RMX Security CERT Global

• VMware retter fejl
  VMware har i denne uge rettet fejl vedr. vilkårlig fillæsning og SSRF, der påvirker dets vCenter Server-produkt. Det skriver Security Affairs. vCenter Server er et centraliseret administrationsværktøj til VMware og ... read more
• CVE-2021-41569 (sas/intrnet)
  SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, ... read more
• CVE-2021-44077
  Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. ... read more
• CVE-2021-32061
  S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. ... read more
• ESB-2021.4014 – [Ubuntu] Thunderbird: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4014 USN-5152-1: Thunderbird vulnerabilities 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Thunderbird Publisher: Ubuntu Operating ... read more
• ESB-2021.4013 – [SUSE] Linux Kernel: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4013 Security update for the Linux Kernel 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux ... read more
• ESB-2021.4012 – [SUSE] netcdf: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4012 Security update for netcdf 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: netcdf Publisher: SUSE ... read more
• ESB-2021.4011 – [Debian] bluez: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4011 bluez security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bluez Publisher: Debian Operating ... read more
• CVE-2021-44093
  Gravedad: NonePublicado: 28/11/2021Last revised: 28/11/2021Descripción: *** Pendiente de traducción *** A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original ... read more
• CVE-2021-44094
  Gravedad: NonePublicado: 28/11/2021Last revised: 28/11/2021Descripción: *** Pendiente de traducción *** ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file ... read more
• ESB-2021.4005 – [Debian] libntlm: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4005 libntlm security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libntlm Publisher: Debian Operating ... read more
• ESB-2021.4004.3 – UPDATE [Cisco] Cisco Expressway Series: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4004.3 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 29 November 2021 =========================================================================== AusCERT Security ... read more
• ESB-2021.4010 – [UNIX/Linux][Debian] roundcube: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4010 roundcube security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: roundcube Publisher: Debian Operating ... read more
• ESB-2021.4006 – [Debian] libvpx: Access confidential data – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4006 libvpx security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvpx Publisher: Debian Operating ... read more
• ESB-2021.4009 – [Debian] icu: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4009 icu security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: icu Publisher: Debian Operating ... read more
• ESB-2021.4007 – [Debian] libvorbis: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4007 libvorbis security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvorbis Publisher: Debian Operating ... read more
• ESB-2021.4008 – [Debian] tar: Denial of service – Existing account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4008 tar security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tar Publisher: Debian Operating ... read more
• CVE-2021-44093
  A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell ... read more
• CVE-2021-44094
  ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file ... read more
• CVE-2021-4020
  Gravedad: NonePublicado: 27/11/2021Last revised: 27/11/2021Descripción: *** Pendiente de traducción *** janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
• CVE-2021-4020
  janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
• CVE-2021-21561 (emc_powerscale_onefs)
  Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the ... read more
• CVE-2020-7881
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. ... read more
• CVE-2021-40833
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be ... read more
• CVE-2021-23654
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted ... read more
• CVE-2021-43776
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to ... read more
• CVE-2021-43785
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL ... read more
• CVE-2021-41279
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with ... read more
• CVE-2021-41243
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with ... read more
• CVE-2021-35533
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy ... read more
• CVE-2021-26611
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory ... read more
• CVE-2021-26615
  Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. ... read more
• CVE-2021-43776
  Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes ... read more
• CVE-2021-43785
  @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both ... read more
• CVE-2021-23654
  This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while ... read more
• CVE-2021-3672 (c-ares, enterprise_linux, enterprise_linux_computer_node, enterprise_linux_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_server_update_services_for_sap_solutions, enterprise_linux_tus, enterprise_linux_workstation, fedora)
  A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which ... read more
• CVE-2021-26615
  ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. ... read more
• CVE-2021-36919
  Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). ... read more
• CVE-2021-35533
  Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 ... read more
• CVE-2021-36843
  Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. ... read more
• CVE-2021-41279
  BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path ... read more
• CVE-2021-41243
  There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which ... read more
• CVE-2020-7881
  The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was ... read more
• CVE-2021-26611
  HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) ... read more
• CVE-2021-40833
  A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result ... read more
• CVE-2021-25269
  A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos ... read more
• CVE-2021-36807
  An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. ... read more
• CVE-2021-24877 (mainwp_child)
  The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high ... read more
• CERTFR-2021-AVI-904 : Multiples vulnérabilités dans le noyau Linux de SUSE (26 novembre 2021)
  De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des ... read more
• CERTFR-2021-AVI-905 : Vulnérabilité dans F-Secure (26 novembre 2021)
  Une vulnérabilité a été découverte dans F-Secure. Elle permet à un attaquant de provoquer un déni de service. ... read more
Older posts