Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Tianocore EDK II use after free [CVE-2019-14586]

A vulnerability has been found in Tianocore EDK II (the affected version is unknown) and classified as problematic. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Tianocore EDK II DxeImageVerificationHandler Local Privilege Escalation

A vulnerability, which was classified as problematic, was found in Tianocore EDK II (the affected version unknown). There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Tianocore EDK II Integer Truncation Local Privilege Escalation

A vulnerability, which was classified as problematic, has been found in Tianocore EDK II (affected version not known). Affected by this issue is an unknown code of the component Integer Truncation Handler. There is no information about possible...
Auteur: VulDB

MongoDB up to 3.4.18/3.6.9/4.0.4 recursion [CVE-2018-20803]

A vulnerability classified as problematic was found in MongoDB up to 3.4.18/3.6.9/4.0.4 (Database Software). Affected by this vulnerability is an unknown part. Upgrading to version 3.4.19, 3.6.10 or 4.0.5 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 4.4.0 Server Selection Subsystem handling of exceptional conditions

A vulnerability classified as problematic has been found in MongoDB up to 4.4.0 (Database Software). Affected is some unknown functionality of the component Server Selection Subsystem. Upgrading to version 4.4 or 4.4.1 eliminates this...
Auteur: VulDB

MongoDB up to 4.2.8/4.4.0-rc11 Role Name Parser denial of service

A vulnerability was found in MongoDB up to 4.2.8/4.4.0-rc11 (Database Software). It has been rated as problematic. This issue affects an unknown functionality of the component Role Name Parser. Upgrading to version 4.2.9 or 4.4.0-rc12 eliminates...
Auteur: VulDB

jsen Schema File Function.apply Remote Privilege Escalation

A vulnerability was found in jsen (the affected version is unknown). It has been declared as problematic. This vulnerability affects the function Function.apply of the component Schema File Handler. There is no information about possible...
Auteur: VulDB

CA Unified Infrastructure Management up to 20.1 on Windows Robot Controller Local Privilege Escalation

A vulnerability was found in CA Unified Infrastructure Management up to 20.1 on Windows. It has been classified as problematic. This affects some unknown processing of the component Robot Controller. Upgrading eliminates this vulnerability.
Auteur: VulDB

Hashicorp Consul/Consul Enterprise ACL permission [CVE-2020-28053]

A vulnerability was found in Hashicorp Consul and Consul Enterprise (affected version not known) and classified as problematic. Affected by this issue is an unknown code block of the component ACL Handler. Upgrading eliminates this vulnerability....
Auteur: VulDB

Security Onion up to 2.3.9 sudo so-setup access control

A vulnerability has been found in Security Onion up to 2.3.9 and classified as critical. Affected by this vulnerability is an unknown code of the file /home//SecurityOnion/setup/so-setup of the component sudo Handler. Upgrading to version 2.3.10...
Auteur: VulDB

OTRS up to 8.0.9 improper authentication [CVE-2020-1778]

A vulnerability, which was classified as critical, was found in OTRS up to 8.0.9 (Service Management Software). Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

MongoDB up to 3.6.14/4.0.12/4.2.0 use after free [CVE-2019-2393]

A vulnerability, which was classified as problematic, has been found in MongoDB up to 3.6.14/4.0.12/4.2.0 (Database Software). This issue affects some unknown functionality. Upgrading to version 3.6.15, 4.0.13 or 4.2.1 eliminates this...
Auteur: VulDB

MongoDB up to 3.6.19/4.0.19/4.2.8/4.4.0 Mod Operator integer overflow

A vulnerability classified as problematic was found in MongoDB up to 3.6.19/4.0.19/4.2.8/4.4.0 (Database Software). This vulnerability affects an unknown functionality of the component Mod Operator Handler. Upgrading to version 3.6.20, 4.0.20,...
Auteur: VulDB

MongoDB up to 4.2.1 IndexBoundsBuilder denial of service

A vulnerability classified as problematic has been found in MongoDB up to 4.2.1 (Database Software). This affects an unknown function of the component IndexBoundsBuilder. Upgrading to version 4.2.2 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 4.0.6 Javascript routine

A vulnerability was found in MongoDB up to 4.0.6 (Database Software). It has been rated as problematic. Affected by this issue is some unknown processing of the component Javascript Handler. Upgrading to version 4.0.7 eliminates this...
Auteur: VulDB

Tianocore EDK II DxeImageVerificationHandler denial of service

A vulnerability was found in Tianocore EDK II (affected version unknown). It has been declared as problematic. Affected by this vulnerability is the function DxeImageVerificationHandler. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Tianocore EDK II resource consumption [CVE-2019-14559]

A vulnerability was found in Tianocore EDK II (version unknown). It has been classified as problematic. Affected is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Tianocore EDK II information disclosure [CVE-2019-14553]

A vulnerability was found in Tianocore EDK II (unknown version) and classified as problematic. This issue affects an unknown part. Applying a patch is able to eliminate this problem.
Auteur: VulDB

MongoDB up to 3.6.9/4.0.4 denial of service [CVE-2018-20805]

A vulnerability has been found in MongoDB up to 3.6.9/4.0.4 (Database Software) and classified as problematic. This vulnerability affects some unknown functionality. Upgrading to version 3.6.10 or 4.0.5 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 3.6.12/4.0.9 applyOps Invocation denial of service

A vulnerability, which was classified as problematic, was found in MongoDB up to 3.6.12/4.0.9 (Database Software). This affects an unknown functionality of the component applyOps Invocation Handler. Upgrading to version 3.6.13 or 4.0.10...
Auteur: VulDB

MongoDB up to 3.6.8/4.0.2 QueryPlanner denial of service

A vulnerability, which was classified as problematic, has been found in MongoDB up to 3.6.8/4.0.2 (Database Software). Affected by this issue is an unknown function of the component QueryPlanner. Upgrading to version 3.6.9 or 4.0.3 eliminates...
Auteur: VulDB

CERTFR-2020-ACT-013 : Bulletin d’actualité CERTFR-2020-ACT-013 (23 novembre 2020)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

Barco wePresent WiPG-1600W 2.4.1.19/2.5.0.24/2.5.0.25/2.5.1.8 Firmware Update improper validation of integrity check value

A vulnerability classified as very critical was found in Barco wePresent WiPG-1600W 2.5.1.8/2.5.0.25/2.5.0.24/2.4.1.19. Affected by this vulnerability is some unknown processing of the component Firmware Update Handler. Upgrading to version...
Auteur: VulDB

Barco wePresent WiPG-1600W 2.4.1.19/2.5.0.24/2.5.0.25/2.5.1.8 SSH hard-coded credentials

A vulnerability classified as very critical has been found in Barco wePresent WiPG-1600W 2.5.1.8/2.5.0.25/2.5.0.24/2.4.1.19. Affected is an unknown code block of the component SSH. Upgrading to version 2.5.3.12 eliminates this vulnerability.
Auteur: VulDB

Barco wePresent WiPG-1600W 2.5.1.8 Web UI /cgi-bin/return.cgi access control

A vulnerability was found in Barco wePresent WiPG-1600W 2.5.1.8. It has been rated as critical. This issue affects an unknown code of the file /cgi-bin/return.cgi of the component Web UI. Upgrading to version 2.5.3.12 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI