Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Doctor Appointment System 1.0 contactus.php lastname cross site scripting

A vulnerability, which was classified as problematic, has been found in Doctor Appointment System 1.0 (Appointment Software). Affected by this issue is an unknown code of the file contactus.php. There is no information about possible...
Auteur: VulDB

Doctor Appointment System 1.0 contactus.php comment cross site scripting

A vulnerability classified as problematic was found in Doctor Appointment System 1.0 (Appointment Software). Affected by this vulnerability is an unknown part of the file contactus.php. There is no information about possible countermeasures...
Auteur: VulDB

EPrints 3.4.2 cgi/toolbox/toolbox verb Remote Privilege Escalation

A vulnerability classified as critical has been found in EPrints 3.4.2. Affected is some unknown functionality of the file cgi/toolbox/toolbox. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

EPrints 3.4.2 JSON cgi/ajax/phrase Remote Privilege Escalation

A vulnerability was found in EPrints 3.4.2. It has been rated as critical. This issue affects an unknown functionality of the file cgi/ajax/phrase of the component JSON Handler. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

EPrints 3.4.2 cgi/dataset_dictionary dataset cross site scripting

A vulnerability was found in EPrints 3.4.2. It has been declared as problematic. This vulnerability affects an unknown function of the file cgi/dataset_dictionary. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

EPrints 3.4.2 Latex cgi/cal os command injection

A vulnerability was found in EPrints 3.4.2. It has been classified as critical. This affects some unknown processing of the file cgi/cal?year of the component Latex Handler. Applying a patch is able to eliminate this problem. The bugfix is ready...
Auteur: VulDB

EPrints 3.4.2 cgi/cal cross site scripting

A vulnerability was found in EPrints 3.4.2 and classified as problematic. Affected by this issue is an unknown code block of the file cgi/cal. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

object-collider 1.0.0/1.0.1/1.0.2/1.0.3 Prototype code injection

A vulnerability has been found in object-collider 1.0.0/1.0.1/1.0.2/1.0.3 and classified as critical. Affected by this vulnerability is an unknown code of the component Prototype Handler. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.0.21 Server Module Remote Privilege Escalation

A vulnerability, which was classified as critical, was found in ONLYOFFICE DocumentServer up to 5.6.0.21. Affected is an unknown part of the component Server Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 6.0.0 Core Module heap-based overflow

A vulnerability, which was classified as critical, has been found in ONLYOFFICE DocumentServer up to 6.0.0. This issue affects some unknown functionality of the component Core Module. There is no information about possible countermeasures known....
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Core Module Remote Privilege Escalation

A vulnerability classified as critical was found in ONLYOFFICE DocumentServer up to 5.6.3. This vulnerability affects an unknown functionality of the component Core Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.4 Core Module Remote Privilege Escalation

A vulnerability classified as critical has been found in ONLYOFFICE DocumentServer up to 5.6.4. This affects an unknown function of the component Core Module. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Code Module denial of service

A vulnerability was found in ONLYOFFICE DocumentServer up to 5.6.3. It has been rated as problematic. Affected by this issue is some unknown processing of the component Code Module. There is no information about possible countermeasures known. It...
Auteur: VulDB

VMware Spring-integration-zip up to 1.0.3 Incomplete Fix CVE-2018-1263 path traversal

A vulnerability was found in VMware Spring-integration-zip up to 1.0.3. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Incomplete Fix CVE-2018-1263. Upgrading to version 1.0.4 eliminates...
Auteur: VulDB

Dell EMC SRS Policy Manager 6.x XML Parser xml external entity reference

A vulnerability was found in Dell EMC SRS Policy Manager 6.x (Policy Management Software). It has been classified as critical. Affected is an unknown code of the component XML Parser. There is no information about possible countermeasures known....
Auteur: VulDB

Dell EMC SourceOne up to 7.2SP10 cross site scripting [CVE-2021-21515]

A vulnerability was found in Dell EMC SourceOne up to 7.2SP10 and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Apache AsterixDB UDF Deployment path traversal [CVE-2020-9479]

A vulnerability has been found in Apache AsterixDB (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component UDF Deployment Handler. Applying the patch...
Auteur: VulDB

MongoDB up to 3.6.20/4.0.19 Regex denial of service

A vulnerability, which was classified as problematic, was found in MongoDB up to 3.6.20/4.0.19 (Database Software). This affects an unknown functionality of the component Regex Handler. Upgrading to version 3.6.21 or 4.0.20 eliminates this...
Auteur: VulDB

Crowd up to 4.0.3/4.1.1 ResourceDownloadRewriteRule path traversal

A vulnerability, which was classified as critical, has been found in Crowd up to 4.0.3/4.1.1. Affected by this issue is the function ResourceDownloadRewriteRule. Upgrading to version 4.0.4 or 4.1.2 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 3.6.10/4.0.5 Generic Explain Command denial of service

A vulnerability classified as problematic was found in MongoDB up to 3.6.10/4.0.5 (Database Software). Affected by this vulnerability is some unknown processing of the component Generic Explain Command Handler. Upgrading to version 3.6.11 or...
Auteur: VulDB

Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 Incomplete Fix CVE-2020-9484 deserialization

A vulnerability classified as critical has been found in Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 (Application Server Software). Affected is an unknown code block of the component Incomplete Fix CVE-2020-9484.
Auteur: VulDB

Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 h2c Connection information disclosure

A vulnerability was found in Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 (Application Server Software). It has been rated as problematic. This issue affects an unknown code of the component h2c Connection Handler. There is no information about...
Auteur: VulDB

CERTFR-2021-ACT-009 : Bulletin d’actualité CERTFR-2021-ACT-009 (01 mars 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-AVI-152 : Multiples vulnérabilités dans Citrix Hypervisor (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service. Précision : la vulnérabilité est exploitable depuis une machine virtuelle et permet de provoquer un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-151 : Multiples vulnérabilités dans mongoDB et mongoDB Ops Manager (01 mars 2021)

De multiples vulnérabilités ont été découvertes dans mongoDB et mongoDB Ops Manager. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR
12345678910Last

Événements SSI