Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GitHub Enterprise Server 3.0.0/3.0.0.rc1/3.0.0.rc2 Fork improper authorization

A vulnerability classified as critical has been found in GitHub Enterprise Server 3.0.0/3.0.0.rc1/3.0.0.rc2 (Bug Tracking Software). Affected is an unknown function of the component Fork Handler. Upgrading to version 3.0.1 eliminates this...
Auteur: VulDB

GitHub Enterprise Server up to 2.4.20/2.20.23/2.21.14/2.22.6/3.0.0 REST API improper authorization

A vulnerability was found in GitHub Enterprise Server up to 2.4.20/2.20.23/2.21.14/2.22.6/3.0.0 (Bug Tracking Software). It has been rated as critical. This issue affects some unknown processing of the component REST API. Upgrading to version...
Auteur: VulDB

Oracle Cloud Infrastructure Data Science Notebook Sessions Local Privilege Escalation

A vulnerability was found in Oracle Cloud Infrastructure Data Science Notebook Sessions (Cloud Software) (the affected version is unknown). It has been declared as problematic. There is no information about possible countermeasures known. It may...
Auteur: VulDB

pug up to 2.0.2/3.0.0 on npm Template injection

A vulnerability was found in pug up to 2.0.2/3.0.0 on npm (NPM Package). It has been classified as problematic. This affects an unknown code of the component Template Handler. Upgrading to version 2.0.3 or 3.0.1 eliminates this vulnerability. The...
Auteur: VulDB

Anuko Time Tracker prior 1.19.24.5415/1.19.24.5416 Password Reset password recovery

A vulnerability was found in Anuko Time Tracker and classified as problematic. Affected by this issue is an unknown part of the component Password Reset Handler. Upgrading to version 1.19.24.5415 or 1.19.24.5416 eliminates this vulnerability....
Auteur: VulDB

GitHub Enterprise Server up to 2.20.23/2.21.14/2.22.6 Parser Configuration command injection

A vulnerability has been found in GitHub Enterprise Server up to 2.20.23/2.21.14/2.22.6 (Bug Tracking Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component Parser Configuration...
Auteur: VulDB

CERTFR-2021-ALE-004 : Multiples vulnérabilités dans Microsoft Exchange Server (03 mars 2021)

Le 2 mars 2021, Microsoft a publié des correctifs concernant des vulnérabilités critiques de type « jour zéro » (zero day) affectant les serveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019. Ces vulnérabilités permettent à un...
Auteur: Cert FR

CERTFR-2021-AVI-161 : Multiples vulnérabilités dans Joomla! (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-160 : Vulnérabilité dans Junos OS (03 mars 2021)

Une vulnérabilité a été découverte dans Junos OS. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-159 : Vulnérabilité dans les produits Trend Micro (03 mars 2021)

Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-158 : Multiples vulnérabilités dans le noyau Linux de Red Hat (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2021-AVI-157 : Multiples vulnérabilités dans Tenable.sc (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant authentifié de provoquer une exécution de code arbitraire à distance et un dénis de service.

Auteur: Cert FR

CERTFR-2021-AVI-156 : Multiples vulnérabilités dans Microsoft Exchange Server (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Exchange Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

Stormshield Network Security up to 2.7.7/2.16.0/3.7.16/3.11.4/4.1.5 Table Management denial of service

A vulnerability, which was classified as problematic, was found in Stormshield Network Security up to 2.7.7/2.16.0/3.7.16/3.11.4/4.1.5. Affected is an unknown functionality of the component Table Management Handler. Upgrading to version 2.7.8,...
Auteur: VulDB

e107 CMS up to 2.3.0 usersettings.php protection mechanism

A vulnerability, which was classified as critical, has been found in e107 CMS up to 2.3.0 (Content Management System). This issue affects an unknown function of the file usersettings.php. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Privilege Escalation

A vulnerability classified as very critical was found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software). Applying a patch is able to eliminate this problem. A possible mitigation has been published...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Code Execution

A vulnerability classified as critical has been found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software). Applying a patch is able to eliminate this problem. A possible mitigation has been published...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Code Execution

A vulnerability was found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software). It has been rated as critical. Applying a patch is able to eliminate this problem. A possible mitigation has been...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Code Execution

A vulnerability was found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software). It has been declared as critical. Applying a patch is able to eliminate this problem. A possible mitigation has been...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 unknown vulnerability

A vulnerability was found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software). It has been classified as very critical. Applying a patch is able to eliminate this problem. A possible mitigation has...
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Privilege Escalation

A vulnerability was found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software) and classified as critical. Applying a patch is able to eliminate this problem. A possible mitigation has been published...
Auteur: VulDB

Samsung MobileWips App prior SMR Feb-2021 Release 1 denial of service

A vulnerability, which was classified as problematic, was found in Samsung MobileWips App. This affects some unknown processing. Upgrading to version SMR Feb-2021 Release 1 eliminates this vulnerability.
Auteur: VulDB

Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 Remote Privilege Escalation

A vulnerability has been found in Microsoft Exchange Server 2013 CU23/2016 CU18/2016 CU19/2019 CU7/2019 CU8 (Groupware Software) and classified as very critical. Applying a patch is able to eliminate this problem. A possible mitigation has been...
Auteur: VulDB

HarmonyOS 2.0 Filesystem denial of service

A vulnerability, which was classified as problematic, has been found in HarmonyOS 2.0. Affected by this issue is an unknown code block of the component Filesystem Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

HarmonyOS 2.0 Component API permission

A vulnerability classified as critical was found in HarmonyOS 2.0. Affected by this vulnerability is an unknown code of the component Component API. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
First567891011121314Last

Événements SSI