The DIVD CSIRT…
… supports the Dutch Institute for Vulnerability Disclosure, in its mission “…to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.”
The CSIRT handles the scanning for and disclosing of vulnerabilities, either discovered by DIVD researchers or third parties and warning people for leaked credentials.
Our blog
Last 10 posts …
- 24-02-2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case.
- 18-01-2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers.
- 14-12-2022 - Fortinet sslvpnd vulnerability - update.
- 13-12-2022 - Fortinet SSL VPN Vulnerability.
- 15-08-2022 - Closing GeyNoise Ukraine Only case.
- 10-08-2022 - Itarian Full disclosure.
- 09-08-2022 - SmarterTrack Full disclosure.
- 08-06-2022 - ITarian critical vulnerabilities.
- 03-06-2022 - Confluence 0-day.
- 04-04-2022 - Kaseya Full Disclosure.
gantt
title Cases currently open or recently closed
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00014 - Kaseya Unitrends (open) :2021-07-02, 2023-04-26
DIVD-2021-00015 - Telegram OD (487 days) :2021-06-10, 2022-10-10
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration (226 days) :2021-08-18, 2022-04-01
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle (406 days) :2021-08-30, 2022-10-10
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE) (383 days) :2021-09-22, 2022-10-10
DIVD-2021-00029 - Smartertrack (358 days) :2021-10-17, 2022-10-10
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution (313 days) :2021-12-01, 2022-10-10
DIVD-2021-00038 - Apache Log4j2 (117 days) :2021-12-09, 2022-04-05
DIVD-2022-00002 - Grafana (335 days) :2021-12-07, 2022-11-07
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections (132 days) :2022-01-13, 2022-05-25
DIVD-2022-00005 - Exposed BACnet devices (open) :2022-01-29, 2023-04-26
DIVD-2022-00006 - SAProuter (156 days) :2022-02-07, 2022-07-13
DIVD-2022-00007 - Subdomain Takeovers (open) :2022-02-04, 2023-04-26
DIVD-2022-00008 - XSS Zeroday in Zimbra (127 days) :2021-12-14, 2022-04-20
DIVD-2022-00009 - SolarMan backend administrator account/password (146 days) :2022-02-06, 2022-07-02
DIVD-2022-00010 - Auth bypass in SAP (61 days) :2022-02-08, 2022-04-10
DIVD-2022-00012 - Global Charity Vulnerabilities (324 days) :2022-02-22, 2023-01-12
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates (260 days) :2022-02-05, 2022-10-23
DIVD-2022-00014 - GreyNoise's Ukraine only list (164 days) :2022-03-04, 2022-08-15
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL API (180 days) :2022-03-04, 2022-08-31
DIVD-2022-00017 - Global Healthcare Vulnerabilities (open) :2022-03-10, 2023-04-26
DIVD-2022-00019 - Insecure Mendix Applications (233 days) :2022-03-19, 2022-11-07
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js (open) :2022-02-23, 2023-04-26
DIVD-2022-00021 - Ivanti EPM CSA remote code execution (240 days) :2022-03-25, 2022-11-20
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability (216 days) :2022-03-29, 2022-10-31
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963 (175 days) :2022-03-31, 2022-09-22
DIVD-2022-00025 - VMware - CVE-2022-22954 (233 days) :2022-04-12, 2022-12-01
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464 (210 days) :2022-04-24, 2022-11-20
DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution (46 days) :2022-05-10, 2022-06-25
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall (288 days) :2022-05-10, 2023-02-22
DIVD-2022-00030 - Exposed QNAP (open) :2022-05-23, 2023-04-26
DIVD-2022-00032 - Exchange backdoor (open) :2022-06-03, 2023-04-26
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE (181 days) :2022-06-03, 2022-12-01
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server (247 days) :2022-07-03, 2023-03-07
DIVD-2022-00042 - Canon print portals facing the internet (open) :2022-08-18, 2023-04-26
DIVD-2022-00045 - Injection vulnerability found within Socket.io (open) :2022-04-29, 2023-04-26
DIVD-2022-00048 - Dossier Energy Transition (open) :2022-09-07, 2023-04-26
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221 (open) :2022-09-09, 2023-04-26
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (open) :2023-02-21, 2023-04-26
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804 (open) :2022-09-21, 2023-04-26
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE (open) :2022-09-30, 2023-04-26
DIVD-2022-00055 - Server Management Interfaces security issues (open) :2022-10-08, 2023-04-26
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products (open) :2022-10-07, 2023-04-26
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center (116 days) :2022-11-17, 2023-03-13
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet (open) :2022-02-08, 2023-04-26
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN (open) :2022-12-12, 2023-04-26
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (open) :2022-09-08, 2023-04-26
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices (open) :2022-12-19, 2023-04-26
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518 (open) :2023-01-18, 2023-04-26
DIVD-2023-00002 - Publicly Reachable Malicious Webshells (open) :2023-01-06, 2023-04-26
DIVD-2023-00003 - OS command injection in CentOS CWP (42 days) :2023-01-11, 2023-02-22
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine (open) :2023-01-20, 2023-04-26
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero (open) :2023-02-02, 2023-04-26
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack (open) :2023-02-03, 2023-04-26
DIVD-2023-00009 - Cisco RV Series Remote Command Execution (open) :2023-02-07, 2023-04-26
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (open) :2023-02-14, 2023-04-26
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability (open) :2023-02-03, 2023-04-26
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Faspex (open) :2023-02-17, 2023-04-26
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management Products (open) :2023-02-01, 2023-04-26
DIVD-2023-00015 - Yeastar Configuration Panel Takeover (13 days) :2023-01-20, 2023-02-02
DIVD-2023-00016 - GLPI Remote Code Execution (open) :2022-11-10, 2023-04-26
DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass (open) :2023-03-15, 2023-04-26
Open cases
- DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
- DIVD-2023-00016 - GLPI Remote Code Execution
- DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management Products
- DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Faspex
- DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
- DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
- DIVD-2023-00009 - Cisco RV Series Remote Command Execution
- DIVD-2023-00007 - Global VMware ESXi Ransomware Attack
- DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero
- DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine
- DIVD-2023-00002 - Publicly Reachable Malicious Webshells
- DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518
- DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices
- DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
- DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN
- DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet
- DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products
- DIVD-2022-00055 - Server Management Interfaces security issues
- DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE
- DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804
- DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
- DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221
- DIVD-2022-00048 - Dossier Energy Transition
- DIVD-2022-00045 - Injection vulnerability found within Socket.io
- DIVD-2022-00042 - Canon print portals facing the internet
- DIVD-2022-00032 - Exchange backdoor
- DIVD-2022-00030 - Exposed QNAP
- DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js
- DIVD-2022-00017 - Global Healthcare Vulnerabilities
- DIVD-2022-00007 - Subdomain Takeovers
- DIVD-2022-00005 - Exposed BACnet devices
- DIVD-2021-00014 - Kaseya Unitrends
Some statistics
Year | # of cases | # of vulnerable IPs notified |
---|---|---|
2020 | 14 | 58,358 |
2021 | 24 | 98,757 |
2022 | 40 | 186,123 |
2023 | 14 | 34 |