Security CERT Global

• ESB-2021.0314 – [Win][UNIX/Linux] Moodle: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0314 Moodle security updates 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Moodle Publisher: Moodle Operating ... read more
• ESB-2021.0309 – [UNIX/Linux][SUSE] go1.14: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0309 Security update for go1.14 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: go1.14 Publisher: SUSE ... read more
• ESB-2021.0313 – [SUSE] sudo: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0313 Security update for sudo 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: SUSE ... read more
• ESB-2021.0312 – [SUSE] postgresql: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0312 Security update for postgresql, postgresql12, postgresql13 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: postgresql ... read more
• ESB-2021.0310 – [SUSE] go1.15: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0310 Security update for go1.15 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: go1.15 Publisher: SUSE ... read more
• ESB-2021.0311 – [SUSE] nodejs8: Reduced security – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0311 Security update for nodejs8 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nodejs8 Publisher: SUSE ... read more
• CVE-2020-4789
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 ... read more
• CVE-2020-4786
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 ... read more
• CVE-2020-4855
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ... read more
• CVE-2021-3318
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. ... read more
• CVE-2020-5428
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries ... read more
• CVE-2020-4787
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 ... read more
• CVE-2020-4524
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the ... read more
• CVE-2020-5427
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL ... read more
• CVE-2020-4189
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM Security Guardium 11.2 discloses sensitive information in the response headers that could be used in further attacks against the ... read more
• CVE-2020-4547
  Gravedad: NonePublicado: 27/01/2021Last revised: 27/01/2021Descripción: *** Pendiente de traducción *** IBM Jazz Foundation products could allow a remote attacker to hijack the clicking action of the victim. By persuading a ... read more
• CVE-2021-1271 (web_security_virtual_appliance)
  A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack ... read more
• CVE-2020-11119 (apq8009_firmware, apq8017_firmware, apq8053_firmware, apq8076_firmware, apq8096au_firmware, aqt1000_firmware, ar8031_firmware, ar8035_firmware, ar8151_firmware, ar9380_firmware, csr6030_firmware, csr8811_firmware, csra6620_firmware, csra6640_firmware, csrb31024_firmware, ipq4018_firmware, ipq4028_firmware, ipq4029_firmware, ipq5010_firmware, ipq5018_firmware, ipq6000_firmware, ipq6005_firmware, ipq6010_firmware, ipq6018_firmware, ipq6028_firmware, ipq8064_firmware, ipq8069_firmware, ipq8070_firmware, ipq8070a_firmware, ipq8071_firmware, ipq8071a_firmware, ipq8072_firmware, ipq8072a_firmware, ipq8074_firmware, ipq8074a_firmware, ipq8076_firmware, ipq8076a_firmware, ipq8078_firmware, ipq8078a_firmware, ipq8173_firmware, ipq8174_firmware, mdm8215_firmware, mdm9206_firmware, mdm9215_firmware, mdm9250_firmware, mdm9310_firmware, mdm9607_firmware, mdm9615_firmware, mdm9626_firmware, mdm9628_firmware, mdm9640_firmware, mdm9650_firmware, mdm9655_firmware, msm8976_firmware, msm8994_firmware, msm8996au_firmware, pm3003a_firmware, pm4125_firmware, pm456_firmware, pm6125_firmware, pm6150_firmware, pm6150a_firmware, pm6150l_firmware, pm6250_firmware, pm6350_firmware, pm640a_firmware, pm640l_firmware, pm640p_firmware, pm660_firmware, pm660a_firmware, pm660l_firmware, pm670_firmware, pm670a_firmware, pm670l_firmware, pm7150a_firmware, pm7150l_firmware, pm7250_firmware, pm7250b_firmware, pm8004_firmware, pm8005_firmware, pm8008_firmware, pm8009_firmware, pm8018_firmware, pm8019_firmware, pm8150_firmware, pm8150a_firmware, pm8150b_firmware, pm8150c_firmware, pm8150l_firmware, pm8250_firmware, pm8350_firmware, pm8350b_firmware, pm8350bh_firmware, pm8350c_firmware, pm855_firmware, pm855a_firmware, pm855b_firmware, pm855l_firmware, pm855p_firmware, pm8909_firmware, pm8916_firmware, pm8937_firmware, pm8952_firmware, pm8953_firmware, pm8956_firmware, pm8996_firmware, pm8998_firmware, pmc1000h_firmware, pmd9607_firmware, pmd9645_firmware, pmd9655_firmware, pme605_firmware, pmi632_firmware, pmi8952_firmware, pmi8994_firmware, pmi8996_firmware, pmi8998_firmware, pmk8001_firmware, pmk8002_firmware, pmk8003_firmware, pmk8350_firmware, pmm6155au_firmware, pmm8155au_firmware, pmm8195au_firmware, pmm855au_firmware, pmm8996au_firmware, pmp8074_firmware, pmr525_firmware, pmr735a_firmware, pmr735b_firmware, pmx20_firmware, pmx24_firmware, pmx50_firmware, pmx55_firmware, qat3514_firmware, qat3516_firmware, qat3518_firmware, qat3519_firmware, qat3522_firmware, qat3550_firmware, qat3555_firmware, qat5515_firmware, qat5516_firmware, qat5522_firmware, qat5533_firmware, qat5568_firmware, qbt1000_firmware, qbt1500_firmware, qbt2000_firmware, qca0000_firmware, qca1023_firmware, qca4020_firmware, qca4024_firmware, qca6174a_firmware, qca6175a_firmware, qca6234_firmware, qca6310_firmware, qca6320_firmware, qca6335_firmware, qca6390_firmware, qca6391_firmware, qca6420_firmware, qca6421_firmware, qca6426_firmware, qca6428_firmware, qca6430_firmware, qca6431_firmware, qca6436_firmware, qca6438_firmware, qca6564_firmware, qca6564a_firmware, qca6564au_firmware, qca6574_firmware, qca6574a_firmware, qca6574au_firmware, qca6584_firmware, qca6584au_firmware, qca6595_firmware, qca6595au_firmware, qca6694_firmware, qca6696_firmware, qca8072_firmware, qca8075_firmware, qca8081_firmware, qca8337_firmware, qca9367_firmware, qca9369_firmware, qca9377_firmware, qca9379_firmware, qca9886_firmware, qca9888_firmware, qca9889_firmware, qca9898_firmware, qca9980_firmware, qca9984_firmware, qca9990_firmware, qca9992_firmware, qca9994_firmware, qcm6125_firmware, qcn5021_firmware, qcn5022_firmware, qcn5024_firmware, qcn5052_firmware, qcn5054_firmware, qcn5064_firmware, qcn5121_firmware, qcn5122_firmware, qcn5124_firmware, qcn5152_firmware, qcn5154_firmware, qcn5164_firmware, qcn5550_firmware, qcn6023_firmware, qcn6024_firmware, qcn7605_firmware, qcn7606_firmware, qcn9000_firmware, qcn9012_firmware, qcn9022_firmware, qcn9024_firmware, qcn9070_firmware, qcn9072_firmware, qcn9074_firmware, qcn9100_firmware, qcs405_firmware, qcs410_firmware, qcs603_firmware, qcs605_firmware, qcs610_firmware, qcs6125_firmware, qdm2301_firmware, qdm2302_firmware, qdm2305_firmware, qdm2307_firmware, qdm2308_firmware, qdm2310_firmware, qdm3301_firmware, qdm4643_firmware, qdm4650_firmware, qdm5620_firmware, qdm5621_firmware, qdm5650_firmware, qdm5652_firmware, qdm5670_firmware, qdm5671_firmware, qdm5677_firmware, qdm5679_firmware, qet4100_firmware, qet4101_firmware, qet4200aq_firmware, qet5100_firmware, qet5100m_firmware, qet6100_firmware, qet6110_firmware, qfe1040_firmware, qfe2080fc_firmware, qfe2081fc_firmware, qfe2082fc_firmware, qfe2101_firmware, qfe2340_firmware, qfe2550_firmware, qfe3100_firmware, qfe3320_firmware, qfe3440fc_firmware, qfe4455fc_firmware, qfe4465fc_firmware, qfs2530_firmware, qfs2580_firmware, qfs2608_firmware, qfs2630_firmware, qln1020_firmware, qln1021aq_firmware, qln1030_firmware, qln1031_firmware, qln1035bd_firmware, qln1036aq_firmware, qln4640_firmware, qln4642_firmware, qln4650_firmware, qln5020_firmware, qln5030_firmware, qln5040_firmware, qpa2625_firmware, qpa4340_firmware, qpa4360_firmware, qpa4361_firmware, qpa5460_firmware, qpa5461_firmware, qpa5580_firmware, qpa5581_firmware, qpa6560_firmware, qpa8673_firmware, qpa8675_firmware, qpa8686_firmware, qpa8688_firmware, qpa8801_firmware, qpa8802_firmware, qpa8803_firmware, qpa8821_firmware, qpa8842_firmware, qpm2630_firmware, qpm4621_firmware, qpm4630_firmware, qpm4640_firmware, qpm4641_firmware, qpm4650_firmware, qpm5541_firmware, qpm5577_firmware, qpm5579_firmware, qpm5620_firmware, qpm5621_firmware, qpm5641_firmware, qpm5657_firmware, qpm5658_firmware, qpm5670_firmware, qpm5677_firmware, qpm5679_firmware, qpm5870_firmware, qpm5875_firmware, qpm6325_firmware, qpm6375_firmware, qpm6582_firmware, qpm6585_firmware, qpm6621_firmware, qpm6670_firmware, qpm8820_firmware, qpm8830_firmware, qpm8870_firmware, qpm8895_firmware, qsm7250_firmware, qsw6310_firmware, qsw8573_firmware, qsw8574_firmware, qtc410s_firmware, qtc800h_firmware, qtc800s_firmware, qtc800t_firmware, qtc801s_firmware, qtm525_firmware, qtm527_firmware, rgr7640au_firmware, rsw8577_firmware, sa515m_firmware, sa6145p_firmware, sa6150p_firmware, sa6155_firmware, sa6155p_firmware, sa8150p_firmware, sa8155_firmware, sa8155p_firmware, sa8195p_firmware, sd_455_firmware, sd_636_firmware, sd_675_firmware, sd_8c_firmware, sd_8cx_firmware, sd210_firmware, sd460_firmware, sd660_firmware, sd662_firmware, sd665_firmware, sd670_firmware, sd675_firmware, sd690_5g_firmware, sd710_firmware, sd712_firmware, sd720g_firmware, sd730_firmware, sd750g_firmware, sd765_firmware, sd765g_firmware, sd768g_firmware, sd7c_firmware, sd820_firmware, sd821_firmware, sd835_firmware, sd845_firmware, sd850_firmware, sd855_firmware, sd865_5g_firmware, sd888_5g_firmware, sdm630_firmware, sdm830_firmware, sdr051_firmware, sdr052_firmware, sdr425_firmware, sdr660_firmware, sdr660g_firmware, sdr675_firmware, sdr735_firmware, sdr735g_firmware, sdr8150_firmware, sdr8250_firmware, sdr845_firmware, sdr865_firmware, sdx20_firmware, sdx20m_firmware, sdx24_firmware, sdx50m_firmware, sdx55_firmware, sdx55m_firmware, sdxr1_firmware, sdxr2_5g_firmware, sm4125_firmware, sm6250_firmware, sm6250p_firmware, sm7250p_firmware, smb1350_firmware, smb1351_firmware, smb1354_firmware, smb1355_firmware, smb1357_firmware, smb1358_firmware, smb1360_firmware, smb1380_firmware, smb1381_firmware, smb1390_firmware, smb1395_firmware, smb1396_firmware, smb1398_firmware, smb231_firmware, smb2351_firmware, smb358s_firmware, smr525_firmware, smr526_firmware, smr545_firmware, smr546_firmware, wcd9326_firmware, wcd9330_firmware, wcd9335_firmware, wcd9340_firmware, wcd9341_firmware, wcd9360_firmware, wcd9370_firmware, wcd9371_firmware, wcd9375_firmware, wcd9380_firmware, wcd9385_firmware, wcn3610_firmware, wcn3615_firmware, wcn3660b_firmware, wcn3680b_firmware, wcn3910_firmware, wcn3950_firmware, wcn3980_firmware, wcn3988_firmware, wcn3990_firmware, wcn3991_firmware, wcn3998_firmware, wcn3999_firmware, wcn6750_firmware, wcn6850_firmware, wcn6851_firmware, wcn6855_firmware, wcn6856_firmware, wgr7640_firmware, whs9410_firmware, wsa8810_firmware, wsa8815_firmware, wsa8830_firmware, wsa8835_firmware, wtr1605_firmware, wtr2955_firmware, wtr2965_firmware, wtr3905_firmware, wtr3925_firmware, wtr3950_firmware, wtr4605_firmware, wtr4905_firmware, wtr5975_firmware, wtr6955_firmware)
  Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics ... read more
• CVE-2021-1069 (linux_for_tegra, shield_experience)
  NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss. ... read more
• CVE-2021-1349 (sd-wan_vmanage)
  A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The ... read more
• CVE-2021-1225 (sd-wan_vmanage)
  Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist ... read more
• CVE-2021-3331
  WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default ... read more
• ESB-2021.0306 – [Ubuntu] sudo: Root compromise – Existing account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0306 USN-4705-2: Sudo vulnerability 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Ubuntu Operating ... read more
• ESB-2021.0307 – [SUSE] sudo: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0307 Security updates for sudo 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: SUSE ... read more
• ESB-2021.0308 – [Debian] ansible: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0308 ansible security update 28 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ansible Publisher: Debian Operating ... read more
• CVE-2021-3326
  The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code ... read more
• CVE-2021-25224
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The ... read more
• CVE-2021-22655
  Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution ... read more
• CVE-2021-25225
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The ... read more
• CVE-2021-22653
  Multiple out-of-bounds write issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution ... read more
• CVE-2021-22641
  A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code ... read more
• CVE-2021-22639
  An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution ... read more
• CVE-2021-22637
  Multiple stack-based buffer overflow issues have been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code ... read more
• CVE-2021-26118
  While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire ... read more
• CVE-2021-25247
  A DLL hijacking vulnerability Trend Micro HouseCall for Home Networks version 5.3.1063 and below could allow an attacker to use a malicious DLL to escalate privileges and perform arbitrary code ... read more
• CVE-2021-3325
  Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). This issue occurred because a new access-control feature was introduced ... read more
• CVE-2021-25226
  A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The ... read more
• CVE-2021-26276
  ** DISPUTED ** scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this ... read more
• CVE-2021-26117
  The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ... read more
• CVE-2021-1235 (sd-wan_vmanage)
  A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to ... read more
• CVE-2021-1248 (data_center_network_manager)
  Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For ... read more
• CVE-2021-1249 (data_center_network_manager)
  Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or ... read more
• CVE-2021-1241 (ios_xe_sd-wan, sd-wan_firmware, sd-wan_vbond_orchestrator, sd-wan_vmanage, sd-wan_vsmart_controller_firmware)
  Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see ... read more
• CVE-2021-1250 (data_center_network_manager)
  Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or ... read more
• CVE-2021-1233 (sd-wan_firmware, sd-wan_vbond_orchestrator, sd-wan_vmanage)
  A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input ... read more
• Cybersecurity fact sheets
  The U.S. Army Cyber Command website offers more than two dozen fact sheets to help users to prepare and protect themselves online. ... read more
• CVE-2021-1135 (data_center_network_manager)
  Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For ... read more
• CVE-2021-1303 (dna_center)
  A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to ... read more
• CVE-2021-1286 (data_center_network_manager)
  Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or ... read more
• CVE-2021-1269 (data_center_network_manager)
  Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For ... read more
Older posts