Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Cognos Analytics 11.0/11.1 Cache Data information disclosure

A vulnerability, which was classified as problematic, has been found in IBM Cognos Analytics 11.0/11.1 (Business Process Management Software). This issue affects an unknown function of the component Cache Data Handler. There is no information...
Auteur: VulDB

CERTFR-2020-AVI-481 : Vulnérabilité dans IBM WebSphere (03 août 2020)

Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

VMware Tanzu Application Service for VMs up to 2.7.18/2.8.12/2.9.6 App Autoscaler Credentials information disclosure

A vulnerability classified as problematic was found in VMware Tanzu Application Service for VMs up to 2.7.18/2.8.12/2.9.6. This vulnerability affects some unknown processing of the component App Autoscaler. Upgrading to version 2.7.19, 2.8.13 or...
Auteur: VulDB

VMware GemFire/Tanzu GemFire for VMs prior 9.10.0 JMX Service Remote Code Execution

A vulnerability was found in VMware GemFire and Tanzu GemFire for VMs. It has been rated as critical. Affected by this issue is an unknown code of the component JMX Service. Upgrading to version 9.10.0 eliminates this vulnerability.
Auteur: VulDB

RSA MFA Agent 2.0 on Windows weak authentication [CVE-2020-5384]

A vulnerability was found in RSA MFA Agent 2.0 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

tgstation-server 4.4.0/4.4.1 directory traversal [CVE-2020-16136]

A vulnerability was found in tgstation-server 4.4.0/4.4.1. It has been classified as problematic. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 Remote Code Execution

A vulnerability was found in Sonatype Nexus Repository Manager up to 3.25.0 and classified as critical. This issue affects an unknown functionality. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 cross site scripting

A vulnerability has been found in Sonatype Nexus Repository Manager up to 3.25.0 and classified as problematic. This vulnerability affects an unknown function. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 cross site scripting

A vulnerability, which was classified as problematic, was found in Sonatype Nexus Repository Manager up to 3.25.0. This affects some unknown processing. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

faye-websocket up to 0.10.x Certificate Verification Faye::WebSocket::Client TLS Certificate Man-in-the-Middle weak authentication

A vulnerability classified as problematic was found in faye-websocket up to 0.10.x. Affected by this vulnerability is the function Faye::WebSocket::Client of the component Certificate Verification. Upgrading to version 0.11.0 eliminates this...
Auteur: VulDB

October CMS up to 1.0.467 Cookie privilege escalation

A vulnerability classified as problematic has been found in October CMS up to 1.0.467 (Content Management System). Affected is an unknown part of the component Cookie Handler. Upgrading to version 1.0.468 eliminates this vulnerability.
Auteur: VulDB

grub2 up to 2.05 ext Filesystem Symlink memory corruption

A vulnerability was found in grub2 up to 2.05. It has been rated as critical. This issue affects some unknown functionality of the component ext Filesystem Handler. Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

grub2 up to 2.05 read_section_as_string() Font File Heap-based memory corruption

A vulnerability was found in grub2 up to 2.05. It has been declared as critical. This vulnerability affects the function read_section_as_string(). Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

FlexNet Publisher 11.14.0.2 Web Portal lmadmin.exe information disclosure

A vulnerability was found in FlexNet Publisher 11.14.0.2. It has been classified as problematic. This affects an unknown function of the file lmadmin.exe of the component Web Portal. There is no information about possible countermeasures known....
Auteur: VulDB

VMware GemFire/Tanzu GemFire for VMs bis JMX Service Remote Code Execution

A vulnerability was found in VMware GemFire and Tanzu GemFire for VMs bis and classified as critical. Affected by this issue is some unknown processing of the component JMX Service. Upgrading eliminates this vulnerability.
Auteur: VulDB

VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1 Kryo Codec Deserialization privilege escalation

A vulnerability classified as critical has been found in VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1. This affects an unknown code block of the component Kryo Codec. Upgrading to version 4.3.23, 5.1.12, 5.2.8 or 5.3.2 eliminates this...
Auteur: VulDB

Faye up to 1.3.x Certificate Verification EM::Connection#start_tls TLS Certificate Man-in-the-Middle weak authentication

A vulnerability, which was classified as problematic, has been found in Faye up to 1.3.x. Affected by this issue is the function EM::Connection#start_tls of the component Certificate Verification. Upgrading to version 1.4.0 eliminates this...
Auteur: VulDB

Huawei P30 prior 10.1.0.160(C00E160R2P11) Messages Memory Leak denial of service

A vulnerability has been found in Huawei P30 (Smartphone Operating System) and classified as problematic. Affected by this vulnerability is an unknown code block. Upgrading to version 10.1.0.160(C00E160R2P11) eliminates this vulnerability.
Auteur: VulDB

Huawei FusionComput 8.0.0 Authorization privilege escalation

A vulnerability, which was classified as critical, was found in Huawei FusionComput 8.0.0. Affected is an unknown code of the component Authorization. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Inductive Automation Ignition up to 8.0.12 information disclosure

A vulnerability, which was classified as problematic, has been found in Inductive Automation Ignition up to 8.0.12 (Automation Software). This issue affects an unknown part. Upgrading to version 8.0.13) eliminates this vulnerability.
Auteur: VulDB

Ansible Tower API Mail Address User information disclosure

A vulnerability classified as problematic was found in Ansible Tower (the affected version is unknown). This vulnerability affects some unknown functionality of the component API. There is no information about possible countermeasures known. It...
Auteur: VulDB

Red Hat Satellite 6 Cache File information disclosure

A vulnerability classified as problematic has been found in Red Hat Satellite 6. This affects an unknown functionality of the component Cache File Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Red Hat OpenStack Platform 16 Virtual Machine nova_libvirt privilege escalation

A vulnerability was found in Red Hat OpenStack Platform 16. It has been rated as critical. Affected by this issue is an unknown function in the library nova_libvirt of the component Virtual Machine. There is no information about possible...
Auteur: VulDB

Qualcomm PLC Firmware HPAV2 privilege escalation [CVE-2020-3681]

A vulnerability was found in Qualcomm PLC Firmware (Firmware Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component HPAV2 Handler. Upgrading eliminates...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface sql injection

A vulnerability was found in Cisco Data Center Network Manager (version unknown). It has been classified as critical. Affected is an unknown code block of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI