Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

BigBlueButton up to 2.2.27 Content-Type Header cross site scripting

A vulnerability has been found in BigBlueButton up to 2.2.27 and classified as problematic. Affected by this vulnerability is an unknown code block of the component Content-Type Header Handler. Upgrading to version 2.2.28 eliminates this...
Auteur: VulDB

BigBlueButton up to 2.2.27 Mute information disclosure

A vulnerability, which was classified as problematic, was found in BigBlueButton up to 2.2.27. Affected is an unknown code of the component Mute Handler. Upgrading to version 2.2.28 eliminates this vulnerability.
Auteur: VulDB

BigBlueButton up to 2.2.7 Session Cookie missing secure attribute

A vulnerability, which was classified as problematic, has been found in BigBlueButton up to 2.2.7. This issue affects an unknown part of the component Session Cookie Handler. Upgrading to version 2.2.8 eliminates this vulnerability.
Auteur: VulDB

BigBlueButton up to 2.2.8 Ghostscript sandbox

A vulnerability classified as critical was found in BigBlueButton up to 2.2.8. This vulnerability affects some unknown functionality of the component Ghostscript. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

BigBlueButton up to 2.2 LibreOffice Sandbox bigbluebutton.properties sandbox

A vulnerability classified as critical has been found in BigBlueButton up to 2.2. This affects an unknown functionality of the file bigbluebutton.properties of the component LibreOffice Sandbox. Upgrading to version 2.3 eliminates this...
Auteur: VulDB

BigBlueButton up to 2.2.6 LibreOffice Document unknown vulnerability

A vulnerability was found in BigBlueButton up to 2.2.6. It has been rated as problematic. Affected by this issue is an unknown function of the component LibreOffice Document Handler. Upgrading to version 2.2.7 eliminates this vulnerability.
Auteur: VulDB

BigBlueButton up to 2.2.6 Office Document server-side request forgery

A vulnerability was found in BigBlueButton up to 2.2.6. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Office Document Handler. Upgrading to version 2.2.7 eliminates this vulnerability.
Auteur: VulDB

Acronis True Image 2021 ACL C:\ProgramData\Acronis permission assignment

A vulnerability was found in Acronis True Image 2021. It has been classified as very critical. Affected is an unknown code block of the file C:\ProgramData\Acronis of the component ACL Handler. There is no information about possible...
Auteur: VulDB

Acronis True Image 2021 OpenSSL openssl.cnf access control

A vulnerability was found in Acronis True Image 2021 and classified as very critical. This issue affects an unknown code of the file openssl.cnf of the component OpenSSL. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Acronis Cyber Backup/Cyber Protect OpenSSL openssl.cnf access control

A vulnerability has been found in Acronis Cyber Backup and Cyber Protect (Backup Software) (the affected version is unknown) and classified as very critical. This vulnerability affects an unknown part of the file openssl.cnf of the component...
Auteur: VulDB

Mozilla Firefox up to 81.x External Protocol memory corruption

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 81.x (Web Browser). This affects some unknown functionality of the component External Protocol Handler. Upgrading to version 82.0 eliminates this vulnerability.
Auteur: VulDB

Mozilla Firefox up to 81.x External Protocol improper restriction of rendered ui layers

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 81.x (Web Browser). Affected by this issue is an unknown functionality of the component External Protocol Handler. Upgrading to version 82.0 eliminates...
Auteur: VulDB

Mozilla Firefox up to 81.x WASM Thread denial of service

A vulnerability classified as problematic was found in Mozilla Firefox up to 81.x (Web Browser). Affected by this vulnerability is an unknown function of the component WASM Thread Handler. Upgrading to version 82.0 eliminates this vulnerability.
Auteur: VulDB

Mozilla Firefox up to 81.x Image Tag information disclosure

A vulnerability classified as problematic has been found in Mozilla Firefox up to 81.x (Web Browser). Affected is some unknown processing of the component Image Tag Handler. Upgrading to version 82.0 eliminates this vulnerability.
Auteur: VulDB

Mozilla Firefox up to 81.x Crossbeam Rust Crate Vec::from_iter memory corruption

A vulnerability was found in Mozilla Firefox up to 81.x (Web Browser). It has been rated as critical. This issue affects the function Vec::from_iter of the component Crossbeam Rust Crate. Upgrading to version 82.0 eliminates this vulnerability.
Auteur: VulDB

Mozilla Firefox up to 81.x usersctp use after free

A vulnerability was found in Mozilla Firefox up to 81.x (Web Browser). It has been declared as critical. This vulnerability affects an unknown code of the component usersctp. Upgrading to version 82.0 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-671 : Multiples vulnérabilités dans les produits Cisco (22 octobre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2020-AVI-670 : Multiples vulnérabilités dans Mozilla Thunderbird (22 octobre 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-669 : Vulnérabilité dans Juniper Junos OS (22 octobre 2020)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-668 : Multiples vulnérabilités dans le noyau Linux de SUSE (22 octobre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

Mozilla Firefox/Firefox ESR prior 78.4 memory corruption [CVE-2020-15683]

A vulnerability was found in Mozilla Firefox and Firefox ESR (Web Browser). It has been classified as critical. This affects an unknown part. Upgrading to version 78.4 eliminates this vulnerability.
Auteur: VulDB

Mozilla Firefox ESR up to 78.3 usersctp use after free

A vulnerability was found in Mozilla Firefox ESR up to 78.3 (Web Browser) and classified as critical. Affected by this issue is some unknown functionality of the component usersctp. Upgrading to version 78.4 eliminates this vulnerability.
Auteur: VulDB

VU#208577: Chocolatey Boxstarter vulnerable to privilege escalation due to weak ACLs

Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter...
Auteur: US Cert

Portabilité : un évènement pour développer les droits et les usages

La CNIL propose un événement dédié au droit à la portabilité, le lundi 23 novembre 2020 de 14 h00 à 17 h 30, afin de faire le bilan des pratiques et d’apporter de nouvelles pistes de solutions technologiques sur ce droit prévu par le RGPD.
Auteur: Cnil

Oracle VM VirtualBox up to 6.1.15 denial of service [CVE-2020-14892]

A vulnerability has been found in Oracle VM VirtualBox up to 6.1.15 (Virtualization Software) and classified as critical. Affected by this vulnerability is an unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation...
Auteur: VulDB
First399400401402403404405406407408Last

Événements SSI