Security CERT Global

    • Kritisk sårbarhet i Palo Alto Cortex XSOAR
      Palo Alto varnar om en kritisk sårbarhet i Cortex XSOAR. Sårbarheten (CVE-2021-3044) har fått CVSS-klassning 9,8 och påverkar auktoriseringen i lösningen. [1] Sårbarheten gör att en angripare med nätverksåtkomst till ... read more
    • CVE-2021-29084
      Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers ... read more
    • CVE-2021-35210
      Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the ... read more
    • CVE-2021-29087
      Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via ... read more
    • CVE-2021-27649
      Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. ... read more
    • CVE-2021-29085
      Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to ... read more
    • CVE-2021-29086
      Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors. ... read more
    • Múltiples vulnerabilidades en productos Phoenix Contact
      Publication date: 06/23/2021 Importance: Crítica Affected resources: AXL F BK PN TPS XC, versiones de firmware anteriores a 1.30 y de hardware anteriores a la 01; AXL ... read more
    • Múltiples vulnerabilidades en productos Phoenix Contact
      Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: AXL F BK PN TPS XC, versiones de firmware anteriores a 1.30 y de hardware anteriores a la 01; ... read more
    • Múltiples vulnerabilidades en productos VMware
      Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: VMware Carbon Black App Control (AppC), VMware Tools para Windows, VMware Remote Console para Windows (VMRC para Windows), VMware ... read more
    • Vulnerabilidad en Cortex XSOAR de Palo Alto Networks
      Fecha de publicación: 23/06/2021 Importancia: Crítica Recursos afectados: Cortex XSOAR versiones: 6.1.0, builds posteriores a 1016923 y anteriores a 1271064; 6.2.0, builds anteriores a 1271065. Descripción: Palo ... read more
    • Múltiples vulnerabilidades en productos VMware
      Publication date: 06/23/2021 Importance: Crítica Affected resources: VMware Carbon Black App Control (AppC), VMware Tools para Windows, VMware Remote Console para Windows (VMRC para Windows), VMware App ... read more
    • Vulnerabilidad en Cortex XSOAR de Palo Alto Networks
      Publication date: 06/23/2021 Importance: Crítica Affected resources: Cortex XSOAR versiones: 6.1.0, builds posteriores a 1016923 y anteriores a 1271064; 6.2.0, builds anteriores a 1271065. Description: Palo Alto ... read more
    • EU Boost against cyberattacks: EU Agency for Cybersecurity welcomes proposal for the Joint Cyber Unit
    • Múltiples vulnerabilidades en WebAccess HMI Designeren de Advantech
      Publication date: 06/23/2021 Importance: Alta Affected resources: WebAccess HMI Designer, versiones 2.1.9.95 y anteriores. Description: Kimiya, en colaboración con ZDI, ha reportado estas vulnerabilidades a CISA que ... read more
    • Múltiples vulnerabilidades en WebAccess HMI Designeren de Advantech
      Fecha de publicación: 23/06/2021 Importancia: Alta Recursos afectados: WebAccess HMI Designer, versiones 2.1.9.95 y anteriores. Descripción: Kimiya, en colaboración con ZDI, ha reportado estas vulnerabilidades a CISA ... read more
    • Cl0p-ransomwaregruppen atter på spil trods anholdelser
      Den ransomwaregruppe, der står bag Cl0p, er tilbage online på sit officielle websted på The dark web. Dermed tyder alt på, at anholdelserne i Ukraine i sidste uge ikke har ... read more
    • JVN: 複数の CODESYS 製品に複数の脆弱性
      複数の CODESYS 製品には、複数の脆弱性が存在します。続きを読む ... read more
    • Ransomware forstyrrer it-netværket i Liège
      Liège, som er den tredjestørste by i Belgien, er blevet ramt af et ransomware-angreb, der har forstyrret kommunens it-netværk og dets onlinetjenester. Det skriver Security Affairs på baggrund af en meddelelse ... read more
    • お知らせ:CyberNewsFlash「iMovieのアップデートについて」
    • CVE-2021-34392
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass ... read more
    • CVE-2021-34393
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose ... read more
    • CVE-2020-36394
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, ... read more
    • CVE-2021-34390
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of ... read more
    • CVE-2021-34391
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on ... read more
    • CVE-2021-34397
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service. ... read more
    • CVE-2021-34396
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which ... read more
    • CVE-2021-34372
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message ... read more
    • CVE-2021-34395
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource ... read more
    • CVE-2021-34394
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. ... read more
    • ESB-2021.2218 – [Win] Shibboleth: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2218 hibboleth Service Provider Security Advisory [22 June 2021] 23 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- ... read more
    • JVN: WordPress 用プラグイン WordPress Popular Posts におけるクロスサイトスクリプティングの脆弱性
      WordPress 用プラグイン WordPress Popular Posts には、クロスサイトスクリプティングの脆弱性が存在します。続きを読む ... read more
    • JVN: EC-CUBE における複数のクロスサイトスクリプティングの脆弱性
      株式会社イーシーキューブが提供する EC-CUBE には、複数のクロスサイトスクリプティングの脆弱性が存在します。続きを読む ... read more
    • JVN: Advantech 製 WebAccess/HMI Designer に複数の任意コードが実行可能な脆弱性
      Advantech 社が提供する WebAccess/HMI Designer には、複数の任意コードが実行可能な脆弱性が存在します。続きを読む ... read more
    • ESB-2021.2217 – [Debian] linux kernel: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2217 linux security update 23 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: linux kernel Publisher: Debian ... read more
    • Multiple cross-site scripting vulnerabilities in EC-CUBE
      EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities. ... read more
    • WordPress Plugin “WordPress Popular Posts” vulnerable to cross-site scripting
      WordPress Plugin "WordPress Popular Posts" contains a cross-site scripting vulnerability. ... read more
    • ESB-2021.2215 – CODESYS V2 products: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2215 Advisories (icsa-21-173-02, icsa-21-173-03, icsa-21-173-04) CODESYS Control V2 product vulnerabilities 23 June 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.2216 – [Ubuntu] kernel: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2216 USN-4997-1: Linux kernel vulnerabilities 23 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel Publisher: Ubuntu ... read more
    • ESB-2021.2214 – [Win] WebAccess HMI Designer: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2214 Advisory (icsa-21-173-01) Advantech WebAccess HMI Designer 23 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: WebAccess ... read more
    • CVE-2021-22365
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this ... read more
    • CVE-2021-22382
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to ... read more
    • CVE-2021-22377
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module ... read more
    • CVE-2021-22342
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege ... read more
    • CVE-2021-22378
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the ... read more
    • CVE-2021-22383
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to ... read more
    • CVE-2021-22366
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that ... read more
    • CVE-2021-22363
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the ... read more
    • CVE-2021-32644
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering ... read more
    • CVE-2021-3044
      Gravedad: NonePublicado: 22/06/2021Last revised: 22/06/2021Descripción: *** Pendiente de traducción *** An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the ... read more

MGS+

Tags: