Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ONLYOFFICE DocumentServer up to 5.6.3 Code Module denial of service

A vulnerability was found in ONLYOFFICE DocumentServer up to 5.6.3. It has been rated as problematic. Affected by this issue is some unknown processing of the component Code Module. There is no information about possible countermeasures known. It...
Auteur: VulDB

VMware Spring-integration-zip up to 1.0.3 Incomplete Fix CVE-2018-1263 path traversal

A vulnerability was found in VMware Spring-integration-zip up to 1.0.3. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Incomplete Fix CVE-2018-1263. Upgrading to version 1.0.4 eliminates...
Auteur: VulDB

Dell EMC SRS Policy Manager 6.x XML Parser xml external entity reference

A vulnerability was found in Dell EMC SRS Policy Manager 6.x (Policy Management Software). It has been classified as critical. Affected is an unknown code of the component XML Parser. There is no information about possible countermeasures known....
Auteur: VulDB

Dell EMC SourceOne up to 7.2SP10 cross site scripting [CVE-2021-21515]

A vulnerability was found in Dell EMC SourceOne up to 7.2SP10 and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Apache AsterixDB UDF Deployment path traversal [CVE-2020-9479]

A vulnerability has been found in Apache AsterixDB (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component UDF Deployment Handler. Applying the patch...
Auteur: VulDB

MongoDB up to 3.6.20/4.0.19 Regex denial of service

A vulnerability, which was classified as problematic, was found in MongoDB up to 3.6.20/4.0.19 (Database Software). This affects an unknown functionality of the component Regex Handler. Upgrading to version 3.6.21 or 4.0.20 eliminates this...
Auteur: VulDB

Crowd up to 4.0.3/4.1.1 ResourceDownloadRewriteRule path traversal

A vulnerability, which was classified as critical, has been found in Crowd up to 4.0.3/4.1.1. Affected by this issue is the function ResourceDownloadRewriteRule. Upgrading to version 4.0.4 or 4.1.2 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 3.6.10/4.0.5 Generic Explain Command denial of service

A vulnerability classified as problematic was found in MongoDB up to 3.6.10/4.0.5 (Database Software). Affected by this vulnerability is some unknown processing of the component Generic Explain Command Handler. Upgrading to version 3.6.11 or...
Auteur: VulDB

Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 Incomplete Fix CVE-2020-9484 deserialization

A vulnerability classified as critical has been found in Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 (Application Server Software). Affected is an unknown code block of the component Incomplete Fix CVE-2020-9484.
Auteur: VulDB

Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 h2c Connection information disclosure

A vulnerability was found in Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 (Application Server Software). It has been rated as problematic. This issue affects an unknown code of the component h2c Connection Handler. There is no information about...
Auteur: VulDB

CERTFR-2021-ACT-009 : Bulletin d’actualité CERTFR-2021-ACT-009 (01 mars 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-AVI-152 : Multiples vulnérabilités dans Citrix Hypervisor (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service. Précision : la vulnérabilité est exploitable depuis une machine virtuelle et permet de provoquer un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-151 : Multiples vulnérabilités dans mongoDB et mongoDB Ops Manager (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans mongoDB et mongoDB Ops Manager. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-150 : Vulnérabilité dans IBM Qradar (01 mars 2021)

Une vulnérabilité a été découverte dans IBM Qradar. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

Dataiku DSS up to 8.0.5 Project access control

A vulnerability was found in Dataiku DSS up to 8.0.5. It has been declared as critical. This vulnerability affects an unknown part of the component Project Handler. Upgrading to version 8.0.6 eliminates this vulnerability.
Auteur: VulDB

SerComm Combo VD625 AGSOT_2.1.0 HTTP Header Content-Disposition injection

A vulnerability was found in SerComm Combo VD625 AGSOT_2.1.0. It has been classified as critical. This affects some unknown functionality of the component HTTP Header Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SaltStack Salt prior 3002.5 SSH Client an os command injection

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown functionality of the component SSH Client. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

i-doit up to 1.15.x cross site scripting [CVE-2021-3151]

A vulnerability has been found in i-doit up to 1.15.x and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 API salt/utils/thin.py salt.utils.thin.gen_thin command injection

A vulnerability, which was classified as critical, was found in SaltStack Salt. Affected is the function salt.utils.thin.gen_thin of the file salt/utils/thin.py of the component API. Upgrading to version 3002.5 eliminates this vulnerability. The...
Auteur: VulDB

SaltStack Salt prior 3002.5 eauth Token unknown vulnerability

A vulnerability, which was classified as critical, has been found in SaltStack Salt. This issue affects an unknown code block of the component eauth Token Handler. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

wpa_supplicant up to 2.9 P2P Provision Discovery Request p2p/p2p_pd.c denial of service

A vulnerability classified as problematic was found in wpa_supplicant up to 2.9. This vulnerability affects an unknown code of the file p2p/p2p_pd.c of the component P2P Provision Discovery Request Handler. Upgrading to version 2.10 eliminates...
Auteur: VulDB

Zint Barcode Generator 2.19.1 C API backend/upcean.c ean_leading_zeroes buffer overflow

A vulnerability classified as critical has been found in Zint Barcode Generator 2.19.1. This affects the function ean_leading_zeroes of the file backend/upcean.c of the component C API. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Visualware MyConnection Server up to 11.0b Build 5382 Web Service myspeed/sf unrestricted upload

A vulnerability was found in Visualware MyConnection Server up to 11.0b Build 5382. It has been rated as critical. Affected by this issue is some unknown functionality of the file myspeed/sf?filename= of the component Web Service. There is no...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 faad path traversal

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component faad. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 synorelayd insertion of sensitive information into sent data

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been classified as critical. Affected is an unknown function of the component synorelayd. Upgrading to version 6.2.3-25426-3 eliminates this...
Auteur: VulDB
First891011121314151617Last

Événements SSI