Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Adobe Genuine Service up to 6.6 uncontrolled search path [CVE-2020-9667]

A vulnerability was found in Adobe Genuine Service up to 6.6. It has been classified as critical. This affects an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

QNAP QTS Multimedia Console/Media Streaming Add-on sql injection

A vulnerability was found in QNAP QTS (Network Attached Storage Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code of the component Multimedia Console/Media Streaming Add-on. Upgrading...
Auteur: VulDB

QNAP QTS/QuTS Hero command injection [CVE-2020-2509]

A vulnerability has been found in QNAP QTS and QuTS Hero (Network Attached Storage Software) (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

IBM Spectrum Protect 7.1/8.1 Command Parser stack-based overflow

A vulnerability, which was classified as critical, was found in IBM Spectrum Protect 7.1/8.1 (Backup Software). Affected is some unknown functionality of the component Command Parser. There is no information about possible countermeasures known....
Auteur: VulDB

vscode-bazel up to 0.4.0 JSON Config File file inclusion

A vulnerability, which was classified as problematic, has been found in vscode-bazel up to 0.4.0. This issue affects an unknown functionality of the component JSON Config File Handler. Upgrading to version 0.4.1 eliminates this vulnerability....
Auteur: VulDB

CERTFR-2021-AVI-279 : Multiples vulnérabilités dans Microsoft Edge (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-278 : Multiples vulnérabilités dans le noyau Linux de SUSE (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-277 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-276 : Multiples vulnérabilités dans Google Chrome (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-275 : Multiples vulnérabilités dans F5 BIG-IP et BIG-IQ (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP et BIG-IQ. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2021-AVI-274 : Multiples vulnérabilités dans les produits Qnap (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-273 : Multiples vulnérabilités dans Junos OS (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Junos OS. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Auteur: Cert FR

vscode-rpm-spec Extension up to 0.3.1 on Visual Studio Workspace Configuration Remote Code Execution

A vulnerability classified as problematic was found in vscode-rpm-spec Extension up to 0.3.1 on Visual Studio. This vulnerability affects an unknown function of the component Workspace Configuration Handler. Upgrading to version 0.3.2 eliminates...
Auteur: VulDB

Tenda G1/G3 umountUSBPartition formSetUSBPartitionUmount os command injection

A vulnerability classified as critical has been found in Tenda G1 and G3 (the affected version unknown). This affects the function formSetUSBPartitionUmount of the file action/umountUSBPartition. There is no information about possible...
Auteur: VulDB

Tenda G0/G1/G3 action/setDebugCfg formSetDebugCfg os command injection

A vulnerability was found in Tenda G0, G1 and G3 (affected version not known). It has been rated as critical. Affected by this issue is the function formSetDebugCfg of the file action/setDebugCfg. There is no information about possible...
Auteur: VulDB

Atlassian Connect Spring Boot up to 2.1.2 Lifecycle Endpoint improper authentication

A vulnerability was found in Atlassian Connect Spring Boot up to 2.1.2. It has been declared as critical. Affected by this vulnerability is an unknown code of the component Lifecycle Endpoint. Upgrading to version 2.1.3 eliminates this...
Auteur: VulDB

Atlassian Connect Express up to 6.5.x Lifecycle Endpoint improper authentication

A vulnerability was found in Atlassian Connect Express up to 6.5.x. It has been classified as critical. Affected is an unknown part of the component Lifecycle Endpoint. Upgrading to version 6.6.0 eliminates this vulnerability.
Auteur: VulDB

Synology QTS/QuTS Hero/QuTScloud File Station cross site scripting

A vulnerability was found in Synology QTS, QuTS Hero and QuTScloud (Cloud Software) (unknown version) and classified as problematic. This issue affects some unknown functionality of the component File Station. Upgrading eliminates this...
Auteur: VulDB

Wfilter ICF up to 5.0.117 User-Agent Header cross site scripting

A vulnerability has been found in Wfilter ICF up to 5.0.117 and classified as problematic. This vulnerability affects an unknown functionality of the component User-Agent Header Handler. There is no information about possible countermeasures...
Auteur: VulDB

dio Package 4.0.0 on Dart HTTP Method injection

A vulnerability, which was classified as critical, was found in dio Package 4.0.0 on Dart. This affects an unknown function of the component HTTP Method Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Apache OpenOffice up to 4.1.9 Hyperlink Remote Code Execution

A vulnerability, which was classified as critical, has been found in Apache OpenOffice up to 4.1.9 (Office Suite Software). Affected by this issue is some unknown processing of the component Hyperlink Handler. Upgrading to version 4.1.10...
Auteur: VulDB

WordPress up to 5.7.0 Editor information disclosure

A vulnerability classified as problematic was found in WordPress up to 5.7.0 (Content Management System). Affected by this vulnerability is an unknown code block of the component Editor. Upgrading to version 5.7.1 eliminates this vulnerability.
Auteur: VulDB

Pi-hole Admin Portal cross site scripting [CVE-2021-29448]

A vulnerability classified as problematic has been found in Pi-hole (version unknown). Affected is an unknown code of the component Admin Portal. Applying a patch is able to eliminate this problem.
Auteur: VulDB

WordPress up to 5.7.0 Media Library Parser xml external entity reference

A vulnerability was found in WordPress up to 5.7.0 (Content Management System). It has been rated as critical. This issue affects an unknown part of the component Media Library Parser. Upgrading to version 5.7.1 eliminates this vulnerability.
Auteur: VulDB

Matrix Sydent up to 2.2.0 resource consumption [CVE-2021-29433]

A vulnerability was found in Matrix Sydent up to 2.2.0. It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading to version 2.3.0 eliminates this vulnerability. Applying a patch is able to eliminate...
Auteur: VulDB
12345678910Last

Événements SSI