Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-ACT-009 : Bulletin d’actualité CERTFR-2021-ACT-009 (01 mars 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-AVI-152 : Multiples vulnérabilités dans Citrix Hypervisor (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service. Précision : la vulnérabilité est exploitable depuis une machine virtuelle et permet de provoquer un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-151 : Multiples vulnérabilités dans mongoDB et mongoDB Ops Manager (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans mongoDB et mongoDB Ops Manager. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-150 : Vulnérabilité dans IBM Qradar (01 mars 2021)

Une vulnérabilité a été découverte dans IBM Qradar. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

Dataiku DSS up to 8.0.5 Project access control

A vulnerability was found in Dataiku DSS up to 8.0.5. It has been declared as critical. This vulnerability affects an unknown part of the component Project Handler. Upgrading to version 8.0.6 eliminates this vulnerability.
Auteur: VulDB

SerComm Combo VD625 AGSOT_2.1.0 HTTP Header Content-Disposition injection

A vulnerability was found in SerComm Combo VD625 AGSOT_2.1.0. It has been classified as critical. This affects some unknown functionality of the component HTTP Header Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SaltStack Salt prior 3002.5 SSH Client an os command injection

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown functionality of the component SSH Client. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

i-doit up to 1.15.x cross site scripting [CVE-2021-3151]

A vulnerability has been found in i-doit up to 1.15.x and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 API salt/utils/thin.py salt.utils.thin.gen_thin command injection

A vulnerability, which was classified as critical, was found in SaltStack Salt. Affected is the function salt.utils.thin.gen_thin of the file salt/utils/thin.py of the component API. Upgrading to version 3002.5 eliminates this vulnerability. The...
Auteur: VulDB

SaltStack Salt prior 3002.5 eauth Token unknown vulnerability

A vulnerability, which was classified as critical, has been found in SaltStack Salt. This issue affects an unknown code block of the component eauth Token Handler. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

wpa_supplicant up to 2.9 P2P Provision Discovery Request p2p/p2p_pd.c denial of service

A vulnerability classified as problematic was found in wpa_supplicant up to 2.9. This vulnerability affects an unknown code of the file p2p/p2p_pd.c of the component P2P Provision Discovery Request Handler. Upgrading to version 2.10 eliminates...
Auteur: VulDB

Zint Barcode Generator 2.19.1 C API backend/upcean.c ean_leading_zeroes buffer overflow

A vulnerability classified as critical has been found in Zint Barcode Generator 2.19.1. This affects the function ean_leading_zeroes of the file backend/upcean.c of the component C API. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Visualware MyConnection Server up to 11.0b Build 5382 Web Service myspeed/sf unrestricted upload

A vulnerability was found in Visualware MyConnection Server up to 11.0b Build 5382. It has been rated as critical. Affected by this issue is some unknown functionality of the file myspeed/sf?filename= of the component Web Service. There is no...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 faad path traversal

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component faad. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 synorelayd insertion of sensitive information into sent data

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been classified as critical. Affected is an unknown function of the component synorelayd. Upgrading to version 6.2.3-25426-3 eliminates this...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session cleartext transmission

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This issue affects some unknown processing of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session channel accessible

A vulnerability has been found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This vulnerability affects an unknown code block of the component HTTP Session Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 Kernel Module access control

A vulnerability, which was classified as problematic, was found in Synology DiskStation Manager (Network Attached Storage Software). This affects an unknown code of the component Kernel Module Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Header syno_finder_site out-of-bounds write

A vulnerability, which was classified as critical, has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this issue is an unknown part of the component HTTP Header Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Header syno_finder_site stack-based overflow

A vulnerability classified as critical was found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this vulnerability is some unknown functionality of the component HTTP Header Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session channel accessible

A vulnerability classified as problematic has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected is an unknown functionality of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt.modules.cmdmod log file

A vulnerability was found in SaltStack Salt. It has been rated as problematic. This issue affects the function salt.modules.cmdmod. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at saltproject.io.
Auteur: VulDB

SaltStack Salt prior 3002.5 Jinja Renderer injection

A vulnerability was found in SaltStack Salt. It has been declared as critical. This vulnerability affects some unknown processing of the component Jinja Renderer. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt.wheel.pillar_roots.write pathname traversal

A vulnerability was found in SaltStack Salt. It has been classified as critical. This affects the function salt.wheel.pillar_roots.write. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt-api Remote Privilege Escalation

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown code of the component salt-api. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB
12345678910Last

Événements SSI