COOKIES

To enhance our website and services, we use Google Analytics, which requires your consent below to gather data about your device and site usage. Your data may be transferred outside the EU by Google, where regulations may differ. Consent is voluntary and revocable by contacting us.

Essential cookies are strictly necessary for site operation. For details on cookie usage as well as how we process your data, please read our policy.

Skip to main content

Vulnerability Details

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current cyber security threat.  Any increase in an alert state will occur immediately an issue is detected and it will drop again by one level each working day

Our rationale for this agility is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product. Daily reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

The Vulnerability Definitions Explained
Go To The Cyber Radar Console

Monday 14 April 2025

NetApp

New

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products. Highest CVSSv3 score of 7.5
Only 1 has patches.
More info.

IBM

Patch

IBM has published Critical bulletins for Maximo Application Suite, Storage Sentinel, and Process Mining. 
More info.

Linux

Patch

Red Hat has updated the kernel and kernel-rt. More info.
Oracle Linux has updated the kernel. More info.
Debian has updated the kernel. More info.

  

Friday 11 April 2025

Google

Patch

Monthly Patches for Pixel are out, with 3 new vulnerabilities plus Android updates.
More info.

Dell

Patch

Dell has published a Critical bulletin for Networker Management Console.. 
More info.

GitLab

Patch

GitLab has published an update that includes 5 security fixes, 4 rated Medium and 1 rated Low. Highest CVSSv3 score of 6.5
More info.

Jenkins

Patch

Jenkins has published a security advisory addressing 2 vulnerabilities.  It is rated Medium.
More info.

HPE

Patch

Security vulnerabilities have been identified in HPE Cray XD670 Server using SSH that could allow remote attackers to bypass integrity checks and/or unauthenticated code execution. Highest CVSSv3 score of 8.1
More info.

IBM

Patch

IBM has published Critical bulletins for Spectrum Protect Plus, AIX, and Integration Bus for z/OS.
More info.

Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.

  

Google

Patch

Monthly Patches for Pixel are out, with 3 new vulnerabilities plus Android updates.
More info.

Dell

Patch

Dell has published a Critical bulletin for Networker Management Console.. 
More info.

GitLab

Patch

GitLab has published an update that includes 5 security fixes, 4 rated Medium and 1 rated Low. Highest CVSSv3 score of 6.5
More info.

Jenkins

Patch

Jenkins has published a security advisory addressing 2 vulnerabilities.  It is rated Medium.
More info.

HPE

Patch

Security vulnerabilities have been identified in HPE Cray XD670 Server using SSH that could allow remote attackers to bypass integrity checks and/or unauthenticated code execution. Highest CVSSv3 score of 8.1
More info.

IBM

Patch

IBM has published Critical bulletins for Spectrum Protect Plus, AIX, and Integration Bus for z/OS.
More info.

Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.

  

Thursday 10 April 2025

Juniper

Patch

Monthly Patches are out with 24 new bulletins, 1 rated Critical, 13 rated High, and 10 rated Medium. Products updated include CTP View, Junos Space, Junos OS, and Junos OS Evolved.  Highest CVSSv3 score of 10
More info.

Dell

Patch

Dell has published a Critical bulletin for PowerProtect Cyber Recovery. 
More info.

Splunk

Patch

Splunk has published 15 new bulletins identifying vulnerabilities in third-party packages included in their products.  Two are rated Critical, 12 rated High, and 1 rated Medium.
More info.

MedDream

Patch

Multiple RCE vulnerabilities in parsing DICOM files affect MedDream PACS Server.
More info.

Spring

Patch

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. CVSSv3 score of 7.5
More info.

Palo Alto
Networks

Patch

Monthly Patches include 11 bulletins, affecting GlobalProtect App, Cortex XDR Agent, Prisma SD_WAN, PAN-OS, Cortex XDR Broker, and Prisma Access Browser. Highest CVSSv3 score of 7.6
More info.

Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Oracle Linux has updated grub2. More info.
Ubuntu has updated the kernel. More info.

  

Wednesday 09 April 2025

Fortinet

Patch

Monthly Patches are out with 10 new bulletins, 1 rated Critical, 2 rated High, 5 rated Medium, and 2 rated Low. Highest CVSSv3 score of 9.3
More info.

An unverified password change vulnerability in FortiSwitch GUI may allow a remote attacker to modify admin passwords via a specially crafted request. CVSSv3 score of 9.3
More info.

Microsoft

Patch

Microsoft Monthly Patches include 126 fixes, one currently being exploited in the wild.  Highest CVSSv3 score of 8.8 
More info. And here.

Adobe

Patch

Adobe Monthly Patches include security fixes for ColdFusion, After Effects, Media Encoder, Bridge, Commerce, AEM Forms, Premiere Pro, Photoshop, Animate, AEM Screens, FrameMaker, and XMP Toolkit SDK.  Highest CVSSv3 score of 9.1
More info.

Google

Patch

Google has updated Chrome for Desktop to fix 2 security vulnerabilities.
More info.

Arista

Patch

On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear. CVSSv3 score of 9.1
More info.

Ivanti

Patch

Ivanti Monthly Patches include 1 bulletin for Endpoint Manager. Highest CVSSv4 score of 7.8
More info.

Linux

Patch

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.

  

Tuesday 07 April 2025

Google

Patch

Google has published the Monthly Patches for Android, with 42 vulnerability fixes plus Arm, Imagination Technologies, MediaTek, and Qualcomm patches.  Of the Android patches, 3 are rated Critical and 39 rated High.
More info.

Samsung

Patch

Samsung Android Monthly Patches include 21 Samsung vulnerabilities, plus Android updates.
More info.

Samsung Semiconductor has published 1 bulletin for Exynos modems.
More info.

SAP

Patch

SAP Monthly Patches include 18 new bulletins and 2 updated bulletins.  Highest CVSSv3 score of 9.9
More info.

Siemens

Patch

Siemens Monthly Patches include 9 new bulletins and 16 updated bulletins. Of the new bulletins, highest CVSSv3 score of 10.
More info.

Industrial Edge Devices and Kit contains a weak authentication vulnerability that could facilitate a remote attacker to circumvent authentication and impersonate a legitimate user. CVSSv4 score of 9.3
More info. And here.

Schneider
Electric

Patch

Schneider Electric has published Monthly Patches to include 2 new bulletins and 4 updated bulletins. Of the new bulletins, highest CVSSv4 score of 8.4
More info.

Broadcom

Patch

Broadcom has published 2 bulletins updating for VMware Tanzu Greenplum software. Highest CVSSv3 score of 9.8
More info. And here.

Linux

Patch

Ubuntu has updated the kernel. More info.

  

Monday 07 April 2025

Qualcomm

Patch

Qualcomm Monthly Patches include 20 fixed vulnerabilities, 4 rated Critical, 15 rated High, and 1 rated Medium. Highest CVSSv3 score of 8.2
More info.

MediaTek

Patch

MediaTek Monthly Patches include 11 vulnerabilities, 1 rated Critical, 4 rated High, and 6 rated Medium. Highest CVSSv3 score of 9.8
More info.

Weidmuller

Patch

Weidmüller product PROCON-WIN is affected by hard-coded credentials. CVSSv3 score of 9.8
More info.

Dell

Patch

Dell has published a Critical bulletin for Avamar Data Store Gen5A.
More info.

PowerDNS

Patch

A crafted zone can lead to an illegal memory access in the Recursor. CVSSv3 score of 7.5
More info.

NetApp

Patch

NetApp has published 10 new bulletins identifying vulnerabilities in third-party software included in their products.  Highest CVSSv3 score of 7.5
Three have patches.
More info.

  

Friday 04 April 2025

Microsoft

Patch

Microsoft Edge has been updated to include the latest chromium updates.
More info. And here.

Bitdefender

Patch

Bitdefender has published 3 new bulletins for GravityZone Console. Highest CVSSv3 score of 9.5
More info.

M-Files

Patch

M-Files Server has been updated to fix a vulnerability that allows anonymous users to cause a DoS. CVSSv4 score of 6.3
More info.

Philips

Patch

Philips is updating their products that include Google Chrome.
More info.

Ivanti

Exploit

Ivanti has published a bulletin to address current exploits of Connect Secure, Policy Secure, and ZTA Gateways.  They note the products were patched Feb 11.
More info.

Linux

Patch

Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Mageia has updated the microcode. More info.

  

Thursday 03 April 2025

Cisco

Patch

A vulnerability in chat messaging features of Cisco Enterprise Chat and Email could allow a remote attacker to cause a DoS. CVSSv3 score of 7.5
More info.

Apache

Patch

Apache Traffic Servr is vulnerable to request smuggling via chunked messages.
More info.

OpenVPN

Patch

OpenVPN in server mode using TLS-crypt-v2 allows remote attackers to trigger a DoS by corrupting and replaying network packets in the early handshake phase.
More info.

IBM

Patch

IBM has published Critical bulletins for Watson Speech Services Cartridge and API Connect.
More info.

Linux

Patch

Amazon Linux 2 and 2023 have updated the kernel. More info. And here.

  

Wednesday 02 April 2025

Apple

Patch

Apple has published a security bulletin for watchOS.
More info.

Google

Patch

Google has updated Chrome for Desktop to fix 14 security vulnerabilities.
More info.

Microsoft is aware. More info.

Mozilla

Patch

Mozilla has published security updates for Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR.
More info.

Meinberg

Patch

Meinberg has published a security update for LANTIME firmware. Highest CVSSv3 score of 7.8
More info.

Django

Patch

Django has published a security release that fixes a DoS vulnerability. CVSSv3 score of 5.3
More info.

Apache

Patch

Apache has updated Camel to fix a header injection vulnerability. CVSSv3 score of 6.5
More info.

Linux

Patch

Ubuntu has updated the kernel. More info.

  

Tuesday 01 April 2025

Apple

Patch

Apple has published security bulletins for Safari, Xcode, iOS, iPadOS, macOS, tvOS, and visionOS.
More info.

Broadcom

Patch

NGINX has been updated in VIP Authentication Hub. CVSSv3 score of 9.8
More info.

Security fixes has been published for Tanzu Greenplum. Highest CVSSv3 score of 9.8
More info. And here. And here.

IBM

Patch

IBM has published Critical bulletins for Business Automation Manager, and BAMOE 9.
More info.

  

PRODUCT

GUARDED 

This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

PRODUCT

INCREASED 

This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

PRODUCT

HIGH 

This alert state indicates a more serious vulnerability which is exploitable.

PRODUCT

CRITICAL 

This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

NEW

NEW 

This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

+24hrs

+24hrs

 This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Patch

PATCH 

This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Exploit

EXPLOIT 

This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

ZERO

ZERO DAY 

This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.