Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Shotcut up to 20.09.12 TLS mainwindow.cpp VerifyNone) Man-in-the-Middle weak authentication

A vulnerability, which was classified as problematic, was found in Shotcut up to 20.09.12. Affected is the function setPeerVerifyMode(QSslSocket::VerifyNone) of the file mainwindow.cpp of the component TLS Handler. Upgrading to version 20.09.13...
Auteur: VulDB

Arista CloudVision Portal up to 2020.1 Configlet Management File Download information disclosure

A vulnerability, which was classified as problematic, has been found in Arista CloudVision Portal up to 2020.1. This issue affects some unknown functionality of the component Configlet Management. Upgrading to version 2020.2 eliminates this...
Auteur: VulDB

Verint Workforce Optimization 15.1 API information disclosure

A vulnerability classified as problematic was found in Verint Workforce Optimization 15.1. This vulnerability affects an unknown functionality of the component API. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Liferay Portal/Liferay DXP Multipart Form denial of service [CVE-2020-15839]

A vulnerability classified as problematic has been found in Liferay Portal and Liferay DXP (the affected version unknown). This affects an unknown function of the component Multipart Form Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 TXT File Module denial of service

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6. It has been rated as problematic. Affected by this issue is some unknown processing of the component TXT File Module. There is no information about possible countermeasures known. It...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 Autoreply directory traversal

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Autoreply. There is no information about possible countermeasures known. It...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 Database Connection Argument privilege escalation

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6. It has been classified as critical. Affected is an unknown code of the component Database Connection. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 CSV Export CSV Injection privilege escalation

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6 and classified as critical. This issue affects an unknown part of the component CSV Export. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 cross site request forgery

A vulnerability has been found in Ozeki NG SMS Gateway up to 4.17.6 and classified as problematic. This vulnerability affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 GET Parameter Stored cross site scripting

A vulnerability, which was classified as problematic, was found in Ozeki NG SMS Gateway up to 4.17.6. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 SMS WCF/RSS to SMS Server-Side Request Forgery

A vulnerability, which was classified as critical, has been found in Ozeki NG SMS Gateway up to 4.17.6. Affected by this issue is an unknown function of the component SMS WCF/RSS to SMS. There is no information about possible countermeasures...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 Bulk Import Contacts Command privilege escalation

A vulnerability classified as critical was found in Ozeki NG SMS Gateway up to 4.17.6. Affected by this vulnerability is some unknown processing of the component Bulk Import. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Operation Bridge Reporter up to 10.40 privilege escalation

A vulnerability classified as critical has been found in Micro Focus Operation Bridge Reporter up to 10.40. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Micro Focus Operation Bridge Reporter up to 10.40 Remote Code Execution

A vulnerability was found in Micro Focus Operation Bridge Reporter up to 10.40. It has been rated as critical. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Micro Focus Operation Bridge Reporter up to 10.40 privilege escalation

A vulnerability was found in Micro Focus Operation Bridge Reporter up to 10.40. It has been declared as critical. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Évènement air2020 : quelles mutations dans le monde du travail ?

La CNIL se penchera sur les nouveaux rapports qui lient le travail aux technologies afin d’en saisir les logiques et les enjeux, lors d’un colloque au format original et ouvert à tous, dans les locaux de la CNIL et en visioconférence, le lundi 9...
Auteur: Cnil

cabot Package Endpoint Column cross site scripting [CVE-2020-7734]

A vulnerability was found in cabot Package (the affected version unknown). It has been classified as problematic. This affects some unknown functionality of the component Endpoint Column Handler. There is no information about possible...
Auteur: VulDB

CERTFR-2020-AVI-589 : Vulnérabilité dans VMware Horizon DaaS (22 septembre 2020)

Une vulnérabilité a été découverte dans VMware Horizon DaaS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-588 : Multiples vulnérabilités dans les produits Fortinet (22 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Fortinet FortiAnalyzer et FortiTester. Elles permettent à un attaquant authentifié de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-587 : Vulnérabilité dans IBM Qradar (22 septembre 2020)

Une vulnérabilité a été découverte dans IBM Qradar. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-586 : Multiples vulnérabilités dans Google Chrome (22 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-585 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (22 septembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Auteur: Cert FR

Google Chrome prior 85.0.4183.102 Offscreen Canvas HTML Page Use-After-Free memory corruption

A vulnerability was found in Google Chrome (Web Browser) and classified as critical. Affected by this issue is an unknown functionality of the component Offscreen Canvas Handler. Upgrading to version 85.0.4183.102 eliminates this vulnerability.
Auteur: VulDB

Google Chrome prior 85.0.4183.83 Omnibox Domain spoofing

A vulnerability has been found in Google Chrome (Web Browser) and classified as critical. Affected by this vulnerability is an unknown function of the component Omnibox. Upgrading to version 85.0.4183.83 eliminates this vulnerability.
Auteur: VulDB

Google Chrome prior 85.0.4183.83 WebRTC information disclosure

A vulnerability, which was classified as problematic, was found in Google Chrome (Web Browser). Affected is some unknown processing of the component WebRTC. Upgrading to version 85.0.4183.83 eliminates this vulnerability.
Auteur: VulDB
First234567891011Last

Événements SSI