The DIVD CSIRT…
… supports the Dutch Institute for Vulnerability Disclosure, in its mission “…to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.”
The CSIRT handles the scanning for and disclosing of vulnerabilities, either discovered by DIVD researchers or third parties and warning people for leaked credentials and operates our CVE Numbering Authoristy (CNA) capability.
Our blog
Last 10 posts …
- 10-07-2023 - Limited disclosure of 6 vulnerabilities in OSNexus Quantastor.
- 24-02-2023 - DIVD’s response regard the involvement of a DIVD volunteer in a major data theft case.
- 18-01-2023 - Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers.
- 14-12-2022 - Fortinet sslvpnd vulnerability - update.
- 13-12-2022 - Fortinet SSL VPN Vulnerability.
- 15-08-2022 - Closing GeyNoise Ukraine Only case.
- 10-08-2022 - Itarian Full disclosure.
- 09-08-2022 - SmarterTrack Full disclosure.
- 08-06-2022 - ITarian critical vulnerabilities.
- 03-06-2022 - Confluence 0-day.
gantt
title Cases currently open or recently closed
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
DIVD-2021-00014 - Kaseya Unitrends (733 days) :2021-07-02, 2023-07-05
DIVD-2021-00015 - Telegram OD (487 days) :2021-06-10, 2022-10-10
DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning (open) :2021-08-10, 2023-10-26
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle (406 days) :2021-08-30, 2022-10-10
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE) (383 days) :2021-09-22, 2022-10-10
DIVD-2021-00029 - Smartertrack (358 days) :2021-10-17, 2022-10-10
DIVD-2021-00037 - Critical vulnerabilities in ITarian MSP platform and on-premise solution (313 days) :2021-12-01, 2022-10-10
DIVD-2022-00002 - Grafana (335 days) :2021-12-07, 2022-11-07
DIVD-2022-00007 - Subdomain Takeovers (300 days) :2022-02-04, 2022-12-01
DIVD-2022-00012 - Global Charity Vulnerabilities (324 days) :2022-02-22, 2023-01-12
DIVD-2022-00013 - The curious case of the odd update.microsoft.com certificates (260 days) :2022-02-05, 2022-10-23
DIVD-2022-00017 - Global Healthcare Vulnerabilities (356 days) :2022-03-10, 2023-03-01
DIVD-2022-00019 - Insecure Mendix Applications (233 days) :2022-03-19, 2022-11-07
DIVD-2022-00020 - Inproper input validation vulnerabilities identified within Feathers.js (458 days) :2022-02-23, 2023-05-27
DIVD-2022-00021 - Ivanti EPM CSA remote code execution (240 days) :2022-03-25, 2022-11-20
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability (216 days) :2022-03-29, 2022-10-31
DIVD-2022-00025 - VMware - CVE-2022-22954 (233 days) :2022-04-12, 2022-12-01
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464 (210 days) :2022-04-24, 2022-11-20
DIVD-2022-00029 - Remote Code Execution on Sophos Firewall (288 days) :2022-05-10, 2023-02-22
DIVD-2022-00032 - Exchange backdoor (172 days) :2022-06-03, 2022-11-22
DIVD-2022-00033 - Atlassian Confluence 0-day unauthenticated RCE (181 days) :2022-06-03, 2022-12-01
DIVD-2022-00038 - Vulnerable Oracle WebLogic Server (247 days) :2022-07-03, 2023-03-07
DIVD-2022-00042 - Canon print portals facing the internet (230 days) :2022-08-18, 2023-04-05
DIVD-2022-00045 - Injection vulnerability found within Socket.io (299 days) :2022-04-29, 2023-02-22
DIVD-2022-00048 - Dossier Energy Transition (open) :2022-09-07, 2023-10-26
DIVD-2022-00051 - H2 Web Console - CVE-2021-42392, CVE-2022-23221 (124 days) :2022-09-09, 2023-01-11
DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software (open) :2023-02-21, 2023-10-26
DIVD-2022-00053 - Atlassian Bitbucket Server - CVE-2022-36804 (154 days) :2022-09-21, 2023-02-22
DIVD-2022-00054 - ProxyNotShell - Microsoft Exchange SSRF and RCE (192 days) :2022-09-30, 2023-04-10
DIVD-2022-00055 - Server Management Interfaces security issues (open) :2022-10-08, 2023-10-26
DIVD-2022-00056 - Critical authentication bypass affecting Fortigate products (180 days) :2022-10-07, 2023-04-05
DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability (open) :2022-10-30, 2023-10-26
DIVD-2022-00060 - Command Injection vulnerability in Bitbucket Server and Data Center (116 days) :2022-11-17, 2023-03-13
DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet (open) :2022-02-08, 2023-10-26
DIVD-2022-00063 - Memory overflow vulnerability in FortiOS SSL VPN (170 days) :2022-12-12, 2023-05-31
DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS (open) :2022-09-08, 2023-10-26
DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices (open) :2022-12-19, 2023-10-26
DIVD-2022-00068 - Multiple vulnerabilities identified within White Rabbit Switch from CERN (196 days) :2022-11-16, 2023-05-31
DIVD-2023-00001 - Citrix systems vulnerable for CVE-2022-27510 and/or CVE-2022-27518 (126 days) :2023-01-18, 2023-05-24
DIVD-2023-00002 - Publicly Reachable Malicious Webshells (open) :2023-01-06, 2023-10-26
DIVD-2023-00003 - OS command injection in CentOS CWP (42 days) :2023-01-11, 2023-02-22
DIVD-2023-00004 - Unauthenticated Remote Command Execution using SAML in Zoho ManageEngine (87 days) :2023-01-20, 2023-04-17
DIVD-2023-00006 - Unauthenticated code injection in QNAP QTS and QuTS hero (48 days) :2023-02-02, 2023-03-22
DIVD-2023-00007 - Global VMware ESXi Ransomware Attack (74 days) :2023-02-03, 2023-04-18
DIVD-2023-00009 - Cisco RV Series Remote Command Execution (178 days) :2023-02-07, 2023-08-04
DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server (open) :2023-02-14, 2023-10-26
DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability (open) :2023-02-03, 2023-10-26
DIVD-2023-00012 - Unauthenticated Remote Command Execution in IBM Aspera Faspex (62 days) :2023-02-17, 2023-04-20
DIVD-2023-00014 - Critical Broken Authentication Flaw in Jira Service Management Products (63 days) :2023-02-01, 2023-04-05
DIVD-2023-00015 - Yeastar Configuration Panel Takeover (13 days) :2023-01-20, 2023-02-02
DIVD-2023-00016 - GLPI Remote Code Execution (196 days) :2022-11-10, 2023-05-25
DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass (195 days) :2023-03-15, 2023-09-26
DIVD-2023-00020 - PaperCut MF/NG Authentication Bypass (20 days) :2023-04-20, 2023-05-10
DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100 (open) :2023-01-18, 2023-10-26
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls (open) :2023-04-28, 2023-10-26
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362 (55 days) :2023-06-02, 2023-07-27
DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157 (111 days) :2023-06-07, 2023-09-26
DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A (open) :2023-01-18, 2023-10-26
DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524 (open) :2023-07-02, 2023-10-26
DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315 (open) :2023-06-23, 2023-10-26
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934 (open) :2023-07-06, 2023-10-26
DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability (109 days) :2023-06-09, 2023-09-26
DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519 (open) :2023-07-18, 2023-10-26
DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078 (63 days) :2023-07-25, 2023-09-26
DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205 (open) :2023-07-14, 2023-10-26
DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519 (70 days) :2023-07-18, 2023-09-26
DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry (35 days) :2023-08-22, 2023-09-26
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series (open) :2023-09-11, 2023-10-26
DIVD-2023-00037 - Security Feature Bypass in MinIO (open) :2023-09-26, 2023-10-26
Open cases
- DIVD-2023-00037 - Security Feature Bypass in MinIO
- DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Series
- DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205
- DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519
- DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
- DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315
- DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-2023-27524
- DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
- DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
- DIVD-2023-00021 - Multiple vulnerabilities in Danfoss AK-EM 100
- DIVD-2023-00011 - FortiNAC and FortiWeb RCE Vulnerability
- DIVD-2023-00010 - Remote Code Execution in Microsoft Exchange Server
- DIVD-2023-00002 - Publicly Reachable Malicious Webshells
- DIVD-2022-00065 - Multiple Critical Vulnerabilities in multiple Zyxel EOL devices
- DIVD-2022-00064 - Multiple injection vulnerabilities identified within Axiell Iguana CMS
- DIVD-2022-00061 - KNXNet/IP gateways often left open to the internet
- DIVD-2022-00058 - ZK Framework - ZK AuUploader Servlet Upload Vulnerability
- DIVD-2022-00055 - Server Management Interfaces security issues
- DIVD-2022-00052 - Multiple vulnerabilities is Cloudflow software
- DIVD-2022-00048 - Dossier Energy Transition
- DIVD-2021-00020 - OSNexsus QuantaStor limited disclosure and product warning
Some statistics
| Year | # of cases | # of vulnerable IPs notified |
|---|---|---|
| 2020 | 14 | 58,358 |
| 2021 | 25 | 99,006 |
| 2022 | 42 | 244,788 |
| 2023 | 31 | 285,607 |