Skip to the content.
Home
/
DIVD CSIRT
Making the internet safer through Coordinated Vulnerability Disclosure
Menu
Home
DIVD
CSIRT
Cases
DIVD-2023-00042 - Confluence improper authorization vulnerability
Confluence Data Center and Server allow unauthorized users to set Confluenc...
DIVD-2023-00040 - Critical F5 BIG-IP unauthenticated RCE Vulnerability
This vulnerability (CVE-2023-46747) may allow an unauthenticated adversary ...
DIVD-2023-00039 - VMware vCenter Server RCE
VMware has released security updates for vCenter Server that could result i...
DIVD-2023-00038 - Global Cisco IOS-XE (CVE-2023-20198) Implants
An unknown threat actor is using a recent authentication bypass vulnerabili...
DIVD-2023-00037 - Security Feature Bypass in MinIO
An attacker can use crafted requests to bypass metadata bucket name checkin...
DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
Successful exploitation of CVE-2023-42793 allows an unauthenticated attacke...
DIVD-2023-00035 - Remote Code Execution in Juniper Networks SRX- and EX-Ser
By chaining multiple vulnerabilities an attacker is able to execute arbitra...
DIVD-2023-00034 - API Authentication Bypass Vulnerability in Ivanti Sentry
Ivanti Sentry has an API authentication bypass vulnerability with CVSS 9.8....
DIVD-2023-00033 - Citrix systems exploited with CVE-2023-3519
DIVD is notifying owners of exploited Citrix ADC and Gateway systems, based...
DIVD-2023-00032 - Access Control Bypass - CVE-2023-29298 & CVE-2023-38205
Both vulnerabilities allow an attacker to bypass the product feature that r...
DIVD-2023-00031 - Ivanti MobileIron vulnerable for CVE-2023-35078
DIVD is notifying owners of vulnerable Ivanti MobileIron...
DIVD-2023-00030 - Citrix systems vulnerable for CVE-2023-3519
DIVD is notifying owners of vulnerable Citrix ADC and Gateway systems, bas...
DIVD-2023-00029 - Critical Fortinet SSL-VPN RCE Vulnerability
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiPr...
DIVD-2023-00028 - SQL Injection in MOVEit Transfer - CVE-2023-36934
A new SQL Injection vulnerability has been found in MOVEit Transfer....
DIVD-2023-00027 - Ignite Realtime Openfire auth bypass - CVE-2023-32315
Ignite Realtime Openfire version 3.10.0 through 4.6.8 (excluded) and 4.7.0 ...
DIVD-2023-00026 - Apache Superset authentication bypass leads to RCE - CVE-
Apache Superset, up to and including 2.0.1 vulnerable to bypass that can le...
DIVD-2023-00025 - Multiple vulnerabilities in Danfoss AK-SM800A
Danfoss AK-SM800A has multiple web-related vulnerabilities. It is advised t...
DIVD-2023-00024 - SQL injection in GeoServer - CVE-2023-25157
GeoServer has a critical SQL injection vulnerability....
DIVD-2023-00023 - SQL injection in MOVEit Transfer - CVE-2023-34362
MOVEit Transfer has a critical SQL injection vulnerability that is actively...
DIVD-2023-00022 - OS command injection vulnerability of Zyxel firewalls
Zyxel has released patches for an OS command injection vulnerability found ...
All cases
CVEs
CVE-2023-25915 - Remote Command Execution in Danfoss AK-SM800A...
CVE-2023-25914 - Path Traversal in Danfoss AK-SM800A...
CVE-2023-25913 - Authentication Bypass in Danfoss AK-SM800A...
CVE-2023-25912 - Webreport disclosure to unauthorized actor in Danfoss AK-EM ...
CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100...
CVE-2023-22586 - Local File Inclusion in Danfoss AK-EM 100...
CVE-2023-22585 - Reflected Cross-Site Scripting in Danfoss AK-EM 100...
CVE-2023-22584 - Cleartext credentials in Danfoss AK-EM 100...
CVE-2023-22583 - SQL Injection in Danfoss AK-EM 100...
CVE-2023-22581 - White Rabbit Switch - Unauthenticated remote code execution...
CNA
Blog
2023-07-10 : Limited disclosure of 6 vulnerabilities in OSNexus Quantastor...
2023-02-24 : DIVD’s response regard the involvement of a DIVD volunteer in a major data ...
2023-01-18 : Fox-IT and DIVD cooperate to warn owners of vulnerable Citrix servers...
2022-12-14 : Fortinet sslvpnd vulnerability - update...
2022-12-13 : Fortinet SSL VPN Vulnerability...
2022-08-15 : Closing GeyNoise Ukraine Only case...
2022-08-10 : Itarian Full disclosure...
2022-08-09 : SmarterTrack Full disclosure...
2022-06-08 : ITarian critical vulnerabilities...
2022-06-03 : Confluence 0-day...
More...
Donate
Search...
RSS
Contact
Search