Skip to the content.
Home /

DIVD CSIRT

Making the internet safer through Coordinated Vulnerability Disclosure

Menu
  • Home
    • DIVD
    • CSIRT
  • Cases
    • DIVD-2023-00042 - Confluence improper authorization vulnerability
      Confluence Data Center and Server allow unauthorized users to set Confluenc...
    • DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
      This vulnerability (CVE-2023-46747) may allow an unauthenticated adversary ...
    • DIVD-2023-00039 - VMware vCenter Server RCE
      VMware has released security updates for vCenter Server that could result i...
    • DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
      An unknown threat actor is using a recent authentication bypass vulnerabili...
    • DIVD-2023-00037 - Security Feature Bypass in MinIO
      An attacker can use crafted requests to bypass metadata bucket name checkin...
    • DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
      Successful exploitation of CVE-2023-42793 allows an unauthenticated attacke...
    • DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Ser
      By chaining multiple vulnerabilities an attacker is able to execute arbitra...
    • DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
      Ivanti Sentry has an API authentication bypass vulnerability with CVSS 9.8....
    • DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
      DIVD is notifying owners of exploited Citrix ADC and Gateway systems, based...
    • DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205
      Both vulnerabilities allow an attacker to bypass the product feature that r...
    • DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078
      DIVD is notifying owners of vulnerable Ivanti MobileIron...
    • DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519
      DIVD is notifying owners of vulnerable Citrix ADC and Gateway systems, bas...
    • DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
      A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiPr...
    • DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
      A new SQL Injection vulnerability has been found in MOVEit Transfer....
    • DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315
      Ignite Realtime Openfire version 3.10.0 through 4.6.8 (excluded) and 4.7.0 ...
    • DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-
      Apache Superset, up to and including 2.0.1 vulnerable to bypass that can le...
    • DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
      Danfoss AK-SM800A has multiple web-related vulnerabilities. It is advised t...
    • DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157
      GeoServer has a critical SQL injection vulnerability....
    • DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
      MOVEit Transfer has a critical SQL injection vulnerability that is actively...
    • DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
      Zyxel has released patches for an OS command injection vulnerability found ...
    • All cases
  • CVEs
    • CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A...
    • CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A...
    • CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A...
    • CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM ...
    • CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100...
    • CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100...
    • CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100...
    • CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100...
    • CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100...
    • CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution...
  • CNA
  • Blog
    • 2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
    • 2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
    • 2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
    • 2022-12-14 : Fortinet sslvpnd vulnerability - update...
    • 2022-12-13 : Fortinet SSL VPN Vulnerability...
    • 2022-08-15 : Closing GeyNoise Ukraine Only case...
    • 2022-08-10 : Itarian Full disclosure...
    • 2022-08-09 : SmarterTrack Full disclosure...
    • 2022-06-08 : ITarian critical vulnerabilities...
    • 2022-06-03 : Confluence 0-day...
    • More...
  • Donate
  • Search...
  • RSS
  • Contact

    •  Twitter
    •  LinkedIn