Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SAP BusinessObjects Business Intelligence Platform 410/420 Input Control cross site scripting

A vulnerability was found in SAP BusinessObjects Business Intelligence Platform 410/420 (Business Process Management Software) and classified as problematic. Affected by this issue is an unknown functionality of the component Input Control...
Auteur: VulDB

SAP NetWeaver AS ABAP up to 755 denial of service [CVE-2021-21446]

A vulnerability has been found in SAP NetWeaver AS ABAP up to 755 (Solution Stack Software) and classified as problematic. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SAP Commerce Cloud 1808/1811/1905/2005/2011 HTTP Response Content-Type cross site scripting

A vulnerability, which was classified as problematic, was found in SAP Commerce Cloud 1808/1811/1905/2005/2011 (Cloud Software). Affected is some unknown processing of the component HTTP Response Handler. There is no information about possible...
Auteur: VulDB

IBM API Connect up to 5.0.8.10 Web UI cross site scripting

A vulnerability, which was classified as problematic, has been found in IBM API Connect up to 5.0.8.10 (Automation Software). This issue affects an unknown code block of the component Web UI. There is no information about possible countermeasures...
Auteur: VulDB

IBM Workload Automation 9.5 Path information disclosure

A vulnerability classified as problematic was found in IBM Workload Automation 9.5 (Automation Software). This vulnerability affects an unknown code of the component Path Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

IBM Workload Automation 9.5 HTML Comment information disclosure

A vulnerability classified as problematic has been found in IBM Workload Automation 9.5 (Automation Software). This affects an unknown part of the component HTML Comment Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Combodo iTop up to 2.7.1 Ajax Endpoint information disclosure

A vulnerability was found in Combodo iTop up to 2.7.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Ajax Endpoint. Upgrading to version 2.7.2, 2.8.0 or 3.0.0 eliminates this vulnerability.
Auteur: VulDB

RailsAdmin up to 1.4.2/2.0.1 Nested Form cross site scripting

A vulnerability was found in RailsAdmin up to 1.4.2/2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Nested Form Handler. Upgrading to version 1.4.3 or 2.0.2 eliminates this...
Auteur: VulDB

ClusterLabs crmsh up to 4.2.1 crm History code injection

A vulnerability was found in ClusterLabs crmsh up to 4.2.1. It has been classified as critical. Affected is an unknown function of the component crm History Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

ClusterLabs Hawk up to 2.3.0-x Cookie hawk_remember_me_id code injection

A vulnerability was found in ClusterLabs Hawk up to 2.3.0-x and classified as critical. This issue affects some unknown processing of the component Cookie Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Siemens SCALANCE X-300/SCALANCE X-408/SIPLUS NET up to 4.0.x Factory Reset hard-coded key

A vulnerability has been found in Siemens SCALANCE X-300, SCALANCE X-408 and SIPLUS NET up to 4.0.x and classified as problematic. This vulnerability affects an unknown code block of the component Factory Reset Handler. Upgrading to version 4.1.0...
Auteur: VulDB

Siemens SCALANCE X-200/SCALANCE X-200IRT C-PLUG hard-coded key

A vulnerability, which was classified as problematic, was found in Siemens SCALANCE X-200 and SCALANCE X-200IRT (the affected version unknown). This affects an unknown code of the component C-PLUG. There is no information about possible...
Auteur: VulDB

Siemens Opcenter Execution Core 8.2/8.3 insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in Siemens Opcenter Execution Core 8.2/8.3. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Siemens Solid Edge prior SE2021MP2 DFT File Parser out-of-bounds write

A vulnerability classified as critical was found in Siemens Solid Edge. Affected by this vulnerability is some unknown functionality of the component DFT File Parser. Upgrading to version SE2021MP2 eliminates this vulnerability.
Auteur: VulDB

Siemens Solid Edge prior SE2021MP2 PAR File Parser stack-based overflow

A vulnerability classified as critical has been found in Siemens Solid Edge. Affected is an unknown functionality of the component PAR File Parser. Upgrading to version SE2021MP2 eliminates this vulnerability.
Auteur: VulDB

Siemens JT2Go//Solid Edge/Teamcenter Visualization prior 13.1.0 PAR File Parser out-of-bounds write

A vulnerability was found in Siemens JT2Go, Solid Edge and Teamcenter Visualization. It has been rated as critical. This issue affects an unknown function of the component PAR File Parser. Upgrading to version 13.1.0 eliminates this vulnerability.
Auteur: VulDB

Siemens Solid Edge prior SE2021MP2 PAR File Parser out-of-bounds write

A vulnerability was found in Siemens Solid Edge. It has been declared as critical. This vulnerability affects some unknown processing of the component PAR File Parser. Upgrading to version SE2021MP2 eliminates this vulnerability.
Auteur: VulDB

Siemens Solid Edge PAR File Parser out-of-bounds write [CVE-2020-28381]

A vulnerability was found in Siemens Solid Edge (the affected version unknown). It has been classified as critical. This affects an unknown code block of the component PAR File Parser. There is no information about possible countermeasures known....
Auteur: VulDB

TIBCO EBX Add-on up to 4.4.2 xml external entity reference [CVE-2020-27148]

A vulnerability was found in TIBCO EBX Add-on up to 4.4.2 and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Siemens JT2Go/Teamcenter Visualization up to 13.0.x CG4 File out-of-bounds read

A vulnerability has been found in Siemens JT2Go and Teamcenter Visualization up to 13.0.x and classified as problematic. Affected by this vulnerability is an unknown part of the component CG4 File Handler. Upgrading to version 13.1.0 eliminates...
Auteur: VulDB

Siemens JT2Go/Teamcenter Visualization up to 13.0.x SGI File out-of-bounds write

A vulnerability, which was classified as critical, was found in Siemens JT2Go and Teamcenter Visualization up to 13.0.x. Affected is some unknown functionality of the component SGI File Handler. Upgrading to version 13.1.0 eliminates this...
Auteur: VulDB

CERTFR-2021-AVI-029 : Multiples vulnérabilités dans les produits Microsoft (13 janvier 2021)

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une usurpation d'identité, une exécution de code à distance, un contournement...
Auteur: Cert FR

CERTFR-2021-AVI-028 : Multiples vulnérabilités dans Microsoft .Net (13 janvier 2021)

De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-026 : Multiples vulnérabilités dans Microsoft Office (13 janvier 2021)

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer un contournement de la fonctionnalité de sécurité, une exécution de code à distance, une usurpation d'identité et une élévation de...
Auteur: Cert FR

CERTFR-2021-AVI-027 : Multiples vulnérabilités dans Microsoft Windows (13 janvier 2021)

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance, un contournement de la fonctionnalité de sécurité,...
Auteur: Cert FR
First567891011121314Last

Événements SSI