Base de Datos de Vulnerabilidades

The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors. Most vulnerability notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD). CERT/CC also publishes the Vulnerability Notes Data Archive on GitHub.

CVE-2021-32403

Siemens Totally Integrated Administrator (TIA) fails to properly set the module search path to be used by a privileged Node.js component, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges.

V3.1:
6.7 High
V2.0:
3.6 Medium
V2.0:
3.6 Medium
Vulnerabilidades Publicadas Recientemente
CVE-2022-2992

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

V.2.0: 4.8
High
V.2.0: 4.7
Medium
V.2.0: 4.7
Medium
CVE-2022-3382

HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.


Medium
V.2.0: 4.6
Medium
V.2.0: 4.6
Medium
V.2.0: 4.6
CVE-2022-38743

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability.

V.2.0: 4.6
High
V.1.0: 4.6
Medium
V.1.0: 4.6
Medium
Security Update para Exchange On Premise

Security Update, afecta tanto a Servidores Exchange 2013, Exchange 2016 como así también Exchange 2019.

El listado de vulnerabilidades solucionadas por este Security Update es el siguiente.

La nota técnica con la información, pueden encontrarla en el siguiente vínculo.

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 12, 2021 (KB5007012)

Los Security Updates correspondiente a cada versión de Exchange, pueden descargarlos de los siguientes vínculos.

Recuerde que en caso de no estar en las versiones de Cumulative Update descriptas en el paso anterior, deben actualizar a dicha versión, tal lo describe el siguiente diagrama.

The CERT/CC Vulnerability Notes Database is run by the CERT Division, which is part of the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. Together, we are leaders in cybersecurity, software innovation, and computer science.

cert division
Want to report a vulnerability?

The CERT Coordination Center (CERT/CC) prioritizes coordination efforts on vulnerabilities that affect multiple vendors or that impact safety, critical or internet infrastructure, or national security. We also prioritize reports that affect sectors that are new to vulnerability disclosure. We may be able to provide assistance for reports when the coordination process breaks down.

Before reporting a vulnerability to us, we recommend reading our vulnerability disclosure policy and guidance.

report a vulnerability
T-Cert / Tigo Copyright©, Guatemala todos los derechos reservados.