IS Security CERT Global

    • Múltiples vulnerabilidades en Moodle
      Publication date: 05/18/2021 Importance: Crítica Affected resources: Las versiones de Moodle que se ven afectadas son las siguientes: de la 3.10 a la 3.10.3; de la 3.9 a ... read more
    • CVE-2020-15279
      An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. ... read more
    • CVE-2021-3423
      Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender ... read more
    • Múltiples vulnerabilidades en Moodle
      Fecha de publicación: 18/05/2021 Importancia: Crítica Recursos afectados: Las versiones de Moodle que se ven afectadas son las siguientes: de la 3.10 a la 3.10.3; de la 3.9 ... read more
    • Múltiples vulnerabilidades en productos de Siemens
      Fecha de publicación: 18/05/2021 Importancia: Alta Recursos afectados: JT2Go, todas las versiones anteriores a la 13.1.0.2; Teamcenter Visualization, todas las versiones anteriores a la 13.1.0.2. Descripción: ... read more
    • Múltiples vulnerabilidades en productos de Siemens
      Publication date: 05/18/2021 Importance: Alta Affected resources: JT2Go, todas las versiones anteriores a la 13.1.0.2; Teamcenter Visualization, todas las versiones anteriores a la 13.1.0.2. Description: Se ... read more
    • Japan: Stop for brug af udenlandsk udstyr i kritiske sektorer
      Angrebet på Colonial Pipeline får Japan til at begrænse den private sektors brug af udenlandsk udstyr og teknologi. Det skriver ZDNet på baggrund af en rapport, der er refereret i ... read more
    • ESB-2021.1673 – [Linux][Ubuntu] Caribou: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1673 USN-4958-1: Caribou vulnerability 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Caribou Publisher: Ubuntu Operating ... read more
    • ESB-2021.1674 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1674 Security Vulnerabilities fixed in Thunderbird 78.10.2 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Thunderbird ... read more
    • ESB-2021.1671 – [Debian] chromium: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1671 chromium security update 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: chromium Publisher: Debian Operating ... read more
    • ESB-2021.1672 – [Win][UNIX/Linux] Moodle: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1672 Moodle security updates 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Moodle Publisher: Moodle Operating ... read more
    • CVE-2020-21840
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. ... read more
    • CVE-2020-21844
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. ... read more
    • CVE-2020-18194
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as ... read more
    • CVE-2020-18198
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images ... read more
    • CVE-2020-21843
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. ... read more
    • CVE-2020-24755
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows ... read more
    • CVE-2020-18195
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific ... read more
    • CVE-2020-21842
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. ... read more
    • CVE-2020-21841
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. ... read more
    • CVE-2020-21831
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. ... read more
    • ESB-2021.1669 – SUSE kernel
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1669 Security update for the Linux Kernel 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel ... read more
    • ESB-2021.1670 – [Debian] curl: Access confidential data – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1670 curl security update 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: curl Publisher: Debian Operating ... read more
    • ESB-2021.1668 – [UNIX/Linux][Debian] prosody: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1668 prosody security update 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: prosody Publisher: Debian Operating ... read more
    • JPCERT/CC participated in the Locked Shields 2021
      JPCERT/CC participated in the cyber exercise “Locked Shields” organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) during 13 – 16 April 2021. We joined as a member ... read more
    • ESB-2021.1667 – [Win][UNIX/Linux][Ubuntu] DjVuLibre: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1667 USN-4957-1: DjVuLibre vulnerabilities 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: DjVuLibre Publisher: Ubuntu Operating ... read more
    • ESB-2021.1666 – [Win][UNIX/Linux][Ubuntu] Eventlet: Denial of service – Remote/unauthenticated
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1666 USN-4956-1: Eventlet vulnerability 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Eventlet Publisher: Ubuntu Operating ... read more
    • ESB-2021.1665 – [UNIX/Linux][Ubuntu] Please: Multiple vulnerabilities
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1665 USN-4955-1: Please vulnerabilities 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Please Publisher: Ubuntu Operating ... read more
    • お知らせ:JPCERT/CC Eyes「Locked Shields 2021 参加記」
    • ESB-2021.1664 – [Ubuntu] Intel Microcode: Access confidential data – Existing account
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1664 USN-4628-3: Intel Microcode vulnerabilities 18 May 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Microcode Publisher: ... read more
    • CVE-2021-29048
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 ... read more
    • CVE-2021-27342
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker ... read more
    • CVE-2021-27734
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials ... read more
    • CVE-2021-29052
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not ... read more
    • CVE-2021-3483
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted ... read more
    • CVE-2021-32403
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms ... read more
    • CVE-2021-31728
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .ZemanaAntiMalware, ... read more
    • CVE-2021-32402
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and ... read more
    • CVE-2021-31727
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. ... read more
    • CVE-2021-29051
      Gravedad: NonePublicado: 17/05/2021Last revised: 17/05/2021Descripción: *** Pendiente de traducción *** Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP ... read more
    • CVE-2020-21844
      GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. ... read more
    • CVE-2020-21842
      A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051. ... read more
    • CVE-2020-21843
      A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. ... read more
    • CVE-2020-18194
      Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. ... read more
    • CVE-2020-18195
      Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." ... read more
    • CVE-2020-21831
      A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. ... read more
    • CVE-2020-18198
      Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." ... read more
    • CVE-2020-24755
      In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code ... read more
    • CVE-2020-21830
      A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213. ... read more
    • CVE-2020-21833
      A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440. ... read more
Title Category Tag