Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-ALE-024 : Vulnérabilité dans les produits VMware (24 novembre 2020)

Une vulnérabilité a été découverte dans l'interface d'administration des produits Workspace One Access, Workspace One Access Connector, Identity Manager et Identity Manager Connector qui regroupent plusieurs fonctionnalités de sécurité...
Auteur: Cert FR

CERTFR-2020-AVI-771 : Vulnérabilité dans les produits VMware (24 novembre 2020)

Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-770 : Multiples vulnérabilités dans le noyau Linux de Red Hat (24 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

MongoDB up to 3.4.23/3.6.14/4.0.12/4.2.0 Message Decompressor denial of service

A vulnerability was found in MongoDB up to 3.4.23/3.6.14/4.0.12/4.2.0 (Database Software) and classified as problematic. Affected by this issue is an unknown part of the component Message Decompressor. Upgrading to version 3.4.24, 3.6.15, 4.0.13...
Auteur: VulDB

CERTFR-2020-AVI-769 : Multiples vulnérabilités dans le noyau Linux de SUSE (24 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à...
Auteur: Cert FR

Seiko Epson Product untrusted search path [CVE-2020-5674]

A vulnerability has been found in Seiko Epson Product (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Netgear GS108Ev3 up to 2.06.10 cross-site request forgery [CVE-2020-5641]

A vulnerability, which was classified as problematic, was found in Netgear GS108Ev3 up to 2.06.10 (Router Operating System). Affected is an unknown functionality. Upgrading to version 2.06.14 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

PollNY Extension up to 1.35 on MediaWiki Answer Option cross site scripting

A vulnerability, which was classified as problematic, has been found in PollNY Extension up to 1.35 on MediaWiki (Survey Software). This issue affects an unknown function of the component Answer Option Handler. There is no information about...
Auteur: VulDB

CologneBlue Skin up to 1.35 on MediaWiki qbfind Message CologneBlueTemplate.php cross site scripting

A vulnerability classified as problematic was found in CologneBlue Skin up to 1.35 on MediaWiki. This vulnerability affects some unknown processing of the file includes/CologneBlueTemplate.php of the component qbfind Message Handler. There is no...
Auteur: VulDB

Gitea up to 1.12.5 repo_form.go ParseRemoteAddr encoding error

A vulnerability classified as critical has been found in Gitea up to 1.12.5. This affects an unknown code block of the file modules/auth/repo_form.go. Upgrading to version 1.12.6 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Hashicorp Nomad/Nomad Enterprise up to 0.12.7 Docker File Sandbox sandbox

A vulnerability was found in Hashicorp Nomad and Nomad Enterprise up to 0.12.7. It has been rated as critical. Affected by this issue is an unknown code of the component Docker File Sandbox. Upgrading to version 0.10.8, 0.11.7 or 0.12.8...
Auteur: VulDB

Matrix Synap Synapse JSON denial of service

A vulnerability was found in Matrix Synap Synapse. It has been declared as problematic. Affected by this vulnerability is an unknown part of the component JSON Handler. Upgrading to version 1.20.0 eliminates this vulnerability.
Auteur: VulDB

Ortus TestBox up to 4.1.0 Query String HTMLRunner.cfm Remote Privilege Escalation

A vulnerability was found in Ortus TestBox up to 4.1.0. It has been classified as critical. Affected is some unknown functionality of the file system/runners/HTMLRunner.cfm of the component Query String Handler. There is no information about...
Auteur: VulDB

Ortus TestBox up to 4.1.0 Query String test-browser/index.cfm pathname traversal

A vulnerability was found in Ortus TestBox up to 4.1.0 and classified as critical. This issue affects an unknown functionality of the file test-browser/index.cfm of the component Query String Handler. There is no information about possible...
Auteur: VulDB

MongoDB Ops Manager up to 4.2.17/4.3.9/4.4.2 API Key information disclosure

A vulnerability has been found in MongoDB Ops Manager up to 4.2.17/4.3.9/4.4.2 (Database Software) and classified as problematic. This vulnerability affects an unknown function of the component API Key Handler. Upgrading to version 4.4.3...
Auteur: VulDB

VMware Workspace One Access command injection [CVE-2020-4006]

A vulnerability, which was classified as critical, was found in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector (the affected version unknown). This affects some unknown processing. There is no...
Auteur: VulDB

SPIP up to 3.2.7 configurer_preferences.php unknown vulnerability

A vulnerability, which was classified as problematic, has been found in SPIP up to 3.2.7 (Content Management System). Affected by this issue is an unknown code block of the file prive/formulaires/configurer_preferences.php. Upgrading to version...
Auteur: VulDB

Magicpin 2.1 User Registration cross site scripting

A vulnerability classified as problematic was found in Magicpin 2.1. Affected by this vulnerability is an unknown code of the component User Registration Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Mutt/NeoMutt IMAP Server Response cleartext transmission [CVE-2020-28896]

A vulnerability classified as problematic has been found in Mutt and NeoMutt (Mail Client Software) (version unknown). Affected is an unknown part of the component IMAP Server Response Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

WinSCP 5.17.8 FTP Server denial of service

A vulnerability was found in WinSCP 5.17.8 (Connectivity Software). It has been rated as problematic. This issue affects some unknown functionality of the component FTP Server Handler. There is no information about possible countermeasures known....
Auteur: VulDB

private-ip up to 1.0.5 on npm IP Range Filter server-side request forgery

A vulnerability was found in private-ip up to 1.0.5 on npm. It has been declared as critical. This vulnerability affects an unknown functionality of the component IP Range Filter. There is no information about possible countermeasures known. It...
Auteur: VulDB

Scratch up to 1.3.1 Regular Expression cross site scripting

A vulnerability was found in Scratch up to 1.3.1. It has been classified as problematic. This affects an unknown function of the component Regular Expression Handler. Upgrading to version 1.3.2 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

October CMS up to 1.0.469/1.1.0 Twig Sandbox authorization

A vulnerability was found in October CMS up to 1.0.469/1.1.0 (Content Management System) and classified as critical. Affected by this issue is some unknown processing of the component Twig Sandbox. Upgrading to version 1.0.470 or 1.1.1 eliminates...
Auteur: VulDB

TYPO3 up to 10.4.9 RSS Widget xml external entity reference

A vulnerability has been found in TYPO3 up to 10.4.9 (Content Management System) and classified as critical. Affected by this vulnerability is an unknown code block of the component RSS Widget. Upgrading to version 10.4.10 eliminates this...
Auteur: VulDB

TYPO3 up to 9.5.22/10.4.9 Session Identifier cleartext storage

A vulnerability, which was classified as problematic, was found in TYPO3 up to 9.5.22/10.4.9 (Content Management System). Affected is an unknown code of the component Session Identifier Handler. Upgrading to version 9.5.23 or 10.4.10 eliminates...
Auteur: VulDB
12345678910Last

Événements SSI