RMX Security CERT Global

    • VMware retter fejl
      VMware har i denne uge rettet fejl vedr. vilkårlig fillæsning og SSRF, der påvirker dets vCenter Server-produkt. Det skriver Security Affairs. vCenter Server er et centraliseret administrationsværktøj til VMware og ... read more
    • CVE-2021-41569 (sas/intrnet)
      SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, ... read more
    • CVE-2021-44077
      Zoho ManageEngine ServiceDesk Plus before 11306 is vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. ... read more
    • CVE-2021-32061
      S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. ... read more
    • ESB-2021.4014 – [Ubuntu] Thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4014 USN-5152-1: Thunderbird vulnerabilities 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Thunderbird Publisher: Ubuntu Operating ... read more
    • ESB-2021.4013 – [SUSE] Linux Kernel: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4013 Security update for the Linux Kernel 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux ... read more
    • ESB-2021.4012 – [SUSE] netcdf: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4012 Security update for netcdf 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: netcdf Publisher: SUSE ... read more
    • ESB-2021.4011 – [Debian] bluez: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4011 bluez security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bluez Publisher: Debian Operating ... read more
    • CVE-2021-44093
      Gravedad: NonePublicado: 28/11/2021Last revised: 28/11/2021Descripción: *** Pendiente de traducción *** A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original ... read more
    • CVE-2021-44094
      Gravedad: NonePublicado: 28/11/2021Last revised: 28/11/2021Descripción: *** Pendiente de traducción *** ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file ... read more
    • ESB-2021.4005 – [Debian] libntlm: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4005 libntlm security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libntlm Publisher: Debian Operating ... read more
    • ESB-2021.4004.3 – UPDATE [Cisco] Cisco Expressway Series: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4004.3 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 29 November 2021 =========================================================================== AusCERT Security ... read more
    • ESB-2021.4010 – [UNIX/Linux][Debian] roundcube: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4010 roundcube security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: roundcube Publisher: Debian Operating ... read more
    • ESB-2021.4006 – [Debian] libvpx: Access confidential data – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4006 libvpx security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvpx Publisher: Debian Operating ... read more
    • ESB-2021.4009 – [Debian] icu: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4009 icu security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: icu Publisher: Debian Operating ... read more
    • ESB-2021.4007 – [Debian] libvorbis: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4007 libvorbis security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvorbis Publisher: Debian Operating ... read more
    • ESB-2021.4008 – [Debian] tar: Denial of service – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4008 tar security update 29 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: tar Publisher: Debian Operating ... read more
    • CVE-2021-44093
      A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell ... read more
    • CVE-2021-44094
      ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file ... read more
    • CVE-2021-4020
      Gravedad: NonePublicado: 27/11/2021Last revised: 27/11/2021Descripción: *** Pendiente de traducción *** janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
    • CVE-2021-4020
      janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
    • CVE-2021-21561 (emc_powerscale_onefs)
      Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the ... read more
    • CVE-2020-7881
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. ... read more
    • CVE-2021-40833
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be ... read more
    • CVE-2021-23654
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted ... read more
    • CVE-2021-43776
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to ... read more
    • CVE-2021-43785
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL ... read more
    • CVE-2021-41279
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with ... read more
    • CVE-2021-41243
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with ... read more
    • CVE-2021-35533
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy ... read more
    • CVE-2021-26611
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory ... read more
    • CVE-2021-26615
      Gravedad: NonePublicado: 26/11/2021Last revised: 26/11/2021Descripción: *** Pendiente de traducción *** ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. ... read more
    • CVE-2021-43776
      Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes ... read more
    • CVE-2021-43785
      @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both ... read more
    • CVE-2021-23654
      This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while ... read more
    • CVE-2021-3672 (c-ares, enterprise_linux, enterprise_linux_computer_node, enterprise_linux_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_server_update_services_for_sap_solutions, enterprise_linux_tus, enterprise_linux_workstation, fedora)
      A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which ... read more
    • CVE-2021-26615
      ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow. ... read more
    • CVE-2021-36919
      Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). ... read more
    • CVE-2021-35533
      Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 ... read more
    • CVE-2021-36843
      Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. ... read more
    • CVE-2021-41279
      BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path ... read more
    • CVE-2021-41243
      There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which ... read more
    • CVE-2020-7881
      The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was ... read more
    • CVE-2021-26611
      HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) ... read more
    • CVE-2021-40833
      A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result ... read more
    • CVE-2021-25269
      A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sophos ... read more
    • CVE-2021-36807
      An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. ... read more
    • CVE-2021-24877 (mainwp_child)
      The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high ... read more
    • CERTFR-2021-AVI-904 : Multiples vulnérabilités dans le noyau Linux de SUSE (26 novembre 2021)
      De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des ... read more
    • CERTFR-2021-AVI-905 : Vulnérabilité dans F-Secure (26 novembre 2021)
      Une vulnérabilité a été découverte dans F-Secure. Elle permet à un attaquant de provoquer un déni de service. ... read more
    Older posts
Title Category Tag

NASCIO Data Sharing Report Advancing Digital Government 2017 – Cybersecurity

 CybersecuritySmartCitiesTechnology cybersecurity ICS standards