Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

Thursday 19 September 2024


GE Vernova

Patch

ControlST – Control Server has been updated to fix several VMware vulnerabilities.  Highest CVSSv3 score of 9.8
More info.


IDEC

Patch

WindLDR and Operator Interfaces' Touchscreen Programming Software WindO/I-NV4 contain a Cleartext Storage of Sensitive Information vulnerability. A remote attacker who obtains a project file could obtain user authentication information for the PLC or Operator Interface.  CVSSv3 score of 5.9
More info. And here.

PLCs contain Cleartext Transmission of Sensitive Information and Generation of Predictable Identifiers vulnerabilities. Highest CVSSv3 score of 5.3
More info. And here.


MegaSys

Patch

Telenium Online Web Applicationcontains an Improper Input Validation vulnerability that could allow a remote attacker to inject arbitrary Perl code through a crafted HTTP request, leading to RCE. CVSSv4 score of 9.3.
More info.


CoreDNS

Patch

There is a vulnerability in DNS which triggers a resolver to ignore valid responses, thus causing DoS. A remote attacker could forge a response targeting the source port of a vulnerable resolver. CVSSv3 score of 8.2
More info.


SICK

Patch

SICK MSC800 contains a vulnerability that allows a remote attacker to modify the IP address of the product through the SopasET interface, potentially leading to DoS. CVSSv3 score of 7.5
More info.


Grafana

Patch

The grafana plugin SDK bundles build metadata into the binaries it compiles and includes the repository URI. If credentials are included in the repository URI the final binary will contain the full URI, including said credentials. CVSSv4 score of 9.1
More info.


Linux

Patch

SUSE has updated the kernel and microcode. More info.
OpenSUSE has updated the microcode. More info.
Oracle Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel, systemd, and microcode. More info.
Amazon Linux 2023 has updated the kernel and microcode. More info.


  

Wednesday 18 September 2024


Google

Patch

Google has updated Chrome for Desktop to fix 9 security vulnerabilities.
More info.


VMware

Patch

VMware has updated vCenter Server to address heap-overflow and privilege escalation vulnerabilities.  Highest CVSSv3 score of 9.8
More info.


GitLab

Patch

A Critical Patch Release for GitLab fixes an authentication bypass vulnerability. CVSSv3 score of 10.
More info.


Cohesive
Networks

Patch

Four issues in VNS3 allow improperly parsed input to achieve RCE. This requires control plane TCP port 8000 access to a VNS3 controller. Highest CVSSv3 score of 9.8
More info.


Atlassian

Patch

Confluence Data Server contains a DoS vulnerability. CVSSv3 score of 7.5
More info.


Dell

Patch

Dell PowerStore Family remediation is available for multiple security vulnerabilities in third-party software.  Dell rates this High.
More info.


Linux

Patch

Red Hat has updated the kernel and kernel-rt. More info.
Ubuntu has updated the kernel. More info.
Amazon Linux has updated the microcode. More info.


  

Tuesday 17 September 2024


Apple

Patch

Apple has published updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS 2, Safari, and Xcode. 
More info.


D-Link

Patch

D-Link has updated several wireless routers to fix security issues like hardcoded credentials, hidden telnet services, and improper authentication.  Highest CVSSv3 score of 9.8
More info.


Circutor

Patch

Updates for Q-SMT and TCP2RS+ have been made available for 6 vulnerabiltiies, 3 rated Critical, 1 High, and 2 Medium.  Highest CVSSv3 score of 10.
More info.


Yokogawa

Patch

Yokogawa has updated Dual-redundant Platform for Computer to fix a DoS vulnerability.  Highest CVSSv3 score of 7.5
More info.


NetApp

New

NetApp has published a bulletin for ONTAP that identifies vulnerabilities in FreeBSD. Highest CVSSv3 score of 10.
No patch yet.
More info.


Hitachi

Patch

Hitachi has published updates for Command Suite, Automation Directory, Configuration Manager, and Ops Center.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Mageia has updated the microcode. More info.
Amazon Linux 2023 has updated the kernel and microcode. More info.


  

Sunday 15 September 2024


curl

Patch

When curl is built to use the GnuTLS library and told to use OCSP stapling to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.
More info.


WebIQ

New

The Windows version of WebIQ is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. CVSSv3 score of 8.6
No patch yet.
More info.


F5

Patch

Traffix SDC uses CPAN.pm which contains a vulnerability that may allow a remote attacker to inject into the network path and perform a MITM attack, causing confidentiality or integrity issues. CVSSv3 score of 7.4
More info.


ABB

Patch

REF630, REG630, REM630 and RET630 equipment contains vulnerabilities that could result in a DoS.  Highest CVSSv4 score of 8.2
More info.


  

Friday 13 September 2024


Rockwell
Automation

Patch

5015-U8IHFT contains a DoS vulnerability with a malformed CIP Message. CVSSv4 score of 8.7
More info.

FactoryTalk Batch View contains an authentication bypass vulnerability due to shared secrets.  CVSSv4 score of 9.2
More info.

FactoryTalk View Site Edition contains a RCE vulnerability. CVSSv4 score of 9.2
More info.

ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 are vulnerable to DoS. CVSSv4 score of 8.7
More info.


Docker

Patch

Docker Desktop has been updated to fix 2 security vulnerabilities that allow RCE. Highest CVSSv4 score of 9.0
More info.


Spring

Patch

Spring Framework has been updated to fix a Path Traversal vulnerability. CVSSv3 score of 7.5
More info. And here.


NetApp

Patch

NetApp has published 12 bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.8
Five have patches.
More info.


Extreme
Networks

Patch

Extreme Networks has published 3 months of vulnerability bulletins, 38 in total. CVSSv3 score of 8.1
More info.

regreSSHion Vulnerability in OpenSSH Server affects several Extreme Networks products. CVSSv3 score of 8.1
More info.

Apache Tomcat DoS in HTTP/2 Connector affects several Extreme Networks products. CVSSv3 score of 5.3
More info.

Amazon Corretto vulnerabilities have been addressed in several Extreme Networks products. CVSSv3 score of 7.4
More info.


Zoom

Patch

A business logic error in some Zoom Workplace Apps may allow a remote attacker to disclose information. CVSSv3 score of 5.3
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.


  

Thurday 12 September 2024


Cisco

Patch

Cisco has published 8 new bulletins, 6 rated High and 2 rated Medium.  Highest CVSSv3 score of 8.8
More info.

A vulnerability in the Mtrace2 feature of Cisco IOS XR Software could allow a remote attacker to exhaust the UDP packet memory of an affected device, resulting in a DoS.  CVSSv3 score of 8.6
More info.

A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow a remote attacker to cause a DoS on XML TCP listen port 38751. CVSSv3 score of 5.3
More info.


Palo Alto
Networks

Patch

Palo Alto Networks Monthly Patches include 7 bulletins, 2 rated High and 5 rated Medium. Highest CVSSv4 score of 8.6
More info.

Prisma Access Browser has incorporated the latest upstream Chromium security fixes. Highest CVSSv3 score of 8.8
More info.

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. CVSSv4 score of 6.
More info.


iniNet

Patch

SpiderControl SCADA Web Server contains an Unrestricted Upload of File with Dangerous Type vulnerability. CVSSv4 score of 8.7.
More info.


Microsoft

Patch

Microsoft has updated Edge with the latest chromium fixes and 1 Edge specific vulnerability.
Note: This is currently not reflected in the Edge Release Note page.
More info. And here.


HPE

Patch

HPE NonStop Vrtual Tape Repository (VTR) contains several vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Zyxel

Patch

Zyxel has released hotfixes addressing command injection vulnerability in two NAS products that have reached EoS. A remote attacker could execute some OS commands by sending a crafted HTTP POST request. CVSSv3 score of 9.8
More info.


Tenable

Patch

Tenable has updated Nessus to fix vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.


GitLab

Patch

GitLab has been updated to fix 17 vulnerabilities, 1 rated Critical, 3 rated High, 11 rated Medium, and 2 rated Low. Highest CVSSv3 score of 8.5
More info.


Dell

Patch

Security update has been published for Dell Data Protection Central for third-party software vulnerabilities.. Dell rates this Critical.
More info.

Dell ThinOS remediation is available for multiple vulnerabilities in third-party software. Dell rates this Critical.
More info.

Dell Avamar remediation is available for Switch OS 10.5.x-Gen5A vulnerabilities. Dell rates this High.
More info.

Dell PowerScale InsightIQ remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated the microcode. More info.


  

Wednesday 11 September 2024


Microsoft

0-Day

Microsoft Monthly Patches are out, with 79 vulnerabilities, 7 rated Critical and 4 are 0-days currently being exploited.  Highest CVSSv3 score of 9.8
More info. And here.

Microsoft recently updated the Edge page to show updates for the latest chromium vulnerabilities, although the dates were more than a week in the past.
More info.


Adobe

Patch

Adobe Monthly Patches include updates for Media Encoder, Audition, After Effects, Premiere Pro, Illustrator, Reader, ColdFusion, and Photoshop.  Highest CVSSv3 score of 9.8
More info.

ColdFusion has been updated to fix a RCE vulnerability. CVSSv3 score of 9.8
More info.


F5

Patch

F5 has published 10 new bulletins, 4 of which are exploitable remotely without authentication.  Of those 4, the highest CVSSv3 score is 6.9
More info.


Ivanti

Patch

Ivanti has released updates for Ivanti Endpoint Manager 2024 and 2022 which addresses medium and high vulnerabilities. Successful exploitation could lead to unauthorized access to the EPM core server. Highest CVSSv3 score of 10.
More info.


Carrier

Patch

Viessmann Vitogate 300 contains several vulnerabilities, including Use of Hard-coded Credentials, Forced Browsing, Command Injection. Highest CVSSv3 score of 9.3
More info. And here.


Google

Patch

Google has updated Chrome for Desktop to fix 5 security vulnerabilities.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Red Hat has updated the kernel. More info.


  

Tuesday 10 September 2024


Siemens

Patch

Siemens Monthly Patches are out with 36 bulletins, 17 new and 19 updated.  Of the new bulletins, 10 address vulnerabilities that are remotely exploitable without authentication with a highest CVSSv4 score of 10.
More info.

Industrial Edge Management contains an Authorization Bypass vulnerability that could allow a remote attacker to impersonate other devices onboarded to the system. CVSSv4 score of 10.
More info.


Schneider
Electric

Patch

Schneider Electric Monthly Patches include 5 bulletins, 2 new and 3 updated.  Of the new bulletins, highest CVSSv3 score of 7.8
More info.


SAP

Patch

SAP has published their Monthly Patches, with 19 Security Notes, 16 new and 3 updated.  Of the new Notes, highest CVSSv3 score of 6.5
More info.


Endress+
Hauser

Patch

Echo Curve Viewer contains a vulnerability that allows a remote attacker to run malicious c# code included in curve files and execute commands in the users context. CVSSv3 score of 9.8
More info.


Phoenix
Contact

Patch

Multiple mGuard devices are vulnerable to a drain of open file descriptors. CVSSv3 score of 5.3
More info. And here.

Multiple mGuard devices are vulnerable to a remote code injection due to SSH. CVSSv3 score of 8.1
More info. And here.


HPE

Patch

HPE has identified DoS vulnerabilities in HP-UX System's NFSv4 and RPC. Highest CVSSv3 score of 9.3
More info. And here.


BD

Patch

BD has published updates to fix third-party software in Kiestra TLA/WCA, Kiestra TLA Track, Kiestra ReadA, and Kiestra InoqulA.
More info.


LANCOM

Patch

LCOS contains a vulnerability that could allow a remote attacker to trigger a Heap Overflow in the web interface, resulting in a DoS.
More info. And here.


IBM

Patch

go-git vulnerabilities have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. Highest CVSSv3 score of 9.8
More info.

Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Amazon Linux 2 and Amazon Linux 2023 have updated the kernel and microcode. More info. And here.


  

Monday 09 September 2024


QNAP

Patch

QNAP has published 13 bulletins for their products, most requiring Physical access or Local privileges.
More info.

A heap buffer overflow vulnerability has been reported in curl, which affects certain versions of QTS and QuTS hero.
More info.

A XSS vulnerability has been reported to affect QuLog Center. The vulnerability could allow a remote attacker to inject malicious code. CVSSv3 score of 8.2
More info.


Festo

Patch

Festo products include Siemens Simatic S7-1500 CPUs, which has a memory bypass vulnerability. CVSSv3 score of 9.8
Note the vulnerability is from 2020.
More info.


ownCloud

Patch

ownCloud has published 5 new bulletins, the wors of which allows request forgery.  Highest CVSSv3 score of 8.8
More info.

Improper handling of CSRF protection in the diagnostics app in combination with the `SameSite`-Cookie setting being set to `None` allows cross site invocation of an admin API. CVSSv3 score of 3.1
More info.

Server-Side Request Forgery in federated sharing API may allow a remote attacker to identify internal servers or cause a DoS. CVSSv3 score of 5.3
More info.


  

Friday 06 September 2024


IBM

Patch

QRadar Suite Software includes components with known vulnerabilities. Highest CVSSv3 score of 9.9
More info.

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. CVSSv3 score of 9.8
More info.

Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. CVSSv3 score of 9.1
More info.

There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Highest CVSSv3 score of 9.8
More info.


F5

Patch

F5 has published 5 new bulletins that are exploitable by remote attackers. Highest CVSSv3 score of 8.8
More info.

BIG-IP, BIG-IQ, and Traffix SDC are vulnerable to a DoS due to libarchive. Highest CVSSv3 score of 5.9
More info.

BIG-IP Next SPK and CNF are vulnerable to OpenSSH and could allow RCE.  CVSSv3 score of 8.1
More info.

Traffix SDC contains a vulnerability in libjpeg-turbo that allows a remote attacker to cause a DoS or code execution. Highest CVSSv3 score of 8.8
More info. And here.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilties in third-party software included in their products.  Highest CVSSv3 score of 9.8
No patches yet.
More info.


Xerox

Patch

Xerox has updated FreeFlow Print Server v2 / Window s10 to fix vulnerabilities in third-party software.
More info.


Zoom

Patch

Zoom has published a bulletin for an Information Disclosure vulnerability in Workplace Apps. CVSSv3 score of 5.3
More info.


Linux

Patch

FreeBSD has been updated for . More info.
OpenSUSE has updated systemd. More info.
Alpine Linux has put out version 3.17.10 More info.


  

Thursday 05 September 2024


Juniper
Networks

Patch

Juniper has published an "On Demand" bulletin for Secure Analytics identifying several vulnerabilities.  Highest CVSSv3 score of 9.8
More info.


Cisco

Patch

Cisco has published 5 new bulletins, 1 rated Critical, 1 rated High, and 3 rated Medium.  Highest CVSSv3 score of 9.8
More info.

Multiple vulnerabilities in Cisco Smart Licensing Utility could allow a remote attacker to collect sensitive information or administer Cisco Smart Licensing Utility services on a system while the software is running. CVSSv3 score of 9.8
More info.


Veeam

Patch

Veeam has published a bulletin for several products identifying vulnerabilities. Highest CVSSv3 score of 9.8
More info.


Baxter

Patch

Baxter Connex Health Portal contains 2 vulnerabilities, including SQL Injection, and Improper Access Control. Highest CVSSv3 score of 10.
More info. And here.


HPE

Patch

Security vulnerabilities in the HP-UX Secure Shell daemon (sshd) could be exploited remotely to allow arbitrary command execution, authentication bypass, or unauthorized use. Highest CVSSv3 score of 9.8
More info.


Dell

Patch

EMC Metronode remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.

CloudBoost Virtual Appliance remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.

Cloud Tiering Appliance remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.


  

Wednesday 04 September 2024


Google

Patch

Google has published Monthly Patches for Android, with 12 vulnerabilities, all rated High, plus Arm, Imagination Technologies, Unisoc, and Qualcomm updates.  Highest CVSSv3 score of 8.8
More info.

Pixel Monthly Patches are out with 6 vulnerabilities, 4 rated Critical and 2 rated High, plus Android patches.
More info.

Android Automotive OS Monthly Patches include 1 vulnerability rated High.
More info.


Samsung

Patch

Samsung Monthly Patches include 23 vulnerabilities, 8 rated High and 14 rated Medium, plus Android patches.
More info.


D-Link

New

D-Link is aware of critical vulnerabilities in DIR-846W router which is EOS.  Highest CVSSv3 score of 9.8
No patches because it is EOS/EOL.
More info.


Mozilla

Patch

Mozilla has updated Firefox, Firefox ESR, and Focus for iOS to fix High severity vulnerabilities.
More info.


Moxa

Patch

OnCell 3120-LTE-1 Series are affected by multiple vulnerabilities in the old version of jQuery that can be exploited by a remote attacker. Highest CVSSv3 score of 6.1
More info.


HPE

Patch

Security vulnerabilities have been identified in Unified OSS Console Assurance Monitoring (UOCAM). These vulnerabilities could be exploited to allow authentication bypass, DoS, and escalation of privilege. Highest CVSSv3 score of 7.5
More info.


LOYTEC
Electronics

Patch

LINX series devices contain several vulnerabilities. Highest CVSSv4 score of 9.3
More info.


OpenSSL

Patch

OpenSSL has been updated to fix a DoS in X.509 name checks.
More info.


HAProxy

Patch

HAProxy has updated their products to fix a vulnerability related to a possible endless loop in the HTTP/2 multiplexer when combined with zero-copy forwarding system.
More info.


  

Tuesday 03 September 2024


Google

Patch

Google has updated Chrome for Desktop to fix 4 security vulnerabilities.
More info.


Zyxel

Patch

An OS command injection vulnerability exists in some AP and security routers. The improper neutralization of special elements could allow a remote attacker to execute OS commands by sending a crafted cookie to a vulnerable device. CVSSv3 score of 9.8
More info.

5G NR/4G LTE CPE, DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router devices are affected by a buffer overflow vulnerability that could allow a remote attacker to cause a DoS by sending a crafted HTTP request to a vulnerable device. CVSSv3 score of 7.5
More info.

Zyxel Firewall has been updated to fix several security vulnerabilities.  Highest CVSSv3 score of 8.1
More info.


Linux

Patch

SUSE has updated the kernel-firmware. More info.
OpenSUSE has updated the kernel-firmware. More info.
Red Hat has updated the kernel. More info.
Oracle Linux has updated the kernel. More info.


  

Monday 2 September 2024


Qualcomm

Patch

Qualcomm Monthly Patches include 8 patches for proprietary software and 13 patches for open source software, highest CVSSv3 score of 8.4
More info.


MediaTek

Patch

MediaTek Monthly Patches include 6 vulnerabilities, all rated Medium.
More info.


Samsung

Patch

Samsung has published 7 new bulletins for Exynos, all rated Medium.
More info.


Dell

Patch

Cloud Tiering Appliance has been updated to fix multiple third-party vulnerabilities, some dating back to 2020. Dell rates this High.
More info.


  

Friday 30 August 2024


libexpat

Patch

Several buffer overflow vulnerabilities have been identified in libexpat.
More info. And here. And here.


PHP

Patch

PHP has been updated to fix several vulnerabilities.  CVSSv3 score of 7.5
More info. And here.


IBM

Patch

IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift. Highest CVSSv3 score of 10.
More info.


Esri

Patch

Portal for ArcGIS Security has been updated to resolve multiple high and medium severity security vulnerabilities. Highest CVSSv4 score of 8.7
More info.


  

Thursday 29 August 2024


Cisco

Patch

Cisco has published 6 new bulletins, 1 rated High and the rest Medium.  Highest CVSSv3 score of 8.6
More info.

A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a DoS. CVSSv3 score of 8.6
More info.


Google

Patch

Google has published an update for Chrome for Desktop that fixes 4 High severity vulnerabilities.
More info.


Wireshark

Patch

Wireshark (older versions) has been updated to fi a DoS vulnerability.
More info.


Dell

Patch

Dell RecoverPoint for Virtual Machines remediation is available for multiple security vulnerabilities in third-party software. Dell rates this Critical.
More info.

Dell APEX Cloud Platform for Redhat Openshift remediation is available for multiple security vulnerabilities in third-party software. Dell rates this High.
More info.


Linux

Patch

Red Hat has updated the kernel and the firmware. More info.


  

Wednesday 28 August 2024


B&R
Automation

Patch

B&R APROL has been updated to fix 3 vulnerabilities, one of which allows a remote attacker to conduct a Reflected XSS attack. Highest CVSSv4 score of 7.3
More info.


F5

New

Traffix SDC contaions a vulnerability that could allow a remote attacker to access restricted information, modify files, or cause a DoS. CVSSv3 score of 7.5
No patches yet.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 9.8
One has patches.
More info.


Fortra

Patch

The default credentials for the setup HSQL database (HSQLDB) for FileCatalyst Workflow are published in a vendor knowledgebase article. CVSSv3 score of 9.8
More info. And here.


Flowise

New

An unauthenticated DoS vulnerability exists in Flowise leading to a DoS. CVSSv3 score of 7.4
More info.


  

Tuesday 27 August 2024


Hitachi
Energy

Patch

Multiple vulnerabilities exist in MicroSCADA X SYS600, some of which allow a remote attacker to cause confidentiality, integrity and availability impacts. Highest CVSSv3 score of 9.9
More info.


Linux

Patch

Red Hat has updated the firmware. More info.
Mageia has updated systemd. More info.


  

Monday 26 August 2024


Avtec

Patch

Outpost 0810 and Outpost Uploader Utility contain 2 vulnerabilities, Storage of File with Sensitive Data Under Web Root, and Use of Hard-coded Cryptographic Key.  Highest CVSSv4 score of 8.7
More info.


Trumpf

Patch

TruControl laser control software uses OpenSSH server and is affected by the RegreSSHion vulnerability. CVSSv3 score of 8.1
More info.


IBM

Patch

Multiple vulnerabilities were addressed in IBM Application Performance Management. Highest CVSSv3 score of 9.8
More info.

IBM Concert Software uses multiple open source libraries which are susceptible to various security vulnerabilities. Highest CVSSv3 score of 10
More info.


F5

New

BIG-IP contains a vulnerability that allows a remote attacker to crafting HTTP requests with deliberately incorrect URL encoding, potentially bypassing security controls that rely on proper URL parsing and authentication.  CVSSv3 score of 7.5
No patch yet.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 9.0
Only 1 has a patch.
More info.


  

Friday 23 August 2024


Microsoft

Exploit

Microsoft has updated Edge to include the latest chromium patches as well as 4 Edge specific patches.  Exploits are in the wild.
More info.

Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant. CVSSv3 score of 7.5
More info.


SonicWall

Patch

An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. CVSSv3 score of 8.6
More info.


Rockwell
Automation

Patch

ThinManager ThinServer contains Information Disclosure and RCE vulnerabilities. Highest CVSSv4 score of 9.3
More info.


SolarWinds

Patch

Web Help Desk (WHD) is affected by a hardcoded credential vulnerability, allowing a remote attacker to access internal functionality and modify data. CVSSv3 score of 9.1
More info.


Broadcom

Patch

Tanzu has 20 security bulletins published that identify vulnerabilities in third-party software included in their product.  1 is rated High, 18 Medium, and 1 Low.
More info.


F5

New

BIG-IP (DNS) contains a vulnerability in the BIND process that allows a remote atatcker to cause a DoS.  CVSSv3 score of 7.5
No patch yet.
More info.


  

Thursday 22 August 2024


Cisco

Patch

Cisco has published 5 new bulletins and 1 updated bulletin.  Highest CVSSv3 score of 8.6
More info.

A vulnerability in the SIP call processing function of Unified CM and Unified CM SME could allow a remote attacker to cause a DoS or perform a XSS attack. Highest CVSSv3 score of 8.6
More info. And here.


Google

Exploit

Chrome for Desktop has been updated to fix 38 security vulnerabilities, with at least one with exploits in the wild.
More info.

Microsoft is aware. More info.


BD

Patch

BD has published third-party software updates for Pyxis, EpiCenter, Data Agent, IDM, and CCE products.
More info.


SpaceLabs
Healthcare

Exploit

Bedside Monitors are vulnerable to Name:Wreck, a DNS vulnerability from 2016.  CVSSv3 score of 9.8
More info.


Welotec

Patch

Products from the Edge Gateway Family are affected by the RegreSSHion vulnerability. CVSSv3 score of 8.1
More info.


IBM

Patch

Multiple vulnerabilities were addressed in IBM Application Performance Management. Highest CVSSv3 score of 9.8
More info.

QRadar SIEM contains multiple vulnerabilities in third-party software. Highest CVSSv3 score of 9.8
More info.


Linux

Patch

Ubuntu has updated the kernel. More info.
Amazon Linux 2 and Amazon Linux 2023 have updated the firmware. More info. And here.


  

Wednesday 21 August 2024


CPython

Patch

A vulnerability in the parse_cookie function could be exploited by sending specially crafted cookie values to trigger significant delays, resulting in a DoS. CVSSv3 score of 7.5
More info. And here.


Microsoft

Patch

GitHub Enterprise Server has been patched to fix 3 vulnerabilities, one of which exposed signed federation metadata XML, allowing a remote attacker to forge a SAML response to provision and/or gain access to a user account with site administrator privileges. Highest CVSSv4 score of 9.5
More info.


Jira

Patch

Reflected XSS and CSRF vulnerabilities exist in Confluence Data Center and Server. CVSSv3 score of 7.1
More info.


Bosch

Patch

A vulnerability in Bosch IP cameras of families CPP13 and CPP14, allows a remote attacker to retrieve video analytics event data. CVSSv3 score of 7.5
More info.


Mitel

Patch

An unauthorized access vulnerability exists in the Legacy Chat component of Mitel MiContact Center Business, which could allow a remote attacker to access sensitive information and send unauthorized messages. CVSSv3 score of 8.1
More info. And here.


Linux

Patch

SUSE has updated the kernel firmware. More info.
Red Hat has updated the kernel. More info.


  

Tuesday 20 August 2024


HPE

Patch

Security vulnerabilities have been identified in HPE SimpliVity AMD Servers. These vulnerabilities could be exploited to allow arbitrary code execution, disclosure of privileged information, buffer overflow, and DoS. Highest CVSSv3 score of 7.5
More info.


OpenFlow

New

Vulnerabilities have been identified in the libfluid_msg library, a core component of the libfluid OpenFlow library that is used to process OpenFlow network packets, that could be used for DoS. Highest CVSSv3 score of 6.5
No patches available.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSe has updated the kernel. More info.
Ubuntu has updated the microcode. More info.


  

Monday 19 August 2024


F5

New

BIG-IP (DNS) contains a DoS vulnerability.  CVSSv3 score of 7.5
No patches yet.
More info.


NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 8.8
Only 1 has patches.
More info.


Linux

Patch

SUSE has updated the kernel. More info.
Red Hat has updated kpatch. More info.
Amazon Linux 2 and Amazon Linux 2023 have updated the kernel. More info. And here.


  

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.


PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.


PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.


PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.


NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.


+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.


Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.


Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.


ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.