Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GitLab Community Edition/Enterprise Edition up to 12.6.6 Project resource consumption

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 12.6.6 (Bug Tracking Software). Affected is an unknown part of the component Project Handler. Upgrading to version 12.6.7 eliminates...
Auteur: VulDB

Dell EMC OpenManage Server Administrator up to 9.5 path traversal

A vulnerability was found in Dell EMC OpenManage Server Administrator up to 9.5. It has been rated as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Dell EMC OpenManage Server Administrator 9.5 on Windows Distributed Web Server improper authentication

A vulnerability was found in Dell EMC OpenManage Server Administrator 9.5 on Windows. It has been declared as critical. This vulnerability affects an unknown functionality of the component Distributed Web Server. There is no information about...
Auteur: VulDB

GLPI 9.5.0/9.5.1/9.5.2/9.5.3 ajax/kanban.php cross site scripting

A vulnerability was found in GLPI 9.5.0/9.5.1/9.5.2/9.5.3 (Asset Management Software). It has been classified as problematic. This affects an unknown function of the file ajax/kanban.php. Upgrading to version 9.5.4 eliminates this vulnerability....
Auteur: VulDB

GLPI up to 9.5.3 resource injection [CVE-2021-21255]

A vulnerability was found in GLPI up to 9.5.3 (Asset Management Software) and classified as problematic. Affected by this issue is some unknown processing. Upgrading to version 9.5.4 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

IBM Cloud APM 8.1.4 information disclosure [CVE-2020-4726]

A vulnerability has been found in IBM Cloud APM 8.1.4 (Cloud Software) and classified as problematic. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Cloud APM 8.1.4 APM UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM Cloud APM 8.1.4 (Cloud Software). Affected is an unknown code of the component APM UI. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Cloud APM 8.1.4 DNS Query unknown vulnerability [CVE-2020-4719]

A vulnerability, which was classified as problematic, has been found in IBM Cloud APM 8.1.4 (Cloud Software). This issue affects an unknown part of the component DNS Query Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

bPanel 2.0 Administrative Ajax Endpoint ajax/aj_*.php sql injection

A vulnerability classified as critical was found in bPanel 2.0. This vulnerability affects some unknown functionality of the file ajax/aj_*.php of the component Administrative Ajax Endpoint. There is no information about possible countermeasures...
Auteur: VulDB

BlackBoard Collaborate Ultra 20.02 Class Room cross site scripting

A vulnerability classified as problematic has been found in BlackBoard Collaborate Ultra 20.02 (Forum Software). This affects an unknown functionality of the component Class Room Handler. There is no information about possible countermeasures...
Auteur: VulDB

UltimateKode Neo Billing up to 3.5 cross site scripting [CVE-2020-23518]

A vulnerability was found in UltimateKode Neo Billing up to 3.5 (Billing Software). It has been rated as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 GET Parameter redirect.php cross site scripting

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the file redirect.php of the component GET Parameter...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 LDAP server-side request forgery

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2. It has been classified as critical. Affected is an unknown code block of the component LDAP Handler. Upgrading to version 2.7.1 eliminates this vulnerability.
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 web2go Session privileges management

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2 and classified as critical. This issue affects an unknown code of the component web2go Session Handler. Upgrading to version 2.7.1 eliminates this...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 privileges management

A vulnerability has been found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2 and classified as critical. This vulnerability affects an unknown part. Upgrading to version 2.7.1 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-CTI-007 : 🇬🇧 The Egregor Ransomware (02 mars 2021)

Active since September 2020, the Egregor ransomware is currently being used in Big Game Hunting operations. Part of the Sekhmet malware family, Egregor is sometimes considered the successor to …
Auteur: Cert FR

MISP 2.4.139 SharingGroupServer.php access control

A vulnerability, which was classified as critical, was found in MISP 2.4.139. This affects some unknown functionality of the file app/Model/SharingGroupServer.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

LG Mobile Device Fingerprint unknown vulnerability [CVE-2021-27901]

A vulnerability, which was classified as critical, has been found in LG Mobile Device (Smartphone Operating System) (affected version not known). Affected by this issue is an unknown functionality of the component Fingerprint Handler. There is no...
Auteur: VulDB

Apache Ambari 2.7.4 Views cross site scripting

A vulnerability classified as problematic was found in Apache Ambari 2.7.4. Affected by this vulnerability is an unknown function of the component Views. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

CERTFR-2021-AVI-155 : Multiples vulnérabilités dans Google Android (02 mars 2021)

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-154 : Multiples vulnérabilités dans SaltStack (02 mars 2021)

De multiples vulnérabilités ont été découvertes dans SaltStack. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-153 : Vulnérabilité dans Stormshield Network Security (02 mars 2021)

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

ZendTo up to 6.06-3 Filename cross site scripting

A vulnerability classified as problematic has been found in ZendTo up to 6.06-3. Affected is some unknown processing of the component Filename Handler. Upgrading to version 6.06-4 Beta eliminates this vulnerability.
Auteur: VulDB

JPEG XL up to 0.3.2 memory corruption [CVE-2021-27804]

A vulnerability was found in JPEG XL up to 0.3.2. It has been rated as critical. This issue affects an unknown code block. Upgrading eliminates this vulnerability. The upgrade is hosted for download at gitlab.com.
Auteur: VulDB

Accellion FTA up to 9_12_432 User Endpoint cross site scripting

A vulnerability was found in Accellion FTA up to 9_12_432. It has been declared as problematic. This vulnerability affects an unknown code of the component User Endpoint. Upgrading to version 9_12_444 eliminates this vulnerability.
Auteur: VulDB
First6789101112131415Last

Événements SSI