Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Cloud APM 8.1.4 APM UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM Cloud APM 8.1.4 (Cloud Software). Affected is an unknown code of the component APM UI. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Cloud APM 8.1.4 DNS Query unknown vulnerability [CVE-2020-4719]

A vulnerability, which was classified as problematic, has been found in IBM Cloud APM 8.1.4 (Cloud Software). This issue affects an unknown part of the component DNS Query Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

bPanel 2.0 Administrative Ajax Endpoint ajax/aj_*.php sql injection

A vulnerability classified as critical was found in bPanel 2.0. This vulnerability affects some unknown functionality of the file ajax/aj_*.php of the component Administrative Ajax Endpoint. There is no information about possible countermeasures...
Auteur: VulDB

BlackBoard Collaborate Ultra 20.02 Class Room cross site scripting

A vulnerability classified as problematic has been found in BlackBoard Collaborate Ultra 20.02 (Forum Software). This affects an unknown functionality of the component Class Room Handler. There is no information about possible countermeasures...
Auteur: VulDB

UltimateKode Neo Billing up to 3.5 cross site scripting [CVE-2020-23518]

A vulnerability was found in UltimateKode Neo Billing up to 3.5 (Billing Software). It has been rated as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 GET Parameter redirect.php cross site scripting

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the file redirect.php of the component GET Parameter...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 LDAP server-side request forgery

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2. It has been classified as critical. Affected is an unknown code block of the component LDAP Handler. Upgrading to version 2.7.1 eliminates this vulnerability.
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 web2go Session privileges management

A vulnerability was found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2 and classified as critical. This issue affects an unknown code of the component web2go Session Handler. Upgrading to version 2.7.1 eliminates this...
Auteur: VulDB

MB Connect Line mymbCONNECT24/mbCONNECT24 up to 2.6.2 privileges management

A vulnerability has been found in MB Connect Line mymbCONNECT24 and mbCONNECT24 up to 2.6.2 and classified as critical. This vulnerability affects an unknown part. Upgrading to version 2.7.1 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-CTI-007 : 🇬🇧 The Egregor Ransomware (02 mars 2021)

Active since September 2020, the Egregor ransomware is currently being used in Big Game Hunting operations. Part of the Sekhmet malware family, Egregor is sometimes considered the successor to …
Auteur: Cert FR

MISP 2.4.139 SharingGroupServer.php access control

A vulnerability, which was classified as critical, was found in MISP 2.4.139. This affects some unknown functionality of the file app/Model/SharingGroupServer.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

LG Mobile Device Fingerprint unknown vulnerability [CVE-2021-27901]

A vulnerability, which was classified as critical, has been found in LG Mobile Device (Smartphone Operating System) (affected version not known). Affected by this issue is an unknown functionality of the component Fingerprint Handler. There is no...
Auteur: VulDB

Apache Ambari 2.7.4 Views cross site scripting

A vulnerability classified as problematic was found in Apache Ambari 2.7.4. Affected by this vulnerability is an unknown function of the component Views. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

CERTFR-2021-AVI-155 : Multiples vulnérabilités dans Google Android (02 mars 2021)

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-154 : Multiples vulnérabilités dans SaltStack (02 mars 2021)

De multiples vulnérabilités ont été découvertes dans SaltStack. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-153 : Vulnérabilité dans Stormshield Network Security (02 mars 2021)

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

ZendTo up to 6.06-3 Filename cross site scripting

A vulnerability classified as problematic has been found in ZendTo up to 6.06-3. Affected is some unknown processing of the component Filename Handler. Upgrading to version 6.06-4 Beta eliminates this vulnerability.
Auteur: VulDB

JPEG XL up to 0.3.2 memory corruption [CVE-2021-27804]

A vulnerability was found in JPEG XL up to 0.3.2. It has been rated as critical. This issue affects an unknown code block. Upgrading eliminates this vulnerability. The upgrade is hosted for download at gitlab.com.
Auteur: VulDB

Accellion FTA up to 9_12_432 User Endpoint cross site scripting

A vulnerability was found in Accellion FTA up to 9_12_432. It has been declared as problematic. This vulnerability affects an unknown code of the component User Endpoint. Upgrading to version 9_12_444 eliminates this vulnerability.
Auteur: VulDB

Accellion FTA up to 9_12_432 Admin Endpoint by argument injection

A vulnerability was found in Accellion FTA up to 9_12_432. It has been classified as critical. This affects an unknown part of the component Admin Endpoint. Upgrading to version 9_12_444 eliminates this vulnerability.
Auteur: VulDB

Gigaset DX600A 41.00-175 Telnet Administrator Service excessive authentication

A vulnerability was found in Gigaset DX600A 41.00-175 and classified as problematic. Affected by this issue is some unknown functionality of the component Telnet Administrator Service. There is no information about possible countermeasures known....
Auteur: VulDB

Gigaset DX600A 41.00-175 AT Command buffer overflow

A vulnerability has been found in Gigaset DX600A 41.00-175 and classified as critical. Affected by this vulnerability is an unknown functionality of the component AT Command Handler. Proper firewalling of is able to address this issue.
Auteur: VulDB

fastify-http-proxy up to 4.3.0 on npm escape output [CVE-2021-21322]

A vulnerability, which was classified as critical, was found in fastify-http-proxy up to 4.3.0 on npm (Firewall Software). Affected is an unknown function. Upgrading to version 4.3.1 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

fastify-reply-from up to 4.0.1 on npm HTTP Request escape output

A vulnerability, which was classified as critical, has been found in fastify-reply-from up to 4.0.1 on npm (NPM Package). This issue affects some unknown processing of the component HTTP Request Handler. Upgrading to version 4.0.2 eliminates this...
Auteur: VulDB

matrix-react-sdk up to 3.14.x on npm insufficient verification of data authenticity

A vulnerability classified as problematic was found in matrix-react-sdk up to 3.14.x on npm (JavaScript Library). This vulnerability affects an unknown code block. Upgrading to version 3.15.0 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB
12345678910Last

Événements SSI