IS Security CERT Global

    • CVE-2021-31811
      In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. ... read more
    • CVE-2021-31812
      In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. ... read more
    • CVE-2020-13009
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13002
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13008
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13007
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13003
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13005
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2021-3525
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further ... read more
    • CVE-2020-13004
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13001
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-13006
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2021-32555
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data ... read more
    • CVE-2021-32550
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data ... read more
    • CVE-2021-32547
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data ... read more
    • CVE-2021-32557
      It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. ... read more
    • CVE-2021-32554
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data ... read more
    • CVE-2021-32556
      It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. ... read more
    • CVE-2021-32552
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data ... read more
    • CVE-2021-32551
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data ... read more
    • CVE-2021-32553
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data ... read more
    • CVE-2021-32548
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data ... read more
    • CVE-2021-32549
      It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data ... read more
    • CVE-2017-5761
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2017-5763
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2021-34679
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** Thycotic Password Reset Server before 5.3.0 allows credential disclosure. ... read more
    • CVE-2017-5762
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2017-5759
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2017-5764
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2021-21382
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to ... read more
    • CVE-2017-5760
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2017-5779
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2017-5765
      Gravedad: NonePublicado: 11/06/2021Last revised: 11/06/2021Descripción: *** Pendiente de traducción *** ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that ... read more
    • CVE-2020-6641 (fortipresence)
      Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal ... read more
    • CVE-2020-14317 (jboss_enterprise_application_platform, wildfly)
      It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could ... read more
    • CVE-2020-14340 (jboss_brms, jboss_data_grid, jboss_data_virtualization, jboss_enterprise_application_platform, jboss_fuse, jboss_operations_network, jboss_soa_platform, xnio)
      A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause ... read more
    • CVE-2019-12067 (debian_linux, qemu)
      The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. ... read more
    • CVE-2020-14380 (satellite)
      An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim ... read more
    • CVE-2020-10743 (kibana, openshift_container_platform)
      It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker ... read more
    • CVE-2020-14335 (satellite)
      A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain ... read more
    • CVE-2020-14388 (3scale_api_management)
      A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user ... read more
    • CVE-2020-27661 (qemu)
      A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process ... read more
    • CVE-2020-14326 (integration_camel_k, resteasy)
      A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the ... read more
    • CVE-2020-35503 (qemu)
      A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback ... read more
    • CVE-2020-14336 (openshift_container_platform)
      A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of ... read more
    • CVE-2009-0948 (files)
      Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02. ... read more
    • CVE-2009-0947 (files)
      Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02. ... read more
    • CVE-2020-35514 (openshift)
      An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access ... read more
    • CVE-2020-14371 (satellite)
      A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. ... read more
    • CVE-2020-35510 (jboss-remoting)
      A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes ... read more
Title Category Tag

Building Innovative Public-Private-Partnerships for Effective and Equitable WSS Services – Project Financing

InfrastructurePPPProjectFinance epcm governments infrastructure

A Review of the Use of Output-Based Aid Approaches – Project Financing

EPCMPPPProjectFinance data sharing governments infrastructure