Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service. Précision : la vulnérabilité est exploitable depuis une machine virtuelle et permet de provoquer un déni de...
De multiples vulnérabilités ont été découvertes dans mongoDB et mongoDB Ops Manager. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Une vulnérabilité a été découverte dans IBM Qradar. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
A vulnerability was found in Dataiku DSS up to 8.0.5. It has been declared as critical. This vulnerability affects an unknown part of the component Project Handler. Upgrading to version 8.0.6 eliminates this vulnerability.
A vulnerability was found in SerComm Combo VD625 AGSOT_2.1.0. It has been classified as critical. This affects some unknown functionality of the component HTTP Header Handler. There is no information about possible countermeasures known. It may...
A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown functionality of the component SSH Client. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download...
A vulnerability has been found in
i-doit up to 1.15.x and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.16.0 eliminates this vulnerability.
A vulnerability, which was classified as critical, was found in SaltStack Salt. Affected is the function salt.utils.thin.gen_thin of the file salt/utils/thin.py of the component API. Upgrading to version 3002.5 eliminates this vulnerability. The...
A vulnerability, which was classified as critical, has been found in SaltStack Salt. This issue affects an unknown code block of the component eauth Token Handler. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
A vulnerability classified as problematic was found in wpa_supplicant up to 2.9. This vulnerability affects an unknown code of the file p2p/p2p_pd.c of the component P2P Provision Discovery Request Handler. Upgrading to version 2.10 eliminates...
A vulnerability classified as critical has been found in Zint Barcode Generator 2.19.1. This affects the function ean_leading_zeroes of the file backend/upcean.c of the component C API. Applying a patch is able to eliminate this problem. The...
A vulnerability was found in Visualware MyConnection Server up to 11.0b Build 5382. It has been rated as critical. Affected by this issue is some unknown functionality of the file myspeed/sf?filename= of the component Web Service. There is no...
A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component faad. Upgrading to version 6.2.3-25426-3...
A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been classified as critical. Affected is an unknown function of the component synorelayd. Upgrading to version 6.2.3-25426-3 eliminates this...
A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This issue affects some unknown processing of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
A vulnerability has been found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This vulnerability affects an unknown code block of the component HTTP Session Handler. Upgrading to version...
A vulnerability, which was classified as problematic, was found in Synology DiskStation Manager (Network Attached Storage Software). This affects an unknown code of the component Kernel Module Handler. Upgrading to version 6.2.3-25426-3...
A vulnerability, which was classified as critical, has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this issue is an unknown part of the component HTTP Header Handler. Upgrading to version...
A vulnerability classified as critical was found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this vulnerability is some unknown functionality of the component HTTP Header Handler. Upgrading to version...
A vulnerability classified as problematic has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected is an unknown functionality of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
A vulnerability was found in SaltStack Salt. It has been rated as problematic. This issue affects the function salt.modules.cmdmod. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at saltproject.io.
A vulnerability was found in SaltStack Salt. It has been declared as critical. This vulnerability affects some unknown processing of the component Jinja Renderer. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
A vulnerability was found in SaltStack Salt. It has been classified as critical. This affects the function salt.wheel.pillar_roots.write. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown code of the component salt-api. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...