Security CERT Global

    • ESB-2021.0295 – [Debian] sudo: Root compromise – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0295 sudo security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Debian Operating ... read more
    • ESB-2021.0296 – [Debian] crmsh: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0296 crmsh security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: crmsh Publisher: Debian Operating ... read more
    • ESB-2021.0294 – [Debian] mutt: Denial of service – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0294 mutt security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Debian Operating ... read more
    • ESB-2021.0293 – [Debian] sudo: Root compromise – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0293 sudo security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Debian Operating ... read more
    • ESB-2021.0292 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0292 MFSA 2021-05 Security Vulnerabilities fixed in Thunderbird 78.7 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- ... read more
    • ESB-2021.0297 – [Win][Appliance] Fuji Electric Tellus Lite V-Simulator and V-Server Lite: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0297 Advisory (icsa-21-026-01) Fuji Electric Tellus Lite V-Simulator and V-Server Lite 27 January 2021 =========================================================================== AusCERT Security Bulletin ... read more
    • ESB-2021.0291 – [Win][UNIX/Linux] Firefox: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0291 Security Vulnerabilities fixed in Firefox 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Firefox Publisher: ... read more
    • CVE-2020-5464
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate ... read more
    • CVE-2021-3308
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass ... read more
    • CVE-2021-22159
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before ... read more
    • CVE-2020-27295
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the ... read more
    • CVE-2020-27297
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled ... read more
    • CVE-2021-23272
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver ... read more
    • CVE-2020-27299
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data ... read more
    • CVE-2020-13582
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead ... read more
    • CVE-2020-5463
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate ... read more
    • CVE-2020-27274
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** Some parsing functions in the affected product do not check the return value of malloc and the thread handling the ... read more
    • ESB-2021.0289 – [Ubuntu] Pound: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0289 USN-4702-1: Pound vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Pound Publisher: Ubuntu Operating ... read more
    • ESB-2021.0290 – [Ubuntu] libsndfile: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0290 USN-4704-1: libsndfile vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libsndfile Publisher: Ubuntu Operating ... read more
    • CVE-2021-3165
      SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. ... read more
    • CVE-2013-2512
      The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. ... read more
    • CVE-2021-3317
      KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. ... read more
    • ESB-2021.0288 – [Ubuntu] mutt: Denial of service – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0288 USN-4703-1: Mutt vulnerability 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Ubuntu Operating ... read more
    • ESB-2021.0284 – [Win][UNIX/Linux] Jenkins Core: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0284 Jenkins Security Advisory 2021-01-26 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Jenkins Core Publisher: ... read more
    • ESB-2021.0282 – [RedHat] OpenShift Container Platform 4.6.13: Access confidential data – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0282 OpenShift Container Platform 4.6.13 bug fix and security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.0287 – [Ubuntu] Sudo: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0287 USN-4705-1: Sudo vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Sudo Publisher: Ubuntu Operating ... read more
    • ESB-2021.0285 – [SUSE] rubygem-nokogiri: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0285 Security update for rubygem-nokogiri 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rubygem-nokogiri Publisher: SUSE ... read more
    • ESB-2021.0286 – [RedHat] Red Hat JBoss Enterprise Application Platform 7.3.5: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0286 Red Hat JBoss Enterprise Application Platform 7.3.5 security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.0281 – [RedHat] sudo: Root compromise – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0281 sudo security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Red Hat ... read more
    • ESB-2021.0283 – [RedHat] dnsmasq: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0283 dnsmasq security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dnsmasq Publisher: Red Hat ... read more
    • Weekly Report: 複数のCisco製品に脆弱性
      複数のCisco製品には、脆弱性があります。結果として、遠隔の第三者が任意のコマンドを実行するなどの可能性があります。続きを読む ... read more
    • Weekly Report: TP-Link製TL-WR841N V13(JP)におけるOSコマンドインジェクションの脆弱性
      TP-Linkが提供するWi-FiルータTL-WR841NのハードウェアバージョンV13(JP)向けファームウェアには、OSコマンドインジェクションの脆弱性があります。結果として、当該製品のwebインタフェースにログインできるユーザが、ファームウェアのデザイン上想定されていないOSコマンドを実行する可能性があります。続きを読む ... read more
    • Weekly Report: Drupalのサードパーティライブラリに脆弱性
      Drupalには、内部で使用しているパッケージの問題に起因する、アーカイブファイル処理時のシンボリックリンクの不十分なチェックによるディレクトリトラバーサルの脆弱性があります。結果として、遠隔の第三者が任意のファイルを上書きする可能性があります。続きを読む ... read more
    • Weekly Report: Google Chromeに複数の脆弱性
      Google Chromeには、複数の脆弱性があります。続きを読む ... read more
    • Weekly Report: 2021年1月Oracle Critical Patch Updateについて
      Oracleから複数の製品およびコンポーネントに含まれる脆弱性に対応したOracleCritical Patch Update Advisoryが公開されました。続きを読む ... read more
    • Weekly Report: Dnsmasqに複数の脆弱性
      Dnsmasqは、DNSやDHCPなどの機能を提供するオープンソースソフトウェアです。Dnsmasqには、複数の脆弱性があります。結果として、遠隔の第三者が、任意のコード実行や情報の窃取を行ったり、サービス運用妨害(DoS)状態を引き起こしたりするなどの可能性があります。なお、これらの脆弱性は発見者によって「DNSpooq」と呼称されています。続きを読む ... read more
    • お知らせ:JPCERT/CC 感染症対策への取り組みと問い合わせ対応について
    • CVE-2021-21278
      RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use ... read more
    • CVE-2021-26272
      It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or ... read more
    • CVE-2021-1070
      NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA ... read more
    • CVE-2021-3156
      Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character: ... read more
    • CVE-2021-26271
      It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the ... read more
    • CVE-2021-1071
      NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver ... read more
    • CVE-2020-23776
      A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a ... read more
    • CVE-2020-23774
      A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. ... read more
    • CVE-2021-3309
      packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, ... read more
    • CVE-2021-21271
      Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many ... read more
    • CVE-2021-21283
      Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the ... read more
    • CVE-2020-27859 (esmpro_manager)
      This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within ... read more
    • FTC Reports Scammers Impersonating FTC
      Original release date: January 26, 2021The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide ... read more
Title Category Tag

Threat Landscape for Industrial Automation Systems H1 2018 – Kaspersky Lab ICS CERT

CERTICSKaspersky CERT cybersecurity ICS infosec Kaspersky