Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

B&R Industrial Automation APROL prior R4.2 V7.08 AprolSqlServer DBMS improper authentication

A vulnerability was found in B&R Industrial Automation APROL (Automation Software) and classified as critical. Affected by this issue is some unknown functionality of the component AprolSqlServer DBMS. Upgrading to version R4.2 V7.08 eliminates...
Auteur: VulDB

B&R Industrial Automation APROL prior R4.2 V7.08 AprolLoader injection

A vulnerability has been found in B&R Industrial Automation APROL (Automation Software) and classified as critical. Affected by this vulnerability is an unknown functionality of the component AprolLoader. Upgrading to version R4.2 V7.08...
Auteur: VulDB

B&R Industrial Automation APROL prior R4.2 V7.08 IosHttp Service/JSON interface unknown vulnerability

A vulnerability, which was classified as problematic, was found in B&R Industrial Automation APROL (Automation Software). Affected is an unknown function of the component IosHttp Service/JSON interface. Upgrading to version R4.2 V7.08 eliminates...
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio cross site scripting

A vulnerability, which was classified as problematic, has been found in Crafter CMS 3.0.1 (Content Management System). This issue affects some unknown processing of the component Crafter Studio. There is no information about possible...
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio xml external entity reference

A vulnerability classified as problematic was found in Crafter CMS 3.0.1 (Content Management System). This vulnerability affects an unknown code block of the component Crafter Studio. There is no information about possible countermeasures known....
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio pathname traversal

A vulnerability classified as critical has been found in Crafter CMS 3.0.1 (Content Management System). This affects an unknown code of the component Crafter Studio. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio information disclosure

A vulnerability was found in Crafter CMS 3.0.1 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown part of the component Crafter Studio. There is no information about possible countermeasures known....
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio injection

A vulnerability was found in Crafter CMS 3.0.1 (Content Management System). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Crafter Studio. There is no information about possible...
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio pathname traversal

A vulnerability was found in Crafter CMS 3.0.1 (Content Management System). It has been classified as critical. Affected is an unknown functionality of the component Crafter Studio. There is no information about possible countermeasures known. It...
Auteur: VulDB

Crafter CMS 3.0.1 Crafter Studio resource injection

A vulnerability was found in Crafter CMS 3.0.1 (Content Management System) and classified as critical. This issue affects an unknown function of the component Crafter Studio. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2020-ALE-025 : Vulnérabilité dans Fortinet FortiOS SSL-VPN (27 novembre 2020)

Le 24 mai 2019, l'éditeur Fortinet avait publié un avis de sécurité corrigeant la vulnérabilité CVE-2018-13379 qui affecte les systèmes FortiOS lorsque le service VPN SSL est activé. Cette vulnérabilité permet à des attaquants non authentifiés...
Auteur: Cert FR

CyberArk Endpoint Privilege Manager 11.1.0.173 Credential Theft Protection protection mechanism failure

A vulnerability has been found in CyberArk Endpoint Privilege Manager 11.1.0.173 and classified as critical. This vulnerability affects some unknown processing of the component Credential Theft Protection. There is no information about possible...
Auteur: VulDB

CERTFR-2020-AVI-778 : Vulnérabilité dans IBM Db2 (27 novembre 2020)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer une exécution de code arbitraire sur le système avec les privilèges root.

Auteur: Cert FR

Ericsson BSCS iX R18 Billing & Rating solutionUnitServlet name/description cross site scripting

A vulnerability, which was classified as problematic, was found in Ericsson BSCS iX R18 Billing & Rating (Billing Software) (the affected version unknown). This affects an unknown code block of the file...
Auteur: VulDB

Ericsson BSCS iX R18 Billing & Rating Alert Dashboard Comment cross site scripting

A vulnerability, which was classified as problematic, has been found in Ericsson BSCS iX R18 Billing & Rating (Billing Software) (affected version not known). Affected by this issue is an unknown code of the component Alert Dashboard Comment...
Auteur: VulDB

cPanel up to 90.0.16 WHM Transfer Tool Interface cross site scripting

A vulnerability classified as problematic was found in cPanel up to 90.0.16 (Hosting Control Software). Affected by this vulnerability is an unknown part of the component WHM Transfer Tool Interface. Upgrading to version 90.0.17 eliminates this...
Auteur: VulDB

cPanel up to 90.0.16 2FA improper authentication

A vulnerability classified as critical has been found in cPanel up to 90.0.16 (Hosting Control Software). Affected is some unknown functionality of the component 2FA Handler. Upgrading to version 90.0.17 eliminates this vulnerability.
Auteur: VulDB

cPanel up to 90.0.16 URL Parameter injection

A vulnerability was found in cPanel up to 90.0.16 (Hosting Control Software). It has been rated as critical. This issue affects an unknown functionality of the component URL Parameter Handler. Upgrading to version 90.0.17 eliminates this...
Auteur: VulDB

Coremail XT 5.0 Signature jsp/upload.jsp signImgFile cross site scripting

A vulnerability was found in Coremail XT 5.0. It has been declared as problematic. This vulnerability affects an unknown function of the file jsp/upload.jsp of the component Signature Handler. There is no information about possible...
Auteur: VulDB

libslirp up to 4.3.1 Packet Length slirp.c buffer overflow

A vulnerability was found in libslirp up to 4.3.1. It has been classified as critical. This affects some unknown processing of the file slirp.c of the component Packet Length Handler. There is no information about possible countermeasures known....
Auteur: VulDB

libslirp up to 4.3.1 Packet Length ncsi.c buffer overflow

A vulnerability was found in libslirp up to 4.3.1 and classified as critical. Affected by this issue is an unknown code block of the file ncsi.c of the component Packet Length Handler. There is no information about possible countermeasures known....
Auteur: VulDB

BigBlueButton up to 2.2.29 Email Address account_activations/edit token improper authentication

A vulnerability has been found in BigBlueButton up to 2.2.29 and classified as critical. Affected by this vulnerability is an unknown code of the file account_activations/edit of the component Email Address Handler. There is no information about...
Auteur: VulDB

BigBlueButton up to 2.2.29 excessive authentication [CVE-2020-29042]

A vulnerability, which was classified as problematic, was found in BigBlueButton up to 2.2.29. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

GLPI up to 9.5.2 getDropdownValue.php resource injection

A vulnerability, which was classified as problematic, has been found in GLPI up to 9.5.2 (Asset Management Software). This issue affects some unknown functionality of the file ajax/getDropdownValue.php. Upgrading to version 9.5.3 eliminates this...
Auteur: VulDB

GLPI up to 9.5.2 ajax/comments.php resource injection

A vulnerability classified as critical was found in GLPI up to 9.5.2 (Asset Management Software). This vulnerability affects an unknown functionality of the file ajax/comments.php. Upgrading to version 9.5.3 eliminates this vulnerability.
Auteur: VulDB
First567891011121314Last

Événements SSI