Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CyberArk Endpoint Privilege Manager 11.1.0.173 Credential Theft Protection protection mechanism failure

A vulnerability has been found in CyberArk Endpoint Privilege Manager 11.1.0.173 and classified as critical. This vulnerability affects some unknown processing of the component Credential Theft Protection. There is no information about possible...
Auteur: VulDB

CERTFR-2020-AVI-778 : Vulnérabilité dans IBM Db2 (27 novembre 2020)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer une exécution de code arbitraire sur le système avec les privilèges root.

Auteur: Cert FR

Ericsson BSCS iX R18 Billing & Rating solutionUnitServlet name/description cross site scripting

A vulnerability, which was classified as problematic, was found in Ericsson BSCS iX R18 Billing & Rating (Billing Software) (the affected version unknown). This affects an unknown code block of the file...
Auteur: VulDB

Ericsson BSCS iX R18 Billing & Rating Alert Dashboard Comment cross site scripting

A vulnerability, which was classified as problematic, has been found in Ericsson BSCS iX R18 Billing & Rating (Billing Software) (affected version not known). Affected by this issue is an unknown code of the component Alert Dashboard Comment...
Auteur: VulDB

cPanel up to 90.0.16 WHM Transfer Tool Interface cross site scripting

A vulnerability classified as problematic was found in cPanel up to 90.0.16 (Hosting Control Software). Affected by this vulnerability is an unknown part of the component WHM Transfer Tool Interface. Upgrading to version 90.0.17 eliminates this...
Auteur: VulDB

cPanel up to 90.0.16 2FA improper authentication

A vulnerability classified as critical has been found in cPanel up to 90.0.16 (Hosting Control Software). Affected is some unknown functionality of the component 2FA Handler. Upgrading to version 90.0.17 eliminates this vulnerability.
Auteur: VulDB

cPanel up to 90.0.16 URL Parameter injection

A vulnerability was found in cPanel up to 90.0.16 (Hosting Control Software). It has been rated as critical. This issue affects an unknown functionality of the component URL Parameter Handler. Upgrading to version 90.0.17 eliminates this...
Auteur: VulDB

Coremail XT 5.0 Signature jsp/upload.jsp signImgFile cross site scripting

A vulnerability was found in Coremail XT 5.0. It has been declared as problematic. This vulnerability affects an unknown function of the file jsp/upload.jsp of the component Signature Handler. There is no information about possible...
Auteur: VulDB

libslirp up to 4.3.1 Packet Length slirp.c buffer overflow

A vulnerability was found in libslirp up to 4.3.1. It has been classified as critical. This affects some unknown processing of the file slirp.c of the component Packet Length Handler. There is no information about possible countermeasures known....
Auteur: VulDB

libslirp up to 4.3.1 Packet Length ncsi.c buffer overflow

A vulnerability was found in libslirp up to 4.3.1 and classified as critical. Affected by this issue is an unknown code block of the file ncsi.c of the component Packet Length Handler. There is no information about possible countermeasures known....
Auteur: VulDB

BigBlueButton up to 2.2.29 Email Address account_activations/edit token improper authentication

A vulnerability has been found in BigBlueButton up to 2.2.29 and classified as critical. Affected by this vulnerability is an unknown code of the file account_activations/edit of the component Email Address Handler. There is no information about...
Auteur: VulDB

BigBlueButton up to 2.2.29 excessive authentication [CVE-2020-29042]

A vulnerability, which was classified as problematic, was found in BigBlueButton up to 2.2.29. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

GLPI up to 9.5.2 getDropdownValue.php resource injection

A vulnerability, which was classified as problematic, has been found in GLPI up to 9.5.2 (Asset Management Software). This issue affects some unknown functionality of the file ajax/getDropdownValue.php. Upgrading to version 9.5.3 eliminates this...
Auteur: VulDB

GLPI up to 9.5.2 ajax/comments.php resource injection

A vulnerability classified as critical was found in GLPI up to 9.5.2 (Asset Management Software). This vulnerability affects an unknown functionality of the file ajax/comments.php. Upgrading to version 9.5.3 eliminates this vulnerability.
Auteur: VulDB

Zetetic SQLCipher up to 4.4.0 sqlite3.c sqlcipher_codec_pragma/sqlite3Strlen30 use after free

A vulnerability classified as problematic has been found in Zetetic SQLCipher up to 4.4.0. This affects the function sqlcipher_codec_pragma/sqlite3Strlen30 of the file sqlite3.c. Upgrading to version 4.4.1 eliminates this vulnerability. The...
Auteur: VulDB

Cloudera Data Engineering up to 1.0 cross-site request forgery

A vulnerability was found in Cloudera Data Engineering up to 1.0 (Cloud Software). It has been rated as problematic. Affected by this issue is some unknown processing. Upgrading to version 1.1 eliminates this vulnerability.
Auteur: VulDB

Intelbras TIP200/TIP200LITE/TIP300 cgi-bin/cgiServer.exx page pathname traversal

A vulnerability was found in Intelbras TIP200, TIP200LITE and TIP300 (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown code block of the file cgi-bin/cgiServer.exx. There is no information...
Auteur: VulDB

Intelbras TIP200/TIP200LITE/TIP300 60.61.75.15 /cgi-bin/cgiServer.exx page cross site scripting

A vulnerability was found in Intelbras TIP200, TIP200LITE and TIP300 60.61.75.15. It has been classified as problematic. Affected is an unknown code of the file /cgi-bin/cgiServer.exx. There is no information about possible countermeasures known....
Auteur: VulDB

djvalidator incorrect regex [CVE-2020-7779]

A vulnerability was found in djvalidator (unknown version) and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

systeminformation up to 4.30.1 os command injection [CVE-2020-7778]

A vulnerability has been found in systeminformation up to 4.30.1 and classified as critical. This vulnerability affects some unknown functionality. Upgrading to version 4.30.2 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-777 : Multiples vulnérabilités dans Drupal core (26 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Drupal core. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-776 : Multiples vulnérabilités dans le noyau Linux de SUSE (26 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une...
Auteur: Cert FR

petl up to 1.67 XML Document unknown vulnerability [CVE-2020-29128]

A vulnerability, which was classified as problematic, was found in petl up to 1.67. This affects an unknown functionality of the component XML Document Handler. Upgrading to version 1.68 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

FactoryTalk Linx up to 6.11 Address Space Layout Randomization heap-based buffer overflow

A vulnerability, which was classified as critical, has been found in FactoryTalk Linx up to 6.11. Affected by this issue is an unknown function of the component Address Space Layout Randomization. There is no information about possible...
Auteur: VulDB

FactoryTalk Linx up to 6.11 Check Routine denial of service

A vulnerability classified as problematic was found in FactoryTalk Linx up to 6.11. Affected by this vulnerability is some unknown processing of the component Check Routine. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI