Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Pacemaker up to 1.1.23/2.0.5-rc1 ACL access control

A vulnerability classified as critical was found in Pacemaker up to 1.1.23/2.0.5-rc1. This vulnerability affects an unknown part of the component ACL Handler. Upgrading to version 1.1.24-rc1 or 2.0.5-rc2 eliminates this vulnerability.
Auteur: VulDB

Wildfly up to 20.x Resource Adapter log file

A vulnerability classified as problematic has been found in Wildfly up to 20.x (Application Server Software). This affects some unknown functionality of the component Resource Adapter. Upgrading to version 21.0.0.Final eliminates this...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 News Edit id sql injection

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been rated as critical. Affected by this issue is an unknown functionality of the component News Edit Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 editor_name cross site scripting

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about possible...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 Session Cookie cookie without 'httponly' flag

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been classified as problematic. Affected is some unknown processing of the component Session Cookie Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 User cross-site request forgery

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software) and classified as problematic. This issue affects an unknown code block of the component User Handler. There is no information about possible...
Auteur: VulDB

RTA 499ES EtherNet-IP Adaptor Source Code stack-based buffer overflow

A vulnerability has been found in RTA 499ES EtherNet-IP Adaptor Source Code (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

MicroStrategy up to 10.4/2019 Update 5/2020 Update 1 PDF Generator server-side request forgery

A vulnerability, which was classified as critical, was found in MicroStrategy up to 10.4/2019 Update 5/2020 Update 1. This affects an unknown part of the component PDF Generator. Upgrading to version 10.4, 2019 Update 6 or 2020 Update 2...
Auteur: VulDB

Apache Unomi up to 1.5.1 Endpoint /context.json injection

A vulnerability, which was classified as critical, has been found in Apache Unomi up to 1.5.1. Affected by this issue is some unknown functionality of the file /context.json of the component Endpoint Handler. Upgrading to version 1.5.2 eliminates...
Auteur: VulDB

FASTGate FGA2130FWB up to 2020-05-26 Admin Web Panel cross-site request forgery

A vulnerability classified as problematic was found in FASTGate FGA2130FWB up to 2020-05-26. Affected by this vulnerability is an unknown functionality of the component Admin Web Panel. There is no information about possible countermeasures...
Auteur: VulDB

Heketi up to 10.0.x log file [CVE-2020-10763]

A vulnerability classified as problematic has been found in Heketi up to 10.0.x. Affected is an unknown function. Upgrading to version 10.1.0 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Auteur: VulDB

gluster-block up to 0.5.0 CLI cmd_history.log log file

A vulnerability was found in gluster-block up to 0.5.0. It has been rated as problematic. This issue affects some unknown processing of the file cmd_history.log of the component CLI Handler. Upgrading to version 0.5.1 eliminates this...
Auteur: VulDB

TOTOLINK A850R-V1/F1-V2 Management Interface formSysCmd/sysCmd backdoor

A vulnerability was found in TOTOLINK A850R-V1 and F1-V2 (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block of the component Management Interface. There is no information about...
Auteur: VulDB

TOTOLINK A850R-V1/F1-V2 Web Management Interface access control

A vulnerability was found in TOTOLINK A850R-V1 and F1-V2 (the affected version unknown). It has been classified as critical. This affects an unknown code of the component Web Management Interface. There is no information about possible...
Auteur: VulDB

Exercice des droits via un mandat : la CNIL lance une consultation publique sur son projet de recommandation

Par le biais d’un mandat, une personne peut désigner une société afin que celle-ci exerce ses droits à sa place. Afin de clarifier le cadre applicable, la CNIL propose une consultation publique sur un projet de recommandation.
Auteur: Cnil

CERTFR-2020-ALE-024 : Vulnérabilité dans les produits VMware (24 novembre 2020)

Une vulnérabilité a été découverte dans l'interface d'administration des produits Workspace One Access, Workspace One Access Connector, Identity Manager et Identity Manager Connector qui regroupent plusieurs fonctionnalités de sécurité...
Auteur: Cert FR

CERTFR-2020-AVI-771 : Vulnérabilité dans les produits VMware (24 novembre 2020)

Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-770 : Multiples vulnérabilités dans le noyau Linux de Red Hat (24 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

MongoDB up to 3.4.23/3.6.14/4.0.12/4.2.0 Message Decompressor denial of service

A vulnerability was found in MongoDB up to 3.4.23/3.6.14/4.0.12/4.2.0 (Database Software) and classified as problematic. Affected by this issue is an unknown part of the component Message Decompressor. Upgrading to version 3.4.24, 3.6.15, 4.0.13...
Auteur: VulDB

CERTFR-2020-AVI-769 : Multiples vulnérabilités dans le noyau Linux de SUSE (24 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à...
Auteur: Cert FR

Seiko Epson Product untrusted search path [CVE-2020-5674]

A vulnerability has been found in Seiko Epson Product (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Netgear GS108Ev3 up to 2.06.10 cross-site request forgery [CVE-2020-5641]

A vulnerability, which was classified as problematic, was found in Netgear GS108Ev3 up to 2.06.10 (Router Operating System). Affected is an unknown functionality. Upgrading to version 2.06.14 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

PollNY Extension up to 1.35 on MediaWiki Answer Option cross site scripting

A vulnerability, which was classified as problematic, has been found in PollNY Extension up to 1.35 on MediaWiki (Survey Software). This issue affects an unknown function of the component Answer Option Handler. There is no information about...
Auteur: VulDB

CologneBlue Skin up to 1.35 on MediaWiki qbfind Message CologneBlueTemplate.php cross site scripting

A vulnerability classified as problematic was found in CologneBlue Skin up to 1.35 on MediaWiki. This vulnerability affects some unknown processing of the file includes/CologneBlueTemplate.php of the component qbfind Message Handler. There is no...
Auteur: VulDB

Gitea up to 1.12.5 repo_form.go ParseRemoteAddr encoding error

A vulnerability classified as critical has been found in Gitea up to 1.12.5. This affects an unknown code block of the file modules/auth/repo_form.go. Upgrading to version 1.12.6 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB
12345678910Last

Événements SSI