Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-582 : Vulnérabilité dans les produits Fortinet (21 septembre 2020)

Une vulnérabilité a été découverte dans les produits Fortinet . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-581 : Multiples vulnérabilités dans les produits Citrix (21 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Citrix ADC, Citrix Gateway et Citrix SD-WAN WANOP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une injection de...
Auteur: Cert FR

CERTFR-2020-AVI-580 : Multiples vulnérabilités dans les routeurs de série RV340 de Cisco (21 septembre 2020)

Cet avis fait suite à la mise à jour du bulletin de l'éditeur le 17 septembre. De multiples vulnérabilités ont été découvertes dans les routeurs de série RV340 de Cisco. Elles permettent à un attaquant non-authentifié de provoquer une exécution...
Auteur: Cert FR

Acronis Cyber Backup up to 12.5 Build 16341 Server-Side Request Forgery

A vulnerability classified as critical has been found in Acronis Cyber Backup up to 12.5 Build 16341 (Backup Software). Affected is an unknown function. Upgrading to version 12.5 Build 16342 eliminates this vulnerability.
Auteur: VulDB

ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3/3.0.4 ReDoS denial of service

A vulnerability was found in ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3/3.0.4. It has been rated as problematic. This issue affects some unknown processing. Applying the patch cve-2020-15598.patch is able to eliminate this problem. The bugfix is ready...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.5.7/8.11.0 QueryComponent!Default.jspa information disclosure

A vulnerability was found in Atlassian JIRA Server and Data Center up to 8.5.7/8.11.0 (Bug Tracking Software). It has been classified as problematic. This affects an unknown code of the file /secure/QueryComponent!Default.jspa. Upgrading to...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 7.13.15/8.5.6/8.10.1/8.11.0 ReDoS denial of service

A vulnerability was found in Atlassian JIRA Server and Data Center up to 7.13.15/8.5.6/8.10.1/8.11.0 (Bug Tracking Software) and classified as problematic. Affected by this issue is an unknown part. Upgrading to version 7.13.16, 8.5.7, 8.10.2 or...
Auteur: VulDB

Atlassian Jira Service Desk Server/Data Center up to 4.11.x Project Request Type information disclosure

A vulnerability was found in Atlassian Jira Service Desk Server and Data Center up to 4.11.x (Bug Tracking Software). It has been declared as problematic. This vulnerability affects an unknown code block of the component Project Request Type...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust InlineArray unknown vulnerability

A vulnerability has been found in sized-chunks crate up to 0.6.2 on Rust (Rust Package) and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust insert_from memory corruption

A vulnerability, which was classified as critical, was found in sized-chunks crate up to 0.6.2 on Rust (Rust Package). Affected is the function insert_from. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust memory corruption [CVE-2020-25794]

A vulnerability, which was classified as critical, has been found in sized-chunks crate up to 0.6.2 on Rust (Rust Package). This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust memory corruption [CVE-2020-25793]

A vulnerability classified as critical was found in sized-chunks crate up to 0.6.2 on Rust (Rust Package). This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust pair() memory corruption

A vulnerability classified as critical has been found in sized-chunks crate up to 0.6.2 on Rust (Rust Package). This affects the function pair(). There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

sized-chunks crate up to 0.6.2 on Rust unit() memory corruption

A vulnerability was found in sized-chunks crate up to 0.6.2 on Rust (Rust Package). It has been rated as critical. Affected by this issue is the function unit(). There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Typesetter CMS up to 5.1 ZIP Archive File Upload privilege escalation

A vulnerability was found in Typesetter CMS up to 5.1 (Content Management System). It has been declared as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Tiny RSS prior 2020-09-16 SVG Document unknown vulnerability

A vulnerability was found in Tiny RSS. It has been classified as problematic. Upgrading to version 2020-09-16 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
Auteur: VulDB

Tiny RSS prior 2020-09-16 Error Message init.php $_REQUEST["url"] unknown vulnerability

A vulnerability was found in Tiny RSS and classified as problematic. This issue affects an unknown functionality of the file plugins/af_proxy_http/init.php of the component Error Message Handler. Upgrading to version 2020-09-16 eliminates this...
Auteur: VulDB

Tiny RSS prior 2020-09-16 URL unknown vulnerability [CVE-2020-25787]

A vulnerability has been found in Tiny RSS and classified as problematic. This vulnerability affects an unknown function of the component URL Handler. Upgrading to version 2020-09-16 eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB

D-Link DIR-816L/DIR-803 URL Encoding webinc/js/info.php Referer Header cross site scripting

A vulnerability, which was classified as problematic, was found in D-Link DIR-816L and DIR-803 (Router Operating System) (the affected version unknown). This affects some unknown processing of the file webinc/js/info.php of the component URL...
Auteur: VulDB

Huawei HiSilicon RTSP Stream information disclosure [CVE-2020-24216] [Disputed]

A vulnerability, which was classified as problematic, has been found in Huawei HiSilicon (affected version not known). Affected by this issue is an unknown code block of the component RTSP Stream Handler. There is no information about possible...
Auteur: VulDB

Huawei HiSilicon printf memory corruption [Disputed]

A vulnerability classified as critical was found in Huawei HiSilicon (affected version unknown). Affected by this vulnerability is the function printf. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Huawei HiSilicon box_ProcessRequest File Upload privilege escalation [Disputed]

A vulnerability classified as critical has been found in Huawei HiSilicon (version unknown). Affected is the function box_ProcessRequest. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Huawei HiSilicon box_ProcessRequest directory traversal [Disputed]

A vulnerability was found in Huawei HiSilicon (unknown version). It has been rated as problematic. This issue affects the function box_ProcessRequest. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Huawei HiSilicon Telnet Service privilege escalation [CVE-2020-24218] [Disputed]

A vulnerability was found in Huawei HiSilicon (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown functionality of the component Telnet Service. There is no information about possible...
Auteur: VulDB

Huawei HiSilicon Backdoor weak authentication [CVE-2020-24215] [Disputed]

A vulnerability was found in Huawei HiSilicon (the affected version unknown). It has been classified as critical. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
First567891011121314Last

Événements SSI