Strategic Efficiency Consortium-Secure design principles: Guides for the design of Cyber Secure systems: Security design principles and virtualisation

Security CERT Global

CVE-2021-32073
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. ... read more
CVE-2020-16632
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. ... read more
CVE-2021-33033
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing ... read more
CVE-2021-33034
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. ... read more
CVE-2019-25044
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is ... read more
CVE-2021-29514
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer ... read more
CVE-2021-29516
TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of `RaggedTensorToVariant` operations(https://github.com/tensorflow/tensorflow/blob/904b3926ed1c6c70380d5313d282d248a776baa1/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L39-L40) ... read more
CVE-2021-29614
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementation ... read more
CVE-2021-29606
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/tensorflow/tensorflow/blob/c59c37e7b2d563967da813fa50fe20b21f4da683/tensorflow/lite/kernels/split_v.cc#L99). If `axis_value` ... read more
CVE-2021-32054
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web ... read more
CVE-2021-3402
An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a ... read more
CVE-2021-29616
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing ... read more
CVE-2021-29613
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in ... read more
CVE-2020-24119
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. ... read more
CVE-2021-3537
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document ... read more
CVE-2021-29618
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix ... read more
CVE-2021-22866
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user ... read more
CVE-2021-29611
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that ... read more
CVE-2021-29607
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside ... read more
CVE-2021-29619
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix will be included in TensorFlow 2.5.0. ... read more
CVE-2020-27833
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which ... read more
CVE-2021-29615
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. ... read more
CVE-2021-29605
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.c#L24-L27). An attacker can craft a model such ... read more
CVE-2021-29598
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.cc#L99-L102). An attacker can craft a ... read more
CVE-2021-29617
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included ... read more
CVE-2021-27737
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. ... read more
CVE-2021-29612
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc#L269-L278) calls `ValidateInputTensors` for input validation ... read more
CVE-2021-20538 (cloud_pak_for_security)
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization ... read more
CVE-2021-21648 (credentials)
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. ... read more
CVE-2021-21649 (dashboard_view)
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. ... read more
CVE-2021-32399 (linux_kernel)
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. ... read more
CVE-2021-20577 (cloud_pak_for_security)
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the ... read more
CVE-2021-20559 (control_desk)
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... read more
CVE-2021-32817
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure ... read more
CVE-2021-29554
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da30c806faf141297eca1/tensorflow/core/kernels/count_ops.cc#L123-L127) ... read more
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper ... read more
CVE-2021-29512
TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer ... read more
CVE-2021-32816
ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed ... read more
CVE-2021-32820
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file ... read more
CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. ... read more
CVE-2021-31906 (teamcity)
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. ... read more
CVE-2021-30504 (intellij_idea)
In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. ... read more
CVE-2021-32544 (igt+)
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) ... read more
CVE-2021-31904 (teamcity)
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. ... read more
CVE-2020-4535 (openpages_grc_platform)
IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ... read more
CVE-2021-31909 (teamcity)
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. ... read more
CVE-2021-31911 (teamcity)
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. ... read more
CVE-2021-31905 (youtrack)
In JetBrains YouTrack before 2020.6.8801, information disclosure in an issue preview was possible. ... read more
CVE-2021-31907 (teamcity)
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. ... read more
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information ... read more

Secure design principles: Guides for the design of Cyber Secure systems: Security design principles and virtualisation

Secure design principles:Guides for the design of Cyber Secure systems:Security design principles and virtualisationhttps://www.ncsc.gov.uk/collection/cyber-security-design-principles/examples/study-virtualisationicssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems, virtualisation

Secure design principles: Guides for the design of Cyber Secure systems: Design principles and Operational Technology

Secure design principles:Guides for the design of Cyber Secure systems:Design principles and Operational Technologyhttps://www.ncsc.gov.uk/collection/cyber-security-design-principles/examples/study-operational-techicssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems, OT

SCADA vulnerabilities in ICS architectures

SCADA vulnerabilities in ICS architectures infosec, cybersecurity. IIoT, ICSaaS, scada, cloudscada

Cybersecurity Capability Maturity Model (C2M2) Program

Cybersecurity Capability Maturity Model (C2M2) Programhttps://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0 icssecurity, infosec, cybersecurity, criticalinfrastructure, IndustrialControlSystems