Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Security Secret Server up to 10.8 SSL Certificate Validator weak authentication

A vulnerability was found in IBM Security Secret Server up to 10.8. It has been declared as problematic. This vulnerability affects some unknown functionality of the component SSL Certificate Validator. Upgrading to version 10.9 eliminates this...
Auteur: VulDB

IBM Security Secret Server 10.9 privilege escalation

A vulnerability was found in IBM Security Secret Server 10.9. It has been classified as critical. This affects an unknown functionality of the component Server. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

gon Gem up to 6.3.x on Ruby XSS Protection Mechanism json_dumper.rb escape_mode cross site scripting

A vulnerability was found in gon Gem up to 6.3.x on Ruby (Ruby Gem) and classified as problematic. Affected by this issue is an unknown function of the file json_dumper.rb of the component XSS Protection Mechanism. Upgrading to version 6.4.0...
Auteur: VulDB

YGOPro ygocore 13.51 Integer Overflow memory corruption

A vulnerability has been found in YGOPro ygocore 13.51 and classified as critical. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Liquibase Runner Plugin up to 1.4.7 on Jenkins Permission Check privilege escalation

A vulnerability, which was classified as critical, was found in Liquibase Runner Plugin up to 1.4.7 on Jenkins. Affected is an unknown code block of the component Permission Check. There is no information about possible countermeasures known. It...
Auteur: VulDB

Liquibase Runner Plugin up to 1.4.5 on Jenkins XML Parser XML External Entity

A vulnerability, which was classified as critical, has been found in Liquibase Runner Plugin up to 1.4.5 on Jenkins. This issue affects an unknown code of the component XML Parser. There is no information about possible countermeasures known. It...
Auteur: VulDB

Liquibase Runner Plugin up to 1.4.5 on Jenkins Changeset Content Stored cross site scripting

A vulnerability classified as problematic was found in Liquibase Runner Plugin up to 1.4.5 on Jenkins. This vulnerability affects an unknown part of the component Changeset Content Handler. There is no information about possible countermeasures...
Auteur: VulDB

Implied Labels Plugin up to 0.6 on Jenkins Permission Check privilege escalation

A vulnerability classified as critical has been found in Implied Labels Plugin up to 0.6 on Jenkins. This affects some unknown functionality of the component Permission Check. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Lockable Resources Plugin up to 2.8 on Jenkins cross site request forgery

A vulnerability was found in Lockable Resources Plugin up to 2.8 on Jenkins. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Warnings Plugin up to 5.0.1 on Jenkins cross site request forgery

A vulnerability was found in Warnings Plugin up to 5.0.1 on Jenkins. It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Script Security Plugin up to 1.74 on Jenkins Sandbox Code Execution

A vulnerability was found in Script Security Plugin up to 1.74 on Jenkins. It has been classified as critical. Affected is some unknown processing of the component Sandbox. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GE Digital APM Classic up to 4.4 Hash weak encryption

A vulnerability was found in GE Digital APM Classic up to 4.4 and classified as problematic. This issue affects an unknown code block of the component Hash Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

GE Digital APM Classic up to 4.4 JSON Download information disclosure

A vulnerability has been found in GE Digital APM Classic up to 4.4 and classified as problematic. This vulnerability affects an unknown code of the component JSON Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2020-AVI-593 : Multiples vulnérabilités dans Xen (23 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Xen. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

GLPI up to 9.4.x weak encryption [CVE-2020-11031]

A vulnerability, which was classified as problematic, was found in GLPI up to 9.4.x (Asset Management Software). This affects an unknown part. Upgrading to version 9.5.0 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-592 : Multiples vulnérabilités dans les produits Pulse Secure (23 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Pulse Secure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code...
Auteur: Cert FR

CERTFR-2020-AVI-591 : Vulnérabilité dans le noyau Linux de Red Hat (23 septembre 2020)

Une vulnérabilité a été découverte dans le noyau Linux de Red Hat. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

Aruba CX Switch prior 10.04.1000 Cisco Discovery Protocol denial of service

A vulnerability, which was classified as problematic, has been found in Aruba CX Switch. Affected by this issue is some unknown functionality of the component Cisco Discovery Protocol. Upgrading to version 10.04.1000 eliminates this vulnerability.
Auteur: VulDB

Aruba CX Switch prior 10.04.3021 Link Layer Discovery Protocol denial of service

A vulnerability classified as problematic was found in Aruba CX Switch. Affected by this vulnerability is an unknown functionality of the component Link Layer Discovery Protocol. Upgrading to version 10.04.3021 eliminates this vulnerability.
Auteur: VulDB

HPE Pay Per Use Utility Computing Service Meter 1.9 doPost() Code Execution directory traversal

A vulnerability classified as critical has been found in HPE Pay Per Use Utility Computing Service Meter 1.9. Affected is the function doPost(). There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

HPE Pay Per Use Utility Computing Service Meter 1.9 doGet() directory traversal

A vulnerability was found in HPE Pay Per Use Utility Computing Service Meter 1.9. It has been rated as problematic. This issue affects the function doGet(). There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

HPE Pay Per Use Utility Computing Service Meter 1.9 execute() directory traversal

A vulnerability was found in HPE Pay Per Use Utility Computing Service Meter 1.9. It has been declared as critical. This vulnerability affects the function execute(). There is no information about possible countermeasures known. It may be...
Auteur: VulDB

podman up to 2.0.4 Varlink API/REST API Environment Variable information disclosure

A vulnerability was found in podman up to 2.0.4. It has been classified as problematic. This affects an unknown code of the component Varlink API/REST API. Upgrading to version 2.0.5 eliminates this vulnerability.
Auteur: VulDB

ansible-engine up to 2.8.14/2.9.12 dnf Module weak authentication

A vulnerability was found in ansible-engine up to 2.8.14/2.9.12 and classified as critical. Affected by this issue is an unknown part of the component dnf Module. Upgrading to version 2.8.15 or 2.9.13 eliminates this vulnerability.
Auteur: VulDB

Wildfly Elytron up to 1.11.3.Final Form Authentication URL Session Fixation weak authentication

A vulnerability has been found in Wildfly Elytron up to 1.11.3.Final (Application Server Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component Form Authentication. There is no...
Auteur: VulDB
12345678910Last

Événements SSI