Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Rockwell Automation FactoryTalk Linx up to 6.11 Port Range heap-based buffer overflow

A vulnerability classified as critical has been found in Rockwell Automation FactoryTalk Linx up to 6.11 (Automation Software). Affected is an unknown code block of the component Port Range Handler. There is no information about possible...
Auteur: VulDB

spice-vdagentd up to 0.20 Client Connection race condition

A vulnerability was found in spice-vdagentd up to 0.20. It has been rated as problematic. This issue affects an unknown code of the component Client Connection Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

spice-vdagentd up to 0.20 Unix Domain Socket spice-vdagent-sock allocation of resources

A vulnerability was found in spice-vdagentd up to 0.20. It has been declared as problematic. This vulnerability affects an unknown part of the file /run/spice-vdagentd/spice-vdagent-sock of the component Unix Domain Socket Handler. There is no...
Auteur: VulDB

spice-vdagent up to 0.20 File Transfer race condition

A vulnerability was found in spice-vdagent up to 0.20. It has been classified as problematic. This affects some unknown functionality of the component File Transfer Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

x11vnc 0.9.16 shmget Call scan.c access control

A vulnerability was found in x11vnc 0.9.16 and classified as critical. Affected by this issue is an unknown functionality of the file scan.c of the component shmget Call Handler. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

osCommerce 2.3.4.1 Newsletter cross site scripting

A vulnerability has been found in osCommerce 2.3.4.1 (E-Commerce Management Software) and classified as problematic. Affected by this vulnerability is an unknown function of the component Newsletter Handler. There is no information about possible...
Auteur: VulDB

Nanopb up to 0.3.9.6/0.4.3 Message memory corruption

A vulnerability, which was classified as problematic, was found in Nanopb up to 0.3.9.6/0.4.3. Affected is some unknown processing of the component Message Handler. Upgrading to version 0.3.9.7 or 0.4.4 eliminates this vulnerability. Applying a...
Auteur: VulDB

GLPI up to 9.5.2 caldav.php authorization

A vulnerability, which was classified as critical, has been found in GLPI up to 9.5.2 (Asset Management Software). This issue affects an unknown code block of the file caldav.php. Upgrading to version 9.5.3 eliminates this vulnerability. The...
Auteur: VulDB

spice-vdagentd up to 0.20 File Transfer spice-vdagent-sock allocation of resources

A vulnerability classified as problematic was found in spice-vdagentd up to 0.20. This vulnerability affects an unknown code of the file /run/spice-vdagentd/spice-vdagent-sock of the component File Transfer Handler. There is no information about...
Auteur: VulDB

Atlassian Fisheye/Crucible up to 4.8.3 MessageBundleResource denial of service

A vulnerability classified as problematic has been found in Atlassian Fisheye and Crucible up to 4.8.3 (Programming Tool Software). This affects an unknown part of the component MessageBundleResource. Upgrading to version 4.8.4 eliminates this...
Auteur: VulDB

Atlassian Fisheye/Crucible up to 4.8.3 EyeQL incorrect regex

A vulnerability was found in Atlassian Fisheye and Crucible up to 4.8.3 (Programming Tool Software). It has been rated as problematic. Affected by this issue is some unknown functionality of the component EyeQL. Upgrading to version 4.8.4...
Auteur: VulDB

Sanctions de 2 250 000 euros et de 800 000 euros pour les sociétés CARREFOUR FRANCE et CARREFOUR BANQUE

Saisie de plusieurs plaintes, la CNIL a sanctionné deux sociétés du groupe CARREFOUR pour des manquements au RGPD concernant notamment l’information délivrée aux personnes et le respect de leurs droits.
Auteur: Cnil

LiquidFiles up to 3.3.18 messages/sent cross site scripting

A vulnerability was found in LiquidFiles up to 3.3.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file messages/sent?format=js. Upgrading to version 3.3.19 eliminates this vulnerability....
Auteur: VulDB

LiquidFiles up to 3.3.18 Attachment permission

A vulnerability was found in LiquidFiles up to 3.3.18. It has been classified as critical. Affected is an unknown function of the component Attachment Handler. Upgrading to version 3.3.19 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Go Ethereum up to 1.9.17 Block denial of service

A vulnerability was found in Go Ethereum up to 1.9.17 and classified as problematic. This issue affects some unknown processing of the component Block Handler. Upgrading to version 1.9.18 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Go Ethereum up to 1.9.16 Consensus an calculation

A vulnerability has been found in Go Ethereum up to 1.9.16 and classified as critical. This vulnerability affects an unknown code block of the component Consensus Handler. Upgrading to version 1.9.17 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

Go Ethereum up to 1.9.23 ethash Mining DAG Generation calculation

A vulnerability, which was classified as problematic, was found in Go Ethereum up to 1.9.23. This affects an unknown code of the component ethash Mining DAG Generation. Upgrading to version 1.9.24 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

CERTFR-2020-AVI-775 : Multiples vulnérabilités dans Zimbra (25 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Zimbra. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-774 : Vulnérabilité dans Xen (25 novembre 2020)

Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer un déni de service. La possibilité de porter atteinte à la confidentialité des données ou de réaliser une élévation de privilèges n'est pas à exclure. Cette...
Auteur: Cert FR

CERTFR-2020-AVI-772 : Multiples vulnérabilités dans Citrix Hypervisor (25 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données. La possibilité de provoquer un déni de...
Auteur: Cert FR

CERTFR-2020-AVI-773 : Multiples vulnérabilités dans Joomla (25 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Joomla. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité...
Auteur: Cert FR

CRIXP OpenCRX up to 4.30/5.0-20200717 Password Change weak password recovery

A vulnerability, which was classified as critical, has been found in CRIXP OpenCRX up to 4.30/5.0-20200717. Affected by this issue is an unknown part of the component Password Change Handler. There is no information about possible countermeasures...
Auteur: VulDB

Vmware SD-WAN Orchestrator up to 3.3.2 P2/3.4.3/4.0.0 sql injection

A vulnerability classified as critical was found in Vmware SD-WAN Orchestrator up to 3.3.2 P2/3.4.3/4.0.0 (Network Management Software). Affected by this vulnerability is some unknown functionality. Upgrading to version 3.3.2 P3, 3.4.4 or 4.0.1...
Auteur: VulDB

Vmware SD-WAN Orchestrator up to 3.3.2 P2/3.4.3/4.0.0 System Parameter unknown vulnerability

A vulnerability classified as problematic has been found in Vmware SD-WAN Orchestrator up to 3.3.2 P2/3.4.3/4.0.0 (Network Management Software). Affected is an unknown functionality of the component System Parameter Handler. Upgrading to version...
Auteur: VulDB

Vmware SD-WAN Orchestrator 3.3.2/3.4.x/4.0.x hard-coded password

A vulnerability was found in Vmware SD-WAN Orchestrator 3.3.2/3.4.x/4.0.x (Network Management Software). It has been rated as problematic. This issue affects an unknown function.
Auteur: VulDB
12345678910Last

Événements SSI