Security CERT Global

• CVE-2011-1177
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
• CVE-2011-1942
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
• CVE-2021-35438
  phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. ... read more
• CVE-2011-0023
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
• CVE-2021-31585
  Accellion Kiteworks before 7.3.1 allows a user with Admin privileges to escalate their privileges by generating SSH passwords that allow local access. ... read more
• CVE-2021-21999
  VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) ... read more
• CVE-2021-28976
  Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. ... read more
• CVE-2020-20391
  Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. ... read more
• CVE-2020-20392
  SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters in coms/add_coms.php. ... read more
• CVE-2021-28977
  Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, ... read more
• CVE-2021-21998
  VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon ... read more
• CVE-2021-25950
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: ... read more
• CVE-2020-20389
  Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. ... read more
• CVE-2021-31586
  Accellion Kiteworks before 7.4.0 allows an authenticated user to perform SQL Injection via LDAPGroup Search. ... read more
• CVE-2011-1955
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
• CVE-2011-2926
  ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. ... read more
• CVE-2021-0531 (android)
  In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. ... read more
• CERTFR-2021-AVI-479 : Multiples vulnérabilités dans les produits VMware (23 juin 2021)
  De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et ... read more
• CERTFR-2021-AVI-481 : Vulnérabilité dans Palo Alto Networks Cortex XSOAR (23 juin 2021)
  Une vulnérabilité a été découverte dans Palo Alto Networks Cortex XSOAR. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
• CERTFR-2021-AVI-480 : Vulnérabilité dans SonicWall SonicOS (23 juin 2021)
  Une vulnérabilité a été découverte dans SonicWall SonicOS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données. ... read more
• VMware Releases Security Updates
  ... read more
• Kritisk sårbarhet i Palo Alto Cortex XSOAR
  Palo Alto varnar om en kritisk sårbarhet i Cortex XSOAR. Sårbarheten (CVE-2021-3044) har fått CVSS-klassning 9,8 och påverkar auktoriseringen i lösningen. [1] Sårbarheten gör att en angripare med nätverksåtkomst till ... read more
• CVE-2021-29086
  Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. ... read more
• CVE-2021-29084
  Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers ... read more
• CVE-2021-35210
  Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the ... read more
• CVE-2021-29087
  Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via ... read more
• CVE-2021-27649
  Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. ... read more
• CVE-2021-29085
  Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to ... read more
• Múltiples vulnerabilidades en productos Phoenix Contact
  Publication date: 06/23/2021 Importance: Crítica Affected resources: AXL F BK PN TPS XC, versiones de firmware anteriores a 1.30 y de hardware anteriores a la 01; AXL ... read more
• Múltiples vulnerabilidades en productos Phoenix Contact
  Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: AXL F BK PN TPS XC, versiones de firmware anteriores a 1.30 y de hardware anteriores a la 01; ... read more
• Múltiples vulnerabilidades en productos VMware
  Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: VMware Carbon Black App Control (AppC), VMware Tools para Windows, VMware Remote Console para Windows (VMRC para Windows), VMware ... read more
• Vulnerabilidad en Cortex XSOAR de Palo Alto Networks
  Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: Cortex XSOAR versiones: 6.1.0, builds posteriores a 1016923 y anteriores a 1271064; 6.2.0, builds anteriores a 1271065. Descripción: Palo ... read more
• Múltiples vulnerabilidades en productos VMware
  Publication date: 06/23/2021 Importance: Crítica Affected resources: VMware Carbon Black App Control (AppC), VMware Tools para Windows, VMware Remote Console para Windows (VMRC para Windows), VMware App ... read more
• Vulnerabilidad en Cortex XSOAR de Palo Alto Networks
  Publication date: 06/23/2021 Importance: Crítica Affected resources: Cortex XSOAR versiones: 6.1.0, builds posteriores a 1016923 y anteriores a 1271064; 6.2.0, builds anteriores a 1271065. Description: Palo Alto ... read more
• EU Boost against cyberattacks: EU Agency for Cybersecurity welcomes proposal for the Joint Cyber Unit
  ... read more
• Múltiples vulnerabilidades en WebAccess HMI Designeren de Advantech
  Publication date: 06/23/2021 Importance: Alta Affected resources: WebAccess HMI Designer, versiones 2.1.9.95 y anteriores. Description: Kimiya, en colaboración con ZDI, ha reportado estas vulnerabilidades a CISA que ... read more
• Múltiples vulnerabilidades en WebAccess HMI Designeren de Advantech
  Fecha de publicación: 23/06/2021 Importancia: Alta Recursos afectados: WebAccess HMI Designer, versiones 2.1.9.95 y anteriores. Descripción: Kimiya, en colaboración con ZDI, ha reportado estas vulnerabilidades a CISA ... read more
• Cl0p-ransomwaregruppen atter på spil trods anholdelser
  Den ransomwaregruppe, der står bag Cl0p, er tilbage online på sit officielle websted på The dark web. Dermed tyder alt på, at anholdelserne i Ukraine i sidste uge ikke har ... read more
• JVN: 複数の CODESYS 製品に複数の脆弱性
  複数の CODESYS 製品には、複数の脆弱性が存在します。続きを読む ... read more
• Ransomware forstyrrer it-netværket i Liège
  Liège, som er den tredjestørste by i Belgien, er blevet ramt af et ransomware-angreb, der har forstyrret kommunens it-netværk og dets onlinetjenester. Det skriver Security Affairs på baggrund af en meddelelse ... read more
• お知らせ：CyberNewsFlash「iMovieのアップデートについて」
  ... read more
• CVE-2020-36394
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, ... read more
• CVE-2021-34390
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of ... read more
• CVE-2021-34391
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on ... read more
• CVE-2021-34397
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. ... read more
• CVE-2021-34396
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which ... read more
• CVE-2021-34372
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message ... read more
• CVE-2021-34395
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource ... read more
• CVE-2021-34394
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. ... read more
• CVE-2021-34392
  Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass ... read more
Older posts