IS Security CERT Global

    • Kritiska sårbarheter i OMI kan påverka Linux-maskiner
      Sårbarheter i Open Management Infrastructure (OMI), som används för vissa Microsoft Azure-tjänster, kan möjliggöra fjärrkörning av godtycklig kod. Sårbarheterna påverkar även virtuella Linux-maskiner och kan vara installerad utan användarens veteskap.[1] ... read more
    • Mēris, una nueva botnet, bate el récord de ataque DDoS
      Fecha de publicación: 09/09/2021 Según apuntan los investigadores de Qrator Labs, ha surgido una nueva botnet conocida como Mēris, con una potencia, hasta el momento registrada, de 21.8 millones ... read more
    • Mēris, a new botnet, breaks DDoS attack record
      Publication date: 09/09/2021 According to Qrator Labs researchers, a new botnet known as Mēris has appeared, which has a recorded power of 21.8 million of request per second (RPS) ... read more
    • Weekly Threat Report 17th September 2021
      The NCSC's weekly threat report is drawn from recent open source reporting. ... read more
    • CVE-2021-30678 (mac_os_x, macos)
      A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may ... read more
    • CVE-2021-30706 (ipados, iphone_os, macos, tvos, watchos)
      Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. ... read more
    • CVE-2021-30664 (ipados, iphone_os, macos, tvos, watchos)
      An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a ... read more
    • CVE-2021-39327
      The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of ... read more
    • CVE-2021-23442
      This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object. ... read more
    • Múltiples vulnerabilidades en productos MGate y MXview de Moxa
      Fecha de publicación: 17/09/2021 Importancia: Alta Recursos afectados: MGate MB3180 Series, versión de firmware 2.2 o anteriores; MGate MB3280 Series, versión de firmware 4.1 o anteriores; MGate ... read more
    • Múltiples vulnerabilidades en productos MGate y MXview de Moxa
      Publication date: 09/17/2021 Importance: Alta Affected resources: MGate MB3180 Series, versión de firmware 2.2 o anteriores; MGate MB3280 Series, versión de firmware 4.1 o anteriores; MGate MB3480 ... read more
    • CVE-2021-41303
      Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. ... read more
    • CVE-2021-3805
      object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') ... read more
    • CVE-2021-1939
      Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables ... read more
    • CVE-2021-3812
      adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
    • CVE-2021-3810
      code-server is vulnerable to Inefficient Regular Expression Complexity ... read more
    • CVE-2021-3804
      taro is vulnerable to Inefficient Regular Expression Complexity ... read more
    • CVE-2021-30260
      Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, ... read more
    • CVE-2021-3803
      nth-check is vulnerable to Inefficient Regular Expression Complexity ... read more
    • CVE-2021-3811
      adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ... read more
    • CVE-2021-30261
      Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, ... read more
    • CVE-2021-3807
      ansi-regex is vulnerable to Inefficient Regular Expression Complexity ... read more
    • CVE-2021-1947
      Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking ... read more
    • CVE-2021-1976
      A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ... read more
    • Vulnerabilidad en productos EcoStruxure y SCADAPack de Schneider Electric
      Fecha de publicación: 17/09/2021 Importancia: Alta Recursos afectados: EcoStruxure Control Expert, todas las versiones, inclusive el antiguo Unity Pro; EcoStruxure Process Expert, todas las versiones, inclusive el ... read more
    • Vulnerabilidad en productos EcoStruxure y SCADAPack de Schneider Electric
      Publication date: 09/17/2021 Importance: Alta Affected resources: EcoStruxure Control Expert, todas las versiones, inclusive el antiguo Unity Pro; EcoStruxure Process Expert, todas las versiones, inclusive el antiguo ... read more
    • CVE-2021-20791
      Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment ... read more
    • CVE-2021-20790
      Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors. ... read more
    • CVE-2021-20828
      Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. ... read more
    • CVE-2021-20825
      Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. ... read more
    • JVN: シャープNECディスプレイソリューションズ製パブリックディスプレイにおける複数の脆弱性
      シャープNECディスプレイソリューションズ株式会社が提供する複数のパブリックディスプレイには、複数の脆弱性が存在します。続きを読む ... read more
    • Multiple vulnerabilities in Sharp NEC Display Solutions' public displays
      Multiple public displays provided by Sharp NEC Display Solutions, Ltd. contain multiple vulnerabilities. ... read more
    • ESB-2021.3141 – [RedHat] Openshift Serverless: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3141 Release of OpenShift Serverless 1.17.0 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Openshift Serverless ... read more
    • ESB-2021.3129.2 – UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM DB2: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3129.2 IBM(R) Db2(R) could allow a local user to read and write specific files due to weak file ... read more
    • ESB-2021.3139 – [Appliance] Schneider Electric EcoStruxure and SCADAPack: Execute arbitrary code/commands – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3139 Advisory (icsa-21-259-02) Schneider Electric EcoStruxure and SCADAPack 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • ESB-2021.3137 – [Ubuntu] Linux Kernel (HWE): Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3137 USN-5071-2: Linux kernel (HWE) vulnerabilities 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel ... read more
    • ESB-2021.3138 – [Win][UNIX/Linux][Ubuntu] Python: Denial of service – Remote with user interaction
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3138 USN-5083-1: Python vulnerabilities 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Python Publisher: Ubuntu Operating ... read more
    • ESB-2021.3134 – [Ubuntu] Libgcrypt: Access confidential data – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3134 USN-5080-2: Libgcrypt vulnerabilities 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Libgcrypt Publisher: Ubuntu Operating ... read more
    • ESB-2021.3135 – [Ubuntu] Qt: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3135 USN-5081-1: Qt vulnerabilities 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Qt Publisher: Ubuntu Operating ... read more
    • ESB-2021.3136 – [Ubuntu] Linux Kernel (OEM): Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3136 USN-5082-1: Linux kernel (OEM) vulnerabilities 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux Kernel ... read more
    • ESB-2021.3140 – [Appliance] Siemens RUGGEDCOM ROX: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3140 Advisory (icsa-21-259-01) Siemens RUGGEDCOM ROX 17 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens RUGGEDCOM ... read more
    • CVE-2020-21596
      libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21606
      libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21594
      libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21605
      libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21598
      libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21604
      libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21603
      libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21600
      libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. ... read more
    • CVE-2020-21602
      libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. ... read more
Title Category Tag

Harnessing the Ontario Cybersecurity Opportunity for Growth – Deloitte TFSA OCE

Cybersecurity cybersecurity

Cyber Resiliency Design Principles MTR17001 PR 17-0103

Cybersecurity Cyber Resiliency

Deloitte NASCIO Cybersecurity Study – State Governments at Risk – Cybersecurity

CybersecurityInfrastructureSmartCities cybersecurity infosec

Chemical Industry – Parsons Report – Cybersecurity

CybersecurityICSIIOT cybersecurity epcm ICS

Canada National Security Cyber Espionage – Senate Hearing 2016 – Cybersecurity

CybersecuritySmartCities cybersecurity infosec infrastructure

NASCIO Data Sharing Report Advancing Digital Government 2017 – Cybersecurity

CybersecuritySmartCitiesTechnology cybersecurity ICS standards

US DOE CIB – 21 Steps to Improve Cyber Security of SCADA Networks – Cybersecurity

CybersecurityIIOTInfrastructure cybersecurity ICS SCADA