Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Backdoor.Win32.Burbul.b Service Port 2121 missing authentication

A vulnerability was found in Backdoor.Win32.Burbul.b (Remote Access Software) (version unknown). It has been classified as critical. Affected is an unknown code of the component Service Port 2121. It is possible to mitigate the weakness by...
Auteur: VulDB

Backdoor.Win32.Indexer.a Service Port 47885 denial of service

A vulnerability was found in Backdoor.Win32.Indexer.a (Remote Access Software) (unknown version) and classified as problematic. This issue affects an unknown part of the component Service Port 47885. Addressing this vulnerability is possible by...
Auteur: VulDB

Backdoor.Win32.Indexer.a on TCP Service Port 47885 hard-coded credentials

A vulnerability has been found in Backdoor.Win32.Indexer.a on TCP (Remote Access Software) (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component Service Port 47885....
Auteur: VulDB

Backdoor.Win32.Bifrose.ahvb C:\Temp permission

A vulnerability, which was classified as critical, was found in Backdoor.Win32.Bifrose.ahvb (Remote Access Software) (the affected version unknown). This affects an unknown functionality of the file C:\Temp. There is no information about possible...
Auteur: VulDB

Backdoor.Win32.Azbreg.aant C:\RECYCLER permission

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.Azbreg.aant (Remote Access Software) (affected version not known). Affected by this issue is an unknown function of the file C:\RECYCLER. There is no information...
Auteur: VulDB

Backdoor.Win32.Cabrotor.21 C:\ROBADO permission

A vulnerability classified as critical was found in Backdoor.Win32.Cabrotor.21 (Remote Access Software) (affected version unknown). Affected by this vulnerability is some unknown processing of the file C:\ROBADO. There is no information about...
Auteur: VulDB

Trojan-Spy.Win32.WinSpy.wlt Service Port 443 dlink.exe permission

A vulnerability classified as critical has been found in Trojan-Spy.Win32.WinSpy.wlt (version unknown). Affected is an unknown code block of the file dlink.exe of the component Service Port 443. There is no information about possible...
Auteur: VulDB

Backdoor.Win32.Cafeini.08.b Service Port 51966 improper authentication

A vulnerability was found in Backdoor.Win32.Cafeini.08.b (Remote Access Software) (unknown version). It has been rated as critical. This issue affects an unknown code of the component Service Port 51966. Addressing this vulnerability is possible...
Auteur: VulDB

Backdoor.Win32.Backlash.101 1.0 Alpha Service Port 11831 d3d8thk.exe improper authentication

A vulnerability was found in Backdoor.Win32.Backlash.101 1.0 Alpha (Remote Access Software). It has been declared as critical. This vulnerability affects an unknown part of the file d3d8thk.exe of the component Service Port 11831. Proper...
Auteur: VulDB

Nagios XI up to 5.6 Web System graphtemplates.php code injection

A vulnerability was found in Nagios XI up to 5.6 (Log Management Software). It has been classified as critical. This affects some unknown functionality of the file /nagiosxi/admin/graphtemplates.php of the component Web System. Upgrading to...
Auteur: VulDB

Adobe Bridge up to 11.0 TTF File out-of-bounds write

A vulnerability was found in Adobe Bridge up to 11.0 and classified as critical. Affected by this issue is an unknown functionality of the component TTF File Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Bridge up to 11.0 TTF File out-of-bounds write

A vulnerability has been found in Adobe Bridge up to 11.0 and classified as critical. Affected by this vulnerability is an unknown function of the component TTF File Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Magento UPWARD-php/UPWARD Connector YAML File path traversal

A vulnerability, which was classified as problematic, was found in Magento UPWARD-php and UPWARD Connector (Programming Language Software) (version unknown). Affected is some unknown processing of the component YAML File Handler. There is no...
Auteur: VulDB

openSUSE cyrus-sasl up to 2.1.27-4.2 temp file [CVE-2020-8032]

A vulnerability, which was classified as critical, has been found in openSUSE cyrus-sasl up to 2.1.27-4.2. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Dropbear up to 2020.78 Filename scp.c unknown vulnerability

A vulnerability classified as problematic was found in Dropbear up to 2020.78 (SSH Server Software). This vulnerability affects an unknown code of the file scp.c of the component Filename Handler. Upgrading to version 2020.79 eliminates this...
Auteur: VulDB

comrak Crate up to 0.9.0 on Rust cross site scripting [CVE-2021-27671]

A vulnerability classified as problematic has been found in comrak Crate up to 0.9.0 on Rust (Rust Package). This affects an unknown part. Upgrading to version 0.9.1 eliminates this vulnerability.
Auteur: VulDB

Appspace 6.2.4 jsonprequest url server-side request forgery

A vulnerability was found in Appspace 6.2.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file api/v1/core/proxy/jsonprequest. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2021-ALE-003 : Vulnérabilité dans VMWare vCenter Server (25 février 2021)

Le 23 février 2021, WMware a publié un avis de sécurité concernant trois vulnérabilités (cf. section documentation). La vulnérabilité CVE-2021-21972 est la plus critique. Elle permet une exécution de code arbitraire à distance par un attaquant...
Auteur: Cert FR

CERTFR-2021-AVI-147 : Multiples vulnérabilités dans les produits Cisco (25 février 2021)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

CERTFR-2021-AVI-146 : Multiples vulnérabilités dans F5 BIG-IP (25 février 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

Cisco AnyConnect Secure Mobility Client Interprocess Communication denial of service

A vulnerability was found in Cisco AnyConnect Secure Mobility Client (Network Encryption Software) (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component...
Auteur: VulDB

Cisco Application Services Engine missing authentication [CVE-2021-1396]

A vulnerability was found in Cisco Application Services Engine (version unknown). It has been classified as critical. Affected is an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Application Services Engine missing authentication [CVE-2021-1393]

A vulnerability was found in Cisco Application Services Engine (unknown version) and classified as critical. This issue affects some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco ACI Multi-Site Orchestrator API Endpoint privileges management

A vulnerability has been found in Cisco ACI Multi-Site Orchestrator (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code block of the component API Endpoint. Upgrading eliminates this...
Auteur: VulDB

Cisco NX-OS IPv6 memory leak [CVE-2021-1387]

A vulnerability, which was classified as critical, was found in Cisco NX-OS (Router Operating System) (the affected version unknown). This affects an unknown code of the component IPv6 Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI