DIVD CSIRT

gantt title Cases currently open or recently closed dateFormat YYYY-MM-DD axisFormat %e %b %Y DIVD-2021-00014 - Kaseya Unitrends (733 days) :2021-07-02, 2023-07-05 DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning (797 days) :2021-08-10, 2023-10-16 DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js (458 days) :2022-02-23, 2023-05-27 DIVD-2022-00048 - Dossier Energy Transition (open) :2022-09-07, 2024-05-25 DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (open) :2023-02-21, 2024-05-25 DIVD-2022-00055 - Server Management Interfaces security issues (open) :2022-10-08, 2024-05-25 DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability (open) :2022-10-30, 2024-05-25 DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet (open) :2022-02-08, 2024-05-25 DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN (170 days) :2022-12-12, 2023-05-31 DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (open) :2022-09-08, 2024-05-25 DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices (open) :2022-12-19, 2024-05-25 DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN (196 days) :2022-11-16, 2023-05-31 DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518 (126 days) :2023-01-18, 2023-05-24 DIVD-2023-00002 - Publicly Reachable Malicious Webshells (open) :2023-01-06, 2024-05-25 DIVD-2023-00009 - Cisco RV Series Remote Command Execution (178 days) :2023-02-07, 2023-08-04 DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (open) :2023-02-14, 2024-05-25 DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability (open) :2023-02-03, 2024-05-25 DIVD-2023-00016 - GLPI Remote Code Execution (196 days) :2022-11-10, 2023-05-25 DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass (195 days) :2023-03-15, 2023-09-26 DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass (20 days) :2023-04-20, 2023-05-10 DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100 (open) :2023-01-18, 2024-05-25 DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls (open) :2023-04-28, 2024-05-25 DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362 (55 days) :2023-06-02, 2023-07-27 DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157 (111 days) :2023-06-07, 2023-09-26 DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A (open) :2023-01-18, 2024-05-25 DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524 (open) :2023-07-02, 2024-05-25 DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315 (open) :2023-06-23, 2024-05-25 DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934 (open) :2023-07-06, 2024-05-25 DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability (109 days) :2023-06-09, 2023-09-26 DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519 (open) :2023-07-18, 2024-05-25 DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078 (63 days) :2023-07-25, 2023-09-26 DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205 (open) :2023-07-14, 2024-05-25 DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519 (70 days) :2023-07-18, 2023-09-26 DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry (35 days) :2023-08-22, 2023-09-26 DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (open) :2023-09-11, 2024-05-25 DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity (87 days) :2023-09-20, 2023-12-16 DIVD-2023-00037 - Security Feature Bypass in MinIO (open) :2023-09-26, 2024-05-25 DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants (open) :2023-10-17, 2024-05-25 DIVD-2023-00039 - VMware vCenter Server RCE (open) :2023-10-25, 2024-05-25 DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability (open) :2023-10-28, 2024-05-25 DIVD-2023-00042 - Confluence improper authorization vulnerability (155 days) :2023-11-11, 2024-04-14 DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server (131 days) :2023-12-05, 2024-04-14 DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance (open) :2024-01-10, 2024-05-25 DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE (open) :2024-01-12, 2024-05-25 DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP (open) :2023-12-13, 2024-05-25 DIVD-2024-00005 - Remote code execution in FortiOS (open) :2024-02-08, 2024-05-25 DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity (49 days) :2024-02-08, 2024-03-28 DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (open) :2024-02-21, 2024-05-25 DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity (22 days) :2024-03-06, 2024-03-28 DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster (34 days) :2024-03-20, 2024-04-23 DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect (open) :2024-04-12, 2024-05-25 DIVD-2024-00014 - Qlik Sense Remote Code Execution (open) :2024-04-19, 2024-05-25 DIVD-2024-00015 - Unauthenticated sandbox escape with the ability to read sensitive system files within CrushFTP WebInterface (open) :2024-04-23, 2024-05-25