Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-459 : Multiples vulnérabilités dans les produits Qnap (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un problème de sécurité non spécifié par l'éditeur et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-458 : Multiples vulnérabilités dans Nagios XI (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-457 : Vulnérabilité dans MongoDB Go Driver (11 juin 2021)

Une vulnérabilité a été découverte dans MongoDB Go Driver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Auteur: Cert FR

Backdoor.Win32.Zombam.gen HTML Web UI cross site scripting

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown part of the component HTML Web UI. Proper firewalling of...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI buffer overflow

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version unknown). It has been classified as critical. This affects some unknown functionality of the component HTML Web UI. It is possible to mitigate...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI command injection

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the component HTML Web UI. Addressing this...
Auteur: VulDB

NetSetMan Pro up to 4.x Save Log to File Local Privilege Escalation

A vulnerability has been found in NetSetMan Pro up to 4.x and classified as critical. Affected by this vulnerability is an unknown function of the component Save Log to File. Upgrading to version 5.0 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows uncontrolled search path

A vulnerability, which was classified as critical, was found in McAfee Agent up to 5.7.2 on Windows. Affected is some unknown processing. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows MA Event Folder privileges management

A vulnerability, which was classified as critical, has been found in McAfee Agent up to 5.7.2 on Windows. This issue affects an unknown code block of the component MA Event Folder. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This vulnerability affects an unknown code. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This affects an unknown part. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Irzip 0.631 stream.c lzma_decompress_buf use after free

A vulnerability was found in Irzip 0.631. It has been rated as problematic. Affected by this issue is the function lzma_decompress_buf of the file stream.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission

A vulnerability was found in F5 BIG-IP APM and BIG-IP APM Clients (Firewall Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Windows Installer...
Auteur: VulDB

MongoDB Go Driver up to 1.5.0 BSON injection

A vulnerability was found in MongoDB Go Driver up to 1.5.0 (Database Software). It has been classified as critical. Affected is an unknown function of the component BSON Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24671]

A vulnerability was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This issue affects some unknown processing. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24667]

A vulnerability has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This vulnerability affects an unknown code block. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

XScreenSaver 5.45 Video Output update_screen_layout buffer overflow

A vulnerability, which was classified as critical, was found in XScreenSaver 5.45. This affects the function update_screen_layout of the component Video Output Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

LabCup up to 6.3.0.02 Save API improper authentication

A vulnerability, which was classified as critical, has been found in LabCup up to 6.3.0.02. Affected by this issue is an unknown part of the component Save API. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Irzip 0.631 stream.c ucompthread null pointer dereference

A vulnerability classified as problematic was found in Irzip 0.631. Affected by this vulnerability is the function ucompthread of the file stream.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Irzip 0.621 stream.c lzo_decompress_buf null pointer dereference

A vulnerability classified as problematic has been found in Irzip 0.621. Affected is the function lzo_decompress_buf of the file stream.c. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Kiuwan Plugin up to 1.6.0 on Jenkins Query Parameter cross site scripting

A vulnerability was found in Kiuwan Plugin up to 1.6.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. This issue affects an unknown function of the component Query Parameter Handler. There is no information about possible...
Auteur: VulDB

XebiaLabs XL Deploy Plugin up to 10.0.1 on Jenkins cross-site request forgery

A vulnerability was found in XebiaLabs XL Deploy Plugin up to 10.0.1 on Jenkins (Jenkins Plugin). It has been declared as problematic. This vulnerability affects some unknown processing. There is no information about possible countermeasures...
Auteur: VulDB

TP-Link TL-SG2005/TL-SG2008 1.0.0 Build 20180529 Rel.40524 cross-site request forgery

A vulnerability was found in TP-Link TL-SG2005 and TL-SG2008 1.0.0 Build 20180529 Rel.40524 (Router Operating System). It has been classified as problematic. This affects an unknown code block. There is no information about possible...
Auteur: VulDB

PRTG Network Monitor 20.1.55.1775 /editsettings cross-site request forgery

A vulnerability was found in PRTG Network Monitor 20.1.55.1775 (Network Management Software) and classified as problematic. Affected by this issue is an unknown code of the file /editsettings. There is no information about possible...
Auteur: VulDB

XebiaLabs XL Deploy Plugin up to 10.0.1 on Jenkins authorization

A vulnerability has been found in XebiaLabs XL Deploy Plugin up to 10.0.1 on Jenkins (Jenkins Plugin) and classified as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It...
Auteur: VulDB
12345678910Last

Événements SSI