The DIVD CSIRT…
… supports the Dutch Institute for Vulnerability Disclosure, in its mission “…to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.”
The CSIRT handles the scanning for and disclosing of vulnerabilities, either discovered by DIVD researchers or third parties and warning people for leaked credentials and operates our CVE Numbering Authoristy (CNA) capability.
Our blog
Last 10 posts …
- 12-08-2024 - Research of Wietse Boonstra and Hidde Smit featured in Follow the Money and at EenVandaag.
- 30-05-2024 - DIVD CSIRT performs victim notification for Operation Endgame.
- 25-04-2024 - DIVD CSIRT Congratulates Project Melissa.
- 10-07-2023 - Limited disclosure of 6 vulnerabilities in OSNexus Quantastor.
- 24-02-2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case.
- 18-01-2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers.
- 14-12-2022 - Fortinet sslvpnd vulnerability - update.
- 13-12-2022 - Fortinet SSL VPN Vulnerability.
- 15-08-2022 - Closing GeyNoise Ukraine Only case.
- 10-08-2022 - Itarian Full disclosure.
gantt
title Cases currently open or recently closed
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2022-00048 - Dossier Energy Transition (572 days) :2022-09-07, 2024-04-01
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (516 days) :2023-02-21, 2024-07-21
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (683 days) :2022-09-08, 2024-07-22
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (524 days) :2023-02-14, 2024-07-22
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability (320 days) :2023-02-03, 2023-12-20
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100 (336 days) :2023-01-18, 2023-12-20
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls (236 days) :2023-04-28, 2023-12-20
DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A (336 days) :2023-01-18, 2023-12-20
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934 (382 days) :2023-07-06, 2024-07-22
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (238 days) :2023-09-11, 2024-05-06
DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity (87 days) :2023-09-20, 2023-12-16
DIVD-2023-00037 - Security Feature Bypass in MinIO (65 days) :2023-09-26, 2023-11-30
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants (45 days) :2023-10-17, 2023-12-01
DIVD-2023-00039 - VMware vCenter Server RCE (271 days) :2023-10-25, 2024-07-22
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability (12 days) :2023-10-28, 2023-11-09
DIVD-2023-00042 - Confluence improper authorization vulnerability (155 days) :2023-11-11, 2024-04-14
DIVD-2023-00045 - Confluence RCE Vulnerability In Confluence Data Center and Confluence Server (131 days) :2023-12-05, 2024-04-14
DIVD-2024-00001 - Auth. Bypass and Command Injection in Ivanti VPN appliance (33 days) :2024-01-10, 2024-02-12
DIVD-2024-00002 - Account takeover vulnerability in Gitlab CE/EE (141 days) :2024-01-12, 2024-06-01
DIVD-2024-00003 - Unauthenticaded Remote Code Execution in CrushFTP (126 days) :2023-12-13, 2024-04-17
DIVD-2024-00004 - 2024-00004 Global NGOs (open) :2023-10-04, 2024-12-03
DIVD-2024-00005 - Remote code execution in FortiOS (7 days) :2024-02-08, 2024-02-15
DIVD-2024-00006 - Authentication Bypass in JetBrains TeamCity (49 days) :2024-02-08, 2024-03-28
DIVD-2024-00008 - Authentication Bypass and Remote Code Execution in ConnectWise ScreenConnect (101 days) :2024-02-21, 2024-06-01
DIVD-2024-00009 - Authentication Bypass in JetBrains TeamCity (22 days) :2024-03-06, 2024-03-28
DIVD-2024-00010 - Unauthenticated Command Injection In Progress Kemp LoadMaster (34 days) :2024-03-20, 2024-04-23
DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices (open) :2024-04-11, 2024-12-03
DIVD-2024-00013 - Palo Alto PAN-OS Command Injection Vulnerability in GlobalProtect (11 days) :2024-04-12, 2024-04-23
DIVD-2024-00014 - Qlik Sense Remote Code Execution (75 days) :2024-04-19, 2024-07-03
DIVD-2024-00015 - Remote Command Execution in CrushFTP (39 days) :2024-04-23, 2024-06-01
DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices (open) :2024-04-30, 2024-12-03
DIVD-2024-00018 - Out-Of-Bounds memory read vulnerability in Citrix Netscaler and Gateway (66 days) :2024-05-08, 2024-07-13
DIVD-2024-00019 - Victim Notification Operation Endgame (open) :2024-05-30, 2024-12-03
DIVD-2024-00020 - Authentication Bypass in GitHub Enterprise Server (GHES) (24 days) :2024-05-27, 2024-06-20
DIVD-2024-00021 - Local File Inclusion in Check Point Security Gateway software (47 days) :2024-05-30, 2024-07-16
DIVD-2024-00022 - Millions of credentials scraped from Telegram (open) :2024-06-04, 2024-12-03
DIVD-2024-00023 - Authentication Bypass Vulnerability in Progress Telerik Report Server (39 days) :2024-06-04, 2024-07-13
DIVD-2024-00024 - Multiple vulnerabilities found in the SOPlanning tool (140 days) :2024-05-29, 2024-10-16
DIVD-2024-00025 - QNAP - OS command injection as Admin user possible via quick.cgi (118 days) :2024-06-07, 2024-10-03
DIVD-2024-00026 - Unauthenticated RCE in Rejetto HTTP File Server (33 days) :2024-06-10, 2024-07-13
DIVD-2024-00028 - Local File Inclusion in SolarWinds U-Serv (118 days) :2024-06-21, 2024-10-17
DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilities (open) :2024-06-21, 2024-12-03
DIVD-2024-00030 - Zyxel NAS - unauthenticated OS command injection (101 days) :2024-06-24, 2024-10-03
DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey (open) :2024-08-05, 2024-12-03
DIVD-2024-00032 - Unauthenticated Remote Code Execution (RCE) vulnerability in Geoserver (73 days) :2024-07-03, 2024-09-14
DIVD-2024-00033 - ServiceNow - unauthenticated remote code execution (RCE) (67 days) :2024-07-13, 2024-09-18
DIVD-2024-00038 - Remote Code Execution CUPS (open) :2024-10-17, 2024-12-03
DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE (open) :2024-09-29, 2024-12-03
DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions (open) :2024-09-25, 2024-12-03
DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass (open) :2024-09-24, 2024-12-03
DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk (open) :2024-09-24, 2024-12-03
DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd (open) :2024-10-24, 2024-12-03
DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability (open) :2024-10-30, 2024-12-03
Open cases
- DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
- DIVD-2024-00044 - Missing authentication in Fortinet FortiManager fgfmsd
- DIVD-2024-00042 - Multiple critical vulnerabilities in Solarwinds Web Help Desk
- DIVD-2024-00041 - Progress Software WhatsUp Gold SQL Injection Authentication Bypass
- DIVD-2024-00040 - Zimbra Collaboration (ZCS) vulnerable for RCE under specific conditions
- DIVD-2024-00039 - Incorrect authorization vulnerability in Apache OFBiz resulting in RCE
- DIVD-2024-00038 - Remote Code Execution CUPS
- DIVD-2024-00031 - Unauthenticated Local File Inclusion vulnerability in ComfortKey
- DIVD-2024-00029 - VMware vCenter Server multiple heap-overflow vulnerabilities
- DIVD-2024-00022 - Millions of credentials scraped from Telegram
- DIVD-2024-00019 - Victim Notification Operation Endgame
- DIVD-2024-00016 - Command injection vulnerabilities in QNAP devices
- DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices
- DIVD-2024-00004 - 2024-00004 Global NGOs
Some statistics
Year | # of cases | # of vulnerable IPs notified | # of leaked credentials notified | # of cves assigned/requested |
---|---|---|---|---|
2020 | 14 | 58,358 | 386 | 0 |
2021 | 25 | 99,006 | 5,000,100 | 23 |
2022 | 42 | 297,472 | 0 | 19 |
2023 | 37 | 375,531 | 0 | 15 |
2024 | 36 | 487,216 | 1,218,000,000 | 12 |