Security CERT Global

• CVE-2020-7851 (file_transfer_solution)
  Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ... read more
• CVE-2021-2198
  Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with ... read more
• CVE-2021-31607
  In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file ... read more
• Le modèle Zero Trust
  Si le modèle Zero Trust s’inscrit dans la logique de « défense en profondeur » promue historiquement par l’ANSSI, il constitue une modification du paradigme de la stricte logique périmétrique ... read more
• JVN: Horner Automation 製 Cscape に複数の脆弱性
  Horner Automation が提供する Cscape には、複数の脆弱性が存在します。続きを読む ... read more
• ASB-2021.0099 – [Win] Microsoft Edge: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0099 Microsoft Security Update Release for Microsoft Edge (Chromium-based) 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft ... read more
• ESB-2021.1389 – [Appliance] Mitsubishi Electric GOT series products: Unauthorised access – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1389 Advisory (icsa-21-112-02) Mitsubishi Electric GOT 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mitsubishi Electric ... read more
• ESB-2021.1388 – [Win][Appliance] Horner Automation Cscape: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1388 Advisory (icsa-21-112-01) Horner Automation Cscape 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Horner Automation ... read more
• CVE-2021-23380 (roar-pidusage)
  This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker ... read more
• CVE-2021-23381 (killing)
  This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
• CVE-2020-28141 (online_discussion_forum)
  The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that ... read more
• CVE-2021-23379 (portkiller)
  This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
• CVE-2021-31597
  The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request ... read more
• CVE-2021-2197
  Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network ... read more
• CVE-2021-2203
  Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
• CVE-2021-2207
  Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged ... read more
• CVE-2021-2223
  Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Receipts). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via ... read more
• CVE-2021-2008
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version ... read more
• CVE-2021-2053
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: UI Framework). The supported version that is ... read more
• CVE-2021-2135
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are ... read more
• CVE-2021-2134
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). The supported version ... read more
• CVE-2021-2140
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Rules Framework). Supported versions ... read more
• CVE-2021-2142
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). The supported version that is affected is ... read more
• CVE-2020-17563
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " ... read more
• CVE-2021-2136
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, ... read more
• CVE-2020-17564
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the ... read more
• CVE-2021-2141
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are ... read more
• ESB-2021.1382 – [Debian] wpa: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1382 wpa security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wpa Publisher: Debian Operating ... read more
• ESB-2021.1387 – [Linux][AIX] db2: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1387 IBM DB2 Affected by Java Vulnerability 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: db2 ... read more
• ESB-2021.1386 – [SUSE] qemu: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1386 Security update for qemu 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: SUSE ... read more
• ESB-2021.1385 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1385 JSA11125 - 2021-04 Security Bulletin: Junos OS: Memory leak when querying Aggregated Ethernet (AE) interface statistics (CVE-2021-0230) ... read more
• ESB-2021.1384 – [UNIX/Linux][Ubuntu] shibboleth-sp: Execute arbitrary code/commands – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1384 USN-4925-1: Shibboleth vulnerability 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: shibboleth-sp Publisher: Ubuntu Operating ... read more
• ESB-2021.1383 – [Ubuntu] Dnsmasq: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1383 USN-4924-1: Dnsmasq vulnerabilities 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Dnsmasq Publisher: Ubuntu Operating ... read more
• ESB-2021.1377 – [RedHat] Red Hat OpenShift Service Mesh: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1377 Red Hat OpenShift Service Mesh 1.1.13 security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- ... read more
• ESB-2021.1379 – [RedHat] Ansible: Access confidential data – Existing account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1379 Ansible security update (2.9.20) 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Ansible Publisher: Red ... read more
• ESB-2021.1380 – [Debian] thunderbird: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1380 thunderbird security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Debian Operating ... read more
• ESB-2021.1378 – [RedHat] OpenShift Serverless Products: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1378 Release of OpenShift Serverless 1.14.0 security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
• ASB-2021.0098 – ALERT QNAP NAS: Execute arbitrary code/commands – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2021.0098 Qlocker/eCh0raix ransomware attacks targeting QNAP products 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: QNAP NAS Operating ... read more
• ESB-2021.1381 – [Debian] wordpress: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1381 wordpress security update 23 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: wordpress Publisher: Debian Operating ... read more
• CVE-2021-31548
  Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or ... read more
• CVE-2021-31545
  Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. The page_recent_contributors leaked the existence of certain deleted ... read more
• CVE-2021-30476
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1. ... read more
• CVE-2021-27400
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when ... read more
• CVE-2021-29653
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. ... read more
• CVE-2021-22540
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via ... read more
• CVE-2021-27736
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. ... read more
• CVE-2021-31547
  Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames ... read more
• CVE-2021-3287
  Gravedad: NonePublicado: 22/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class. ... read more
• CVE-2021-31546
  Gravedad: NonePublicado: 21/04/2021Last revised: 22/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should ... read more
• JVN: yappa-ng におけるクロスサイトスクリプティングの脆弱性
  yappa-ng には、クロスサイトスクリプティングの脆弱性が存在します。続きを読む ... read more
Older posts