024


Google

Patch

Android Monthly Patches are out with 21 vulnerabilities, all rated High, plus updates for Imagination Technologies, Mediatek, and Qualcomm patches.
More info.


Samsung

Patch

Samsung Monthly Patches include 12 vulnerabilities, 5 rated High and 7 rated Moderate, plus Android and Samsung Semiconductor patches.
More info.


BD

Patch

BD has published security updates for Synapsys and Phoenix M50, both rated Critical.
More info.


QNAP

Patch

QNAP has updated QuRouter to fix a vulnerability reported from PWN2OWN.  QNAP rates this Critical.
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.


  

Monday 04 November 2024


Qualcomm

Patch

Monthly Patches are out for Qualcomm, with 10 vulnerabilities, 1 rated Critical, 7 rated High, and 2 rated Medium. Highest CVSSv3 score of 8.2
More info.


Mediatek

Patch

Mediatek's Monthly Patches include 11 CVEs, 2 rated High and 9 rated Medium.
More info.


Broadcom

Patch

Broadcom has published several new bulletins for Brocade SANnav. Highest CVSSv3 score of 9.8
More info.


Moxa

Patch

The MDS-G4028-L3 and EDS-G512E series are affected by several vulnerabilities, including allowing unauthorized access and a weak SSL/TLS key exchange. Highest CVSSv3 score of 7.7
More info.


Dell

Patch

Dell has published a security update for Dell Metro node that fixes multiple third-party component vulnerabilities.  Dell rates this Critical.
More info.


NetApp

Patch

NetApp has published 13 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 8.8
Only 2 have patches.
More info.


Linux

Patch

Mageia has updated the kernel and firmware. More info.
AlmaLinux has updated the kernel. More info.
Amazon Linux 2 and Amazon Linux 2023 have updated the kernel. More info. And here.


  

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.