IS Security CERT Global

    • お知らせ:ソフトウェア等の脆弱性関連情報に関する届出状況[2021年第2四半期(4月~6月)]
    • ESB-2021.2537 – [Debian] intel-microcode: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2537 intel-microcode security update 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: intel-microcode Publisher: Debian Operating ... read more
    • ESB-2021.2536 – [Linux] IBM QRadar SIEM: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2536 Security Bulletin: IBM QRadar SIEM is vulnerable to an XML External Entity Injection (XXE) attack (CVE-2021-20399) 27 ... read more
    • ESB-2021.2534 – [RedHat] thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2534 thunderbird security update 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat ... read more
    • ESB-2021.2533 – [Debian] drupal7: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2533 drupal7 security update 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: drupal7 Publisher: Debian Operating ... read more
    • ESB-2021.2531 – [Ubuntu] MySQL: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2531 USN-5022-1: MySQL vulnerabilities 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MySQL Publisher: Ubuntu Operating ... read more
    • ESB-2021.2535 – [Linux] IBM QRadar SIEM: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2535 Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution 27 July ... read more
    • ESB-2021.2325.2 – UPDATE [Cisco] Cisco Adaptive Security Device Manager: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2325.2 Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.2532 – [RedHat] OpenShift Container Platform 4.7.21: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2532 OpenShift Container Platform 4.7.21 security and bug fix update 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • CVE-2020-18430
      tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). ... read more
    • CVE-2021-37576
      arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. ... read more
    • CVE-2020-18428
      tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). ... read more
    • ESB-2021.2530 – [Ubuntu] Aspell: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2530 USN-5023-1: Aspell vulnerability 27 July 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Aspell Publisher: Ubuntu Operating ... read more
    • CVE-2020-18173
      A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. ... read more
    • CVE-2020-17952
      A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code. ... read more
    • CVE-2020-18174
      A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. ... read more
    • CVE-2020-18170
      An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. ... read more
    • CVE-2020-23242
      Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. ... read more
    • CVE-2020-18171
      TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. ... read more
    • CVE-2021-32795
      ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. In versions prior to 4.3.1.0 a Denial of Service (aka DoS) vulnerability which allows ... read more
    • CVE-2020-23241
      Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. ... read more
    • CVE-2020-23238
      Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. ... read more
    • CVE-2020-23239
      Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. ... read more
    • CVE-2021-37555
      TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related issue to CVE-2019-16734. To connect, the telnet service is used on port 23 with the ... read more
    • CVE-2020-18172
      A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. ... read more
    • CVE-2020-18169
      A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. ... read more
    • CVE-2020-23243
      Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. ... read more
    • CVE-2020-23240
      Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. ... read more
    • CVE-2020-23234
      Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". ... read more
    • CVE-2021-2364 (isupplier_portal)
      Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with ... read more
    • CVE-2021-2365 (human_resources)
      Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: People Management). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network ... read more
    • CVE-2021-2366 (primavera_p6_enterprise_project_portfolio_management)
      Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 17.12.0-17.12.20, 18.8.0-18.8.23, 19.12.0-19.12.14 and 20.12.0-20.12.3. Easily ... read more
    • CVE-2021-2348 (commerce_experience_manager, commerce_guided_search)
      Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable ... read more
    • CVE-2021-37476
      In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the ... read more
    • CVE-2021-37473
      In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the ... read more
    • CVE-2021-36563
      The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on ... read more
    • CVE-2021-37393
      In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, ... read more
    • CVE-2021-37478
      In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. ... read more
    • CVE-2021-37475
      In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. ... read more
    • CVE-2021-37477
      In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. ... read more
    • CVE-2021-37394
      In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration. ... read more
    • CVE-2021-32794
      ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for ... read more
    • CVE-2021-37392
      In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update ... read more
    • CVE-2021-2445 (hyperion_infrastructure_technology)
      Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Difficult to exploit vulnerability allows high privileged attacker with ... read more
    • CVE-2021-2421 (peoplesoft_enterprise_cs_campus_community)
      Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Supported versions that are affected are 9.0 and 9.2. Easily exploitable vulnerability allows low ... read more
    • CVE-2021-2433 (essbase_analytic_provider_services)
      Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Supported versions that are affected are 11.1.2.4 and 21.2. Easily exploitable vulnerability allows unauthenticated attacker with ... read more
    • CVE-2021-2441 (mysql_server, oncommand_insight)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2440 (mysql_server, oncommand_insight)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
    • CVE-2021-2439 (hyperion_bi+)
      Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with ... read more
    • CVE-2021-2437 (mysql_server, oncommand_insight)
      Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network ... read more
Title Category Tag

Will you Embrace AI Fast Enough – ATKearney

Artificial Intelligence Artificial Intelligence AI ATKearney