IS Security CERT Global

    • ESB-2021.0691 – [RedHat] OpenShift Container Platform 4.7 Products: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0691 OpenShift Container Platform 4.7 security and bug fix updates 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2021.0688 – [RedHat] thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0688 thunderbird security update 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: thunderbird Publisher: Red Hat ... read more
    • ESB-2021.0690 – [RedHat] OpenShift Container Platform 4.7.0: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0690 OpenShift Container Platform 4.7.0 packages security update 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • ESB-2021.0686 – [UNIX/Linux][Debian] nodejs: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0686 nodejs security update 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nodejs Publisher: Debian Operating ... read more
    • ESB-2021.0689 – [RedHat] OpenShift Container Platform 4.7: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0689 OpenShift Container Platform 4.7 file-integrity-operator image security update 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- ... read more
    • ESB-2021.0687 – [RedHat] firefox: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0687 Critical: firefox security updates 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox Publisher: Red ... read more
    • ESB-2021.0685 – [Debian] firefox-esr: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0685 firefox-esr security update 25 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating ... read more
    • CVE-2020-9052
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: ... read more
    • CVE-2020-9053
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: ... read more
    • CVE-2020-9051
      ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: ... read more
    • CVE-2021-1230
      A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a ... read more
    • CVE-2021-1393
      Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make ... read more
    • CVE-2021-1229
      A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead ... read more
    • CVE-2021-1228
      A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to bypass ... read more
    • CVE-2021-1387
      A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability ... read more
    • CVE-2021-1396
      Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make ... read more
    • CVE-2021-1450
      A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an ... read more
    • CVE-2021-1367
      A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected ... read more
    • CVE-2021-1361
      A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running ... read more
    • CVE-2021-1231
      A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching ... read more
    • CVE-2021-1388
      A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected ... read more
    • CVE-2021-1368
      A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges ... read more
    • CVE-2021-1227
      A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability ... read more
    • CVE-2019-18255 (ifix)
      HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. ... read more
    • CVE-2021-26747 (wf2411_firmware, wf2780_firmware)
      Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. ... read more
    • CVE-2020-36233 (bitbucket)
      The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because ... read more
    • CVE-2019-18243 (ifix)
      HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. ... read more
    • CVE-2021-26911 (canary_mail, mailcore2)
      core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. ... read more
    • CVE-2020-11987
      Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause ... read more
    • CVE-2020-4931
      IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ... read more
    • CVE-2020-11988
      Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to ... read more
    • CVE-2021-22667
      BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code ... read more
    • CVE-2021-21974
      OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who ... read more
    • CVE-2020-7836
      VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via ... read more
    • CVE-2020-27224
      In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. ... read more
    • CVE-2021-21973
      The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to ... read more
    • CVE-2021-21972
      The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute ... read more
    • CVE-2020-28499 (merge)
      All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . ... read more
    • CVE-2020-28490 (async-git)
      The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb') ... read more
    • CVE-2020-35776 (asterisk)
      A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. ... read more
    • CVE-2021-26717 (asterisk, certified_asterisk)
      An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote ... read more
    • CVE-2021-22855 (hr_portal)
      The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands. ... read more
    • CVE-2021-26712 (asterisk, certified_asterisk)
      Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP ... read more
    • CVE-2021-26906 (asterisk, certified_asterisk)
      An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An ... read more
    • CVE-2021-21620
      A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims. ... read more
    • CVE-2021-21618
      Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure ... read more
    • CVE-2021-3355
      A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. ... read more
    • CVE-2021-21622
      Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. ... read more
    • CVE-2021-21621
      Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of ... read more
    • CVE-2020-28599
      A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file ... read more
Title Category Tag

Chemical Industry – Parsons Report – Cybersecurity

CybersecurityICSIIOT cybersecurity epcm ICS

US DOE CIB – 21 Steps to Improve Cyber Security of SCADA Networks – Cybersecurity

CybersecurityIIOTInfrastructure cybersecurity ICS SCADA