Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Web-School ERP up to 5.0 Voucher Payment create cross-site request forgery

A vulnerability has been found in Web-School ERP up to 5.0 (Enterprise Resource Planning Software) and classified as problematic. This vulnerability affects an unknown code block of the file module/accounting/voucher/create of the component...
Auteur: VulDB

Web-School ERP 5.0 Event name/description cross site scripting

A vulnerability, which was classified as problematic, was found in Web-School ERP 5.0 (Enterprise Resource Planning Software). This affects an unknown code of the component Event Handler. There is no information about possible countermeasures...
Auteur: VulDB

Web-School ERP up to 5.0 create student_leave_application cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Web-School ERP up to 5.0 (Enterprise Resource Planning Software). Affected by this issue is the function student_leave_application of the file...
Auteur: VulDB

Web-School ERP 5.0 Event name/description injection

A vulnerability classified as critical was found in Web-School ERP 5.0 (Enterprise Resource Planning Software). Affected by this vulnerability is some unknown functionality of the component Event Handler. There is no information about possible...
Auteur: VulDB

Nagios Network Analyzer up to 2.4.2 api/checks/read/ o[col] sql injection

A vulnerability classified as critical has been found in Nagios Network Analyzer up to 2.4.2 (Log Management Software). Affected is an unknown functionality of the file api/checks/read/. Upgrading to version 2.4.3 eliminates this vulnerability....
Auteur: VulDB

Nagios Network Analyzer up to 2.4.1 nagiosna/groups/queries cross site scripting

A vulnerability was found in Nagios Network Analyzer up to 2.4.1 (Log Management Software). It has been rated as problematic. This issue affects an unknown function of the file nagiosna/groups/queries. Upgrading to version 2.4.2 eliminates this...
Auteur: VulDB

IBM WebSphere Application Server 7.0/8.0/8.5 server-side request forgery

A vulnerability was found in IBM WebSphere Application Server 7.0/8.0/8.5 (Application Server Software). It has been declared as critical. This vulnerability affects some unknown processing. There is no information about possible countermeasures...
Auteur: VulDB

ESRI ArcGIS Online up to 10.8 onerror cross site scripting

A vulnerability was found in ESRI ArcGIS Online up to 10.8. It has been classified as problematic. This affects an unknown code block of the component onerror Handler. Upgrading to version 10.9 eliminates this vulnerability.
Auteur: VulDB

ASUS GPUTweak II prior 2.3.0.3 AsIO2_64.sys DeviceIoControl denial of service

A vulnerability was found in ASUS GPUTweak II and classified as problematic. Affected by this issue is the function DeviceIoControl in the library AsIO2_64.sys. Upgrading to version 2.3.0.3 eliminates this vulnerability.
Auteur: VulDB

ASUS GPUTweak II prior 2.3.0.3 Physical Memory AsIO2_64.sys Remote Privilege Escalation

A vulnerability has been found in ASUS GPUTweak II and classified as very critical. Affected by this vulnerability is an unknown part in the library AsIO2_64.sys of the component Physical Memory Handler. Upgrading to version 2.3.0.3 eliminates...
Auteur: VulDB

ClamAV Antivirus 0.103.0/0.103.1 PDF Parser buffer overflow

A vulnerability, which was classified as critical, was found in ClamAV Antivirus 0.103.0/0.103.1 (Anti-Malware Software). Affected is some unknown functionality of the component PDF Parser. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

ClamAV Antivirus up to 0.103.0 parsing module denial of service

A vulnerability, which was classified as problematic, has been found in ClamAV Antivirus up to 0.103.0 (Anti-Malware Software). This issue affects an unknown functionality of the component parsing module. Applying a patch is able to eliminate...
Auteur: VulDB

ClamAV Antivirus 0.103.0/0.103.1 Excel XLM Macro Parsing Module denial of service

A vulnerability classified as problematic was found in ClamAV Antivirus 0.103.0/0.103.1 (Anti-Malware Software). This vulnerability affects an unknown function of the component Excel XLM Macro Parsing Module. Applying a patch is able to eliminate...
Auteur: VulDB

Mitake Smart Stock Selection System URL the improper authentication

A vulnerability classified as critical has been found in Mitake Smart Stock Selection System (the affected version unknown). This affects some unknown processing of the component URL Handler. There is no information about possible countermeasures...
Auteur: VulDB

Cisco IOS XR CLI argument injection [CVE-2021-1485]

A vulnerability was found in Cisco IOS XR (Router Operating System) (affected version not known). It has been rated as critical. Affected by this issue is an unknown code block of the component CLI. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN vManage Software memory corruption [CVE-2021-1480]

A vulnerability was found in Cisco SD-WAN vManage Software (Network Management Software) (affected version unknown). It has been declared as very critical. Affected by this vulnerability is an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN vManage Software memory corruption [CVE-2021-1479]

A vulnerability was found in Cisco SD-WAN vManage Software (Network Management Software) (version unknown). It has been classified as very critical. Affected is an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Umbrella Scheduled Report csv injection [CVE-2021-1475]

A vulnerability was found in Cisco Umbrella (unknown version) and classified as critical. This issue affects some unknown functionality of the component Scheduled Report. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Umbrella Scheduled Report csv injection [CVE-2021-1474]

A vulnerability has been found in Cisco Umbrella (the affected version is unknown) and classified as critical. This vulnerability affects an unknown functionality of the component Scheduled Report. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Small Business RV Series Router Web-based Management Interface memory corruption

A vulnerability, which was classified as critical, was found in Cisco Small Business RV Series Router (Router Operating System) (the affected version unknown). This affects an unknown function of the component Web-based Management Interface....
Auteur: VulDB

Cisco Small Business RV Series Router Web-based Management Interface memory corruption

A vulnerability, which was classified as critical, has been found in Cisco Small Business RV Series Router (Router Operating System) (affected version not known). Affected by this issue is some unknown processing of the component Web-based...
Auteur: VulDB

Cisco Webex Meetings Client on Android Avatar access control

A vulnerability classified as critical was found in Cisco Webex Meetings Client on Android (Unified Communication Software) (affected version unknown). Affected by this vulnerability is an unknown code block of the component Avatar Handler....
Auteur: VulDB

Cisco Unified Intelligence Center Web-based Management Interface cross site scripting

A vulnerability classified as problematic has been found in Cisco Unified Intelligence Center (version unknown). Affected is an unknown code of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco RV110W/RV130/RV130W/RV215W Web-based Management Interface memory corruption

A vulnerability was found in Cisco RV110W, RV130, RV130W and RV215W (Router Operating System) (unknown version). It has been rated as very critical. This issue affects an unknown part of the component Web-based Management Interface. Upgrading...
Auteur: VulDB

CERTFR-2021-AVI-246 : Multiples vulnérabilités dans les produits Cisco (08 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR
12345678910Last

Événements SSI