Security CERT Global

• WordPress udsender sikkerhedsopdatering
  Det populære redaktionssystem for hjemmesider, Wordpress, er opdateret til en ny version. Det sker med udsendelsen af version 5.7.1, hvorved alle versioner siden WordPress 4.7 er blevet opdateret. Der er tale ... read more
• Get ready for CiSP 2.0
  The NCSC's online portal for threat intelligence sharing is being upgraded. ... read more
• Det kriminalpræventive råd: IT-kriminelle har for let spil
  En ny rapport fra Det Kriminalpræventive Råd og Forbrugerrådet TÆNK konkluderer, at it-kriminelle har for let spil til deres forehavende. Danskernes høje tillid til hinanden udnyttes af it-kriminelle til at ... read more
• JVN: トレンドマイクロ株式会社製パスワードマネージャーにおける DLL 読み込みに関する脆弱性
  トレンドマイクロ株式会社製パスワードマネージャーには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
• Trend Micro Password Manager may insecurely load Dynamic Link Libraries
  Password Manager provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries. ... read more
• CVE-2021-24226 (accessally)
  In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing ... read more
• CVE-2021-24024 (fortiadc, fortiadc_manager)
  A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker ... read more
• ESB-2021.1311 – [RedHat] IBM Resilient SOAR: Execute arbitrary code/commands – Existing account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1311 Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527) 19 April 2021 =========================================================================== AusCERT Security ... read more
• ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1310 libebml security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libebml Publisher: Debian Operating ... read more
• ESB-2021.1304 – [Juniper] Junos OS: EX4300: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1304 JSA11135 - 2021-04 Security Bulletin: Junos OS: EX4300: FPC crash upon receipt of specific frames on an ... read more
• ESB-2021.1309 – [Debian] python2.7: Multiple vulnerabilities
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1309 python2.7 security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python2.7 Publisher: Debian Operating ... read more
• ESB-2021.1308 – [Debian] python-bleach: Cross-site scripting – Remote with user interaction
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1308 python-bleach security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-bleach Publisher: Debian Operating ... read more
• ESB-2021.1303 – [Appliance] F5 Products: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1303 iApps vulnerability CVE-2020-17507 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ ... read more
• ESB-2021.1305 – [SUSE] openldap2: Denial of service – Remote/unauthenticated
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1305 Security update for openldap2 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE ... read more
• CVE-2021-23381
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to ... read more
• CVE-2021-23379
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to ... read more
• CVE-2021-23376
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible ... read more
• CVE-2021-23374
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible ... read more
• CVE-2021-23380
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package ... read more
• CVE-2021-23377
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible ... read more
• CVE-2021-23378
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible ... read more
• CVE-2021-23375
  Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible ... read more
• CVE-2021-23375
  This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
• CVE-2021-23378
  This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
• CVE-2021-23381
  This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
• CVE-2021-23379
  This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the ... read more
• CVE-2021-23376
  This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
• CVE-2021-23380
  This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker ... read more
• CVE-2021-23377
  This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
• CVE-2021-23374
  This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due ... read more
• CVE-2020-36195
  Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If ... read more
• CVE-2021-3493
  Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file ... read more
• CVE-2021-3492
  Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. ... read more
• CVE-2020-2509
  Gravedad: NonePublicado: 17/04/2021Last revised: 17/04/2021Descripción: *** Pendiente de traducción *** A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to ... read more
• CVE-2021-3492
  Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory ... read more
• CVE-2021-3493
  The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to ... read more
• CVE-2021-29451
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON ... read more
• CVE-2021-29444
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
• CVE-2021-29445
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
• CVE-2021-29452
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow ... read more
• CVE-2021-29446
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm ... read more
• CVE-2020-36195
  An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. ... read more
• CVE-2020-2509
  A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already ... read more
• CVE-2021-29443
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption ... read more
• CVE-2021-27394
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions ... read more
• CVE-2020-9667
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could ... read more
• CVE-2021-31348
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML ... read more
• CVE-2020-9668
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An ... read more
• CVE-2021-31347
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML ... read more
• CVE-2020-9681
  Gravedad: NonePublicado: 16/04/2021Last revised: 16/04/2021Descripción: *** Pendiente de traducción *** Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could ... read more
Older posts