Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Unibox SMB/Enterprise Series/Campus Series 2.4 /tools/network-trace cross-site request forgery

A vulnerability classified as problematic has been found in Unibox SMB, Enterprise Series and Campus Series 2.4. Affected is some unknown functionality of the file /tools/network-trace. There is no information about possible countermeasures...
Auteur: VulDB

Unibox U-50/Enterprise Series/Campus Series 2.4 /tools/ping os command injection

A vulnerability was found in Unibox U-50, Enterprise Series and Campus Series 2.4. It has been rated as critical. This issue affects an unknown functionality of the file /tools/ping. There is no information about possible countermeasures known....
Auteur: VulDB

Wikimedia Parsoid up to 0.11.0/0.12.1 Wikitext Utils/WTUtils.php cross site scripting

A vulnerability was found in Wikimedia Parsoid up to 0.11.0/0.12.1 (Content Management System). It has been declared as problematic. This vulnerability affects an unknown function of the file Utils/WTUtils.php of the component Wikitext Handler....
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 isValidMoveTarget denial of service

A vulnerability was found in MediaWiki up to 1.31.11/1.35.1 (Content Management System). It has been classified as problematic. This affects the function MovePage::isValidMoveTarget. Upgrading to version 1.31.12 or 1.35.2 eliminates this...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 Special:Contributions information disclosure

A vulnerability was found in MediaWiki up to 1.31.11/1.35.1 (Content Management System) and classified as problematic. Affected by this issue is an unknown code block of the file Special:Contributions. Upgrading to version 1.31.12 or 1.35.2...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 ContentModelChange permission

A vulnerability has been found in MediaWiki up to 1.31.11/1.35.1 (Content Management System) and classified as critical. Affected by this vulnerability is the function ContentModelChange. Upgrading to version 1.31.12 or 1.35.2 eliminates this...
Auteur: VulDB

MediaWiki up to 1.31.12/1.35.1 API permission

A vulnerability, which was classified as critical, was found in MediaWiki up to 1.31.12/1.35.1 (Content Management System). Affected is an unknown part of the component API. Upgrading to version 1.31.13 or 1.35.2 eliminates this vulnerability.
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.13.4/8.15.0 Dashboard Gadgets Preference Resource authorization

A vulnerability, which was classified as critical, has been found in Atlassian JIRA Server and Data Center up to 8.13.4/8.15.0 (Bug Tracking Software). This issue affects some unknown functionality of the component Dashboard Gadgets Preference...
Auteur: VulDB

CERTFR-2021-AVI-248 : Multiples vulnérabilités dans Mozilla Thunderbird (09 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-247 : Multiples vulnérabilités dans Tenable Nessus Agent (09 avril 2021)

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

Exiv2 up to 0.27.4-RC1 JPG Image jp2image.cpp Jp2Image::readMetadata rawData.size heap-based overflow

A vulnerability classified as critical was found in Exiv2 up to 0.27.4-RC1 (Image Processing Software). This vulnerability affects the function Jp2Image::readMetadata of the file jp2image.cpp of the component JPG Image Handler. Upgrading to...
Auteur: VulDB

dnsmasq up to 2.84 Port security check for standard

A vulnerability classified as problematic has been found in dnsmasq up to 2.84 (Domain Name Software). This affects an unknown function of the component Port Handler. Upgrading to version 2.85 eliminates this vulnerability.
Auteur: VulDB

Red Hat Satellite up to 2.1.x tfm-rubygem-foreman_azure_rm information disclosure

A vulnerability was found in Red Hat Satellite up to 2.1.x. It has been rated as problematic. Affected by this issue is some unknown processing of the component tfm-rubygem-foreman_azure_rm. Upgrading to version 2.2.0 eliminates this...
Auteur: VulDB

Aprelium Abyss Web Server 2.12.1/2.14 HTTP Request out-of-bounds read

A vulnerability was found in Aprelium Abyss Web Server 2.12.1/2.14 (Web Server). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component HTTP Request Handler. Proper firewalling of is able to...
Auteur: VulDB

Dolby Audio X2 API prior 0.8.8.90 on Windows Remote Privilege Escalation

A vulnerability was found in Dolby Audio X2 API on Windows (Automation Software). It has been classified as critical. Upgrading to version 0.8.8.90 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel BPF JIT Compiler Remote Privilege Escalation [CVE-2021-29154]

A vulnerability was found in Linux Kernel (Operating System) (unknown version) and classified as critical. This issue affects an unknown part of the component BPF JIT Compiler. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins authorization

A vulnerability has been found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software) and classified as critical. This vulnerability affects some unknown functionality. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins cross-site request forgery

A vulnerability, which was classified as problematic, was found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). This affects an unknown functionality. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins certificate validation

A vulnerability, which was classified as critical, has been found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). Affected by this issue is an unknown function. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins cross site scripting

A vulnerability classified as problematic was found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). Affected by this vulnerability is some unknown processing. There is no information about possible...
Auteur: VulDB

Micro Focus Operations Bridge Manager 2019.05/2019.11/2020.05/2020.10 improper authentication

A vulnerability classified as critical has been found in Micro Focus Operations Bridge Manager 2019.05/2019.11/2020.05/2020.10. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Huawei Secospace USG9500 Message memory leak [CVE-2021-22312]

A vulnerability was found in Huawei IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and Secospace USG9500. It has been rated as problematic. This issue affects an unknown code of the component Message Handler....
Auteur: VulDB

Cloud Foundry Cloud Controller API up to 1.105.x Service Broker Credential log file

A vulnerability was found in Cloud Foundry Cloud Controller API up to 1.105.x (Cloud Software). It has been declared as problematic. This vulnerability affects an unknown part of the component Service Broker Credential Handler. Upgrading to...
Auteur: VulDB

Forcepoint Web Security Content Gateway up to 8.5.3 XML information disclosure

A vulnerability was found in Forcepoint Web Security Content Gateway up to 8.5.3 (Anti-Malware Software). It has been classified as problematic. This affects some unknown functionality of the component XML Handler. Upgrading to version 8.5.4...
Auteur: VulDB

Xiaomi Mobile Phone MIUI prior 2021.01.26 information disclosure

A vulnerability was found in Xiaomi Mobile Phone MIUI (Smartphone Operating System) and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 2021.01.26 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI