Security CERT Global

    • CERTFR-2021-AVI-285 : Vulnérabilité dans VMware NSX-T (19 avril 2021)
      Une vulnérabilité a été découverte dans VMware NSX-T. Elle permet à un attaquant de provoquer une élévation de privilèges. ... read more
    • CERTFR-2021-AVI-284 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une ... read more
    • CERTFR-2021-AVI-283 : Vulnérabilité dans Juniper Junos OS (19 avril 2021)
      Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
    • CERTFR-2021-AVI-282 : Multiples vulnérabilités dans les produits Qnap (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
    • CERTFR-2021-AVI-281 : Vulnérabilité dans OpenSSH (19 avril 2021)
      Une vulnérabilité a été découverte dans OpenSSH. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
    • CERTFR-2021-AVI-280 : Multiples vulnérabilités dans Mitel MiCollab (19 avril 2021)
      De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à ... read more
    • CERTFR-2021-ACT-015 : Bulletin d’actualité CERTFR-2021-ACT-015 (19 avril 2021)
      Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
    • WordPress udsender sikkerhedsopdatering
      Det populære redaktionssystem for hjemmesider, Wordpress, er opdateret til en ny version. Det sker med udsendelsen af version 5.7.1, hvorved alle versioner siden WordPress 4.7 er blevet opdateret. Der er tale ... read more
    • Get ready for CiSP 2.0
      The NCSC's online portal for threat intelligence sharing is being upgraded. ... read more
    • Det kriminalpræventive råd: IT-kriminelle har for let spil
      En ny rapport fra Det Kriminalpræventive Råd og Forbrugerrådet TÆNK konkluderer, at it-kriminelle har for let spil til deres forehavende. Danskernes høje tillid til hinanden udnyttes af it-kriminelle til at ... read more
    • JVN: トレンドマイクロ株式会社製パスワードマネージャーにおける DLL 読み込みに関する脆弱性
      トレンドマイクロ株式会社製パスワードマネージャーには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
    • Trend Micro Password Manager may insecurely load Dynamic Link Libraries
      Password Manager provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries. ... read more
    • CVE-2021-24226 (accessally)
      In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing ... read more
    • CVE-2021-24024 (fortiadc, fortiadc_manager)
      A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker ... read more
    • ESB-2021.1311 – [RedHat] IBM Resilient SOAR: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1311 Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527) 19 April 2021 =========================================================================== AusCERT Security ... read more
    • ESB-2021.1304 – [Juniper] Junos OS: EX4300: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1304 JSA11135 - 2021-04 Security Bulletin: Junos OS: EX4300: FPC crash upon receipt of specific frames on an ... read more
    • ESB-2021.1309 – [Debian] python2.7: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1309 python2.7 security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python2.7 Publisher: Debian Operating ... read more
    • ESB-2021.1308 – [Debian] python-bleach: Cross-site scripting – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1308 python-bleach security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-bleach Publisher: Debian Operating ... read more
    • ESB-2021.1303 – [Appliance] F5 Products: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1303 iApps vulnerability CVE-2020-17507 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ ... read more
    • ESB-2021.1305 – [SUSE] openldap2: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1305 Security update for openldap2 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE ... read more
    • ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1310 libebml security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libebml Publisher: Debian Operating ... read more
    • CVE-2021-23378
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... read more
    • CVE-2021-23375
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... read more
    • CVE-2021-23381
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to ... read more
    • CVE-2021-23379
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to ... read more
    • CVE-2021-23376
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible ... read more
    • CVE-2021-23374
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible ... read more
    • CVE-2021-23380
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package ... read more
    • CVE-2021-23377
      Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible ... read more
    • CVE-2021-23378
      This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23381
      This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2021-23379
      This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
    • CVE-2021-23376
      This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23380
      This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker ... read more
    • CVE-2021-23377
      This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23374
      This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2021-23375
      This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
    • CVE-2020-36195
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If ... read more
    • CVE-2021-3493
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file ... read more
    • CVE-2021-3492
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. ... read more
    • CVE-2020-2509
      Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to ... read more
    • CVE-2021-3492
      Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory ... read more
    • CVE-2021-3493
      The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to ... read more
    • CVE-2021-29451
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON ... read more
    • CVE-2021-29444
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2021-29445
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2021-29452
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow ... read more
    • CVE-2021-29446
      Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
    • CVE-2020-36195
      An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. ... read more
    • CVE-2020-2509
      A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already ... read more

Center for Internet Security MS-ISAC Alert Level

Center for Internet Security MS-ISAC Alert Level

Digital Attack Map Top Daily DDoS attacks worldwide

Arbor Networks Digital Attack Map Top Daily DDoS attacks worldwide

Cybermap Kaspersky

Kaspersky Cybermap