Security CERT Global

    • CVE-2020-27297
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled ... read more
    • CVE-2021-23272
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver ... read more
    • CVE-2020-27299
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data ... read more
    • CVE-2020-13582
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead ... read more
    • CVE-2020-5463
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate ... read more
    • CVE-2020-27274
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** Some parsing functions in the affected product do not check the return value of malloc and the thread handling the ... read more
    • CVE-2020-5464
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate ... read more
    • CVE-2021-3308
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass ... read more
    • CVE-2021-22159
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before ... read more
    • CVE-2020-27295
      Gravedad: NonePublicado: 26/01/2021Last revised: 26/01/2021Descripción: *** Pendiente de traducción *** The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the ... read more
    • ESB-2021.0289 – [Ubuntu] Pound: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0289 USN-4702-1: Pound vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Pound Publisher: Ubuntu Operating ... read more
    • ESB-2021.0290 – [Ubuntu] libsndfile: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0290 USN-4704-1: libsndfile vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libsndfile Publisher: Ubuntu Operating ... read more
    • CVE-2021-3165
      SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI. ... read more
    • CVE-2013-2512
      The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. ... read more
    • CVE-2021-3317
      KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. ... read more
    • ESB-2021.0284 – [Win][UNIX/Linux] Jenkins Core: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0284 Jenkins Security Advisory 2021-01-26 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Jenkins Core Publisher: ... read more
    • ESB-2021.0282 – [RedHat] OpenShift Container Platform 4.6.13: Access confidential data – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0282 OpenShift Container Platform 4.6.13 bug fix and security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.0287 – [Ubuntu] Sudo: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0287 USN-4705-1: Sudo vulnerabilities 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Sudo Publisher: Ubuntu Operating ... read more
    • ESB-2021.0285 – [SUSE] rubygem-nokogiri: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0285 Security update for rubygem-nokogiri 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: rubygem-nokogiri Publisher: SUSE ... read more
    • ESB-2021.0286 – [RedHat] Red Hat JBoss Enterprise Application Platform 7.3.5: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0286 Red Hat JBoss Enterprise Application Platform 7.3.5 security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.0281 – [RedHat] sudo: Root compromise – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0281 sudo security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: sudo Publisher: Red Hat ... read more
    • ESB-2021.0283 – [RedHat] dnsmasq: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0283 dnsmasq security update 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: dnsmasq Publisher: Red Hat ... read more
    • ESB-2021.0288 – [Ubuntu] mutt: Denial of service – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0288 USN-4703-1: Mutt vulnerability 27 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Ubuntu Operating ... read more
    • Weekly Report: 複数のCisco製品に脆弱性
      複数のCisco製品には、脆弱性があります。結果として、遠隔の第三者が任意のコマンドを実行するなどの可能性があります。続きを読む ... read more
    • Weekly Report: TP-Link製TL-WR841N V13(JP)におけるOSコマンドインジェクションの脆弱性
      TP-Linkが提供するWi-FiルータTL-WR841NのハードウェアバージョンV13(JP)向けファームウェアには、OSコマンドインジェクションの脆弱性があります。結果として、当該製品のwebインタフェースにログインできるユーザが、ファームウェアのデザイン上想定されていないOSコマンドを実行する可能性があります。続きを読む ... read more
    • Weekly Report: Drupalのサードパーティライブラリに脆弱性
      Drupalには、内部で使用しているパッケージの問題に起因する、アーカイブファイル処理時のシンボリックリンクの不十分なチェックによるディレクトリトラバーサルの脆弱性があります。結果として、遠隔の第三者が任意のファイルを上書きする可能性があります。続きを読む ... read more
    • Weekly Report: Google Chromeに複数の脆弱性
      Google Chromeには、複数の脆弱性があります。続きを読む ... read more
    • Weekly Report: 2021年1月Oracle Critical Patch Updateについて
      Oracleから複数の製品およびコンポーネントに含まれる脆弱性に対応したOracleCritical Patch Update Advisoryが公開されました。続きを読む ... read more
    • Weekly Report: Dnsmasqに複数の脆弱性
      Dnsmasqは、DNSやDHCPなどの機能を提供するオープンソースソフトウェアです。Dnsmasqには、複数の脆弱性があります。結果として、遠隔の第三者が、任意のコード実行や情報の窃取を行ったり、サービス運用妨害(DoS)状態を引き起こしたりするなどの可能性があります。なお、これらの脆弱性は発見者によって「DNSpooq」と呼称されています。続きを読む ... read more
    • お知らせ:JPCERT/CC 感染症対策への取り組みと問い合わせ対応について
    • CVE-2021-26271
      It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the ... read more
    • CVE-2021-1071
      NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver ... read more
    • CVE-2020-23776
      A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a ... read more
    • CVE-2020-23774
      A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. ... read more
    • CVE-2021-3309
      packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, ... read more
    • CVE-2021-21271
      Tendermint Core is an open source Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language - and securely replicates it on many ... read more
    • CVE-2021-21283
      Flarum is an open source discussion platform for websites. The "Flarum Sticky" extension versions 0.1.0-beta.14 and 0.1.0-beta.15 has a cross-site scripting vulnerability. A change in release beta 14 of the ... read more
    • CVE-2021-21278
      RSSHub is an open source, easy to use, and extensible RSS feed generator. In RSSHub before version 7f1c430 (non-semantic versioning) there is a risk of code injection. Some routes use ... read more
    • CVE-2021-26272
      It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or ... read more
    • CVE-2021-1070
      NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA ... read more
    • CVE-2021-3156
      Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character: ... read more
    • CVE-2020-27859 (esmpro_manager)
      This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within ... read more
    • FTC Reports Scammers Impersonating FTC
      Original release date: January 26, 2021The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide ... read more
    • CVE-2021-2059 (istore)
      Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network ... read more
    • CVE-2021-2054 (rdbms_sharding)
      Vulnerability in the RDBMS Sharding component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any ... read more
    • CVE-2021-1276 (data_center_network_manager)
      Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain ... read more
    • CVE-2021-1277 (data_center_network_manager)
      Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain ... read more
    • CVE-2021-2057 (retail_customer_management_and_segmentation_foundation)
      Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19.0. Easily exploitable vulnerability allows ... read more
    • CVE-2021-2062 (business_intelligence_publisher)
      Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-1283 (data_center_network_manager)
      A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should ... read more

Machine Learning in the Automotive Industry Aligning Investments and Incentives – MIT

Tags: