IS Security CERT Global

• Ciscos opdaterer fejl i IOS XE
  Cisco har i forbindelse med sin september patch afdækket og rettet alvorlige fejl, hvoraf de fleste påvirker dets IOS XE-operativsystem. Det skriver Itnews. En lang række af sårbarhederne muliggør forskellige ... read more
• Cyber Essentials Plus is for charities too!
  Sara Ward, the CEO of Black Country Women's Aid, discusses her organisation's experience of gaining Cyber Essentials Plus certification. ... read more
• ESB-2022.4935 – [SUSE] python3: CVSS (Max): 7.4
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4935 Security update for python3 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python3 Publisher: SUSE ... read more
• ESB-2022.4942 – [Ubuntu] Django : CVSS (Max): None
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4942 USN-5653-1: Django vulnerability 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Django Publisher: Ubuntu Operating ... read more
• ESB-2022.4940 – [Ubuntu] Linux kernel: CVSS (Max): 7.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4940 USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux ... read more
• ESB-2022.4939 – [Ubuntu] JACK: CVSS (Max): 8.1
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4939 USN-5656-1: JACK vulnerability 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: JACK Publisher: Ubuntu Operating ... read more
• ESB-2022.4938 – [SUSE] libgit2: CVSS (Max): 7.5
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4938 Security update for libgit2 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libgit2 Publisher: SUSE ... read more
• ESB-2022.4936 – [SUSE] python: CVSS (Max): 7.4
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4936 Security update for python 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python Publisher: SUSE ... read more
• ESB-2022.4937 – [SUSE] nodejs12: CVSS (Max): 6.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4937 Security update for nodejs12 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nodejs12 Publisher: SUSE ... read more
• ESB-2022.4943 – [Appliance] BD Totalys MultiProcessor: CVSS (Max): 6.6
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4943 Advisory (icsma-22-277-01) BD Totalys MultiProcessor 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BD Totalys ... read more
• JVN: Hitachi Energy製Modular Switchgear Monitoring（MSM）における複数の脆弱性
  Hitachi Energyが提供するModular Switchgear Monitoring（MSM）には、複数の脆弱性が存在します。続きを読む ... read more
• JVN: Johnson Controls製Metasys ADXにおける不適切な認証の脆弱性
  Johnson Controls社が提供するMetasys ADXには、不適切な認証の脆弱性が存在します。続きを読む ... read more
• JVN: BD製BD トータリス マルチプロセッサーにおけるハードコードされた認証情報の使用の脆弱性
  Becton, Dickinson and Company（BD）が提供するBD トータリス マルチプロセッサーには、ハードコードされた認証情報の使用の脆弱性が存在します。続きを読む ... read more
• Chrome udgiver version 106
  Google har sendt ​​Chrome 106 på gaden.  Med den nye version er der patchet 20 sårbarheder, hvoraf 16 er rapporteret af eksterne researchere, hvilket foreløbig har udløst små 40.000 dollar ... read more
• ESB-2022.4929 – [SUSE] libcroco: CVSS (Max): 7.1
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4929 Security update for libcroco 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libcroco Publisher: SUSE ... read more
• ESB-2022.4934 – [SUSE] slurm: CVSS (Max): 8.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4934 Security update for slurm 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slurm Publisher: SUSE ... read more
• ESB-2022.4927 – [SUSE] bind: CVSS (Max): 7.5
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4927 Security update for bind 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bind Publisher: SUSE ... read more
• ESB-2022.4933 – [SUSE] slurm_20_02: CVSS (Max): 8.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4933 Security update for slurm_20_02 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: slurm_20_02 Publisher: SUSE ... read more
• ESB-2022.4932 – [SUSE] webkit2gtk3: CVSS (Max): 8.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4932 Security update for webkit2gtk3 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: webkit2gtk3 Publisher: SUSE ... read more
• ESB-2022.4931 – [SUSE] webkit2gtk3: CVSS (Max): 8.8
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4931 Security update for webkit2gtk3 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: webkit2gtk3 Publisher: SUSE ... read more
• ESB-2022.4928 – [SUSE] colord: CVSS (Max): 4.0
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4928 Security update for colord 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: colord Publisher: SUSE ... read more
• ESB-2022.4926 – [SUSE] bind: CVSS (Max): 7.5
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4926 Security update for bind 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bind Publisher: SUSE ... read more
• ESB-2022.4930 – [SUSE] libgit2: CVSS (Max): 7.3
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4930 Security update for libgit2 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libgit2 Publisher: SUSE ... read more
• TSUBAME Report Overflow (Apr-Jun 2022)
  This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring ... read more
• ESB-2022.4922 – [Debian] mariadb-10.3: CVSS (Max): None
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4922 mariadb-10.3 regression update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mariadb-10.3 Publisher: Debian Operating ... read more
• ESB-2022.4924 – [Debian] mediawiki: CVSS (Max): 8.1*
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4924 mediawiki security update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating ... read more
• ESB-2022.4925 – [Debian] barbican: CVSS (Max): 7.1
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4925 barbican security update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: barbican Publisher: Debian Operating ... read more
• ESB-2022.4923 – [Debian] barbican: CVSS (Max): 7.1
  -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4923 barbican security update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: barbican Publisher: Debian Operating ... read more
• Weekly Report: 複数のCisco製品に脆弱性
  複数のCisco製品には、複数の脆弱性があります。結果として、遠隔の第三者が、サービス運用妨害（DoS）攻撃を行うなどの可能性があります。続きを読む ... read more
• Weekly Report: Drupal coreに情報漏えいの脆弱性
  Drupal coreには情報漏えいの脆弱性があります。結果として、Twigコードの書き込み権限を持つ第三者が、当該システムのファイルの内容やデータベースの資格情報を窃取する可能性があります続きを読む ... read more
• Weekly Report: Mozilla Thunderbirdに複数の脆弱性
  Thunderbirdは複数の脆弱性があります。結果として、攻撃者がメッセージを他者になりすまして送信するなどの可能性があります。続きを読む ... read more
• Weekly Report: Apache TomcatにHttp11Processorインスタンスにおける競合状態による情報漏えいの脆弱性
  Apache Tomcatには、Http11Processorインスタンスにて競合状態が発生し、情報漏えいに繋がる脆弱性があります。結果として、複数のクライアントから接続された場合、レスポンスのすべてまたはその一部を誤ったクライアントに送信することで、情報が漏えいする可能性があります。続きを読む ... read more
• Weekly Report: Google Chromeに複数の脆弱性
  Google Chromeには、複数の脆弱性があります。続きを読む ... read more
• CVE-2022-3125 (frontend_file_manager)
  The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them ... read more
• CVE-2022-2839 (zephyr_project_manager)
  The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly ... read more
• CVE-2022-3124 (frontend_file_manager)
  The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, ... read more
• CVE-2021-36865 (quiz_and_survey_master)
  Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. ... read more
• CVE-2022-20728 (aironet_1542d_firmware, aironet_1542i_firmware, aironet_1562d_firmware, aironet_1562e_firmware, aironet_1562i_firmware, aironet_1815i_firmware, aironet_1815m_firmware, aironet_1815t_firmware, aironet_1815w_firmware, aironet_1830_firmware, aironet_1840_firmware, aironet_1850e_firmware, aironet_1850i_firmware, aironet_2800e_firmware, aironet_2800i_firmware, aironet_3800e_firmware, aironet_3800i_firmware, aironet_3800p_firmware, aironet_4800_firmware, catalyst_9105ax_firmware, catalyst_9115ax_firmware, catalyst_9117ax_firmware, catalyst_9120ax_firmware, catalyst_9124ax_firmware, catalyst_9130ax_firmware, catalyst_iw6300_firmware)
  A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative ... read more
• CVE-2022-20662 (duo)
  A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned ... read more
• CVE-2021-33354 (htmly)
  Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. ... read more
• CVE-2022-40944 (dairy_farm_shop_management_system)
  Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. ... read more
• CVE-2022-41870 (innovaphone_firmware)
  AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. ... read more
• CVE-2022-41975 (vnc_server, vnc_viewer)
  RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. ... read more
• Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
  Original release date: October 4, 2022CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used ... read more
• OMRON CX-Programmer
  ... read more
• Johnson Controls Metasys ADX Server
  ... read more
• BD Totalys MultiProcessor
  ICS Advisory ... read more
• Hitachi Energy Modular Switchgear Monitoring (MSM)
  ICS Advisory ... read more
• Horner Automation Cscape
  ICS Advisory ... read more
• Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
  ... read more