Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Upload Course Tool access control

A vulnerability classified as critical was found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). Affected by this vulnerability is an unknown code of the component Upload Course Tool. Upgrading to version 3.9.3, 3.8.6,...
Auteur: VulDB

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Database Module Web Service sql injection

A vulnerability classified as critical has been found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). Affected is an unknown part of the component Database Module Web Service. Upgrading to version 3.8.6, 3.7.9, 3.5.15 or...
Auteur: VulDB

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Capability Check access control

A vulnerability was found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). It has been rated as critical. This issue affects some unknown functionality of the component Capability Check. Upgrading to version 3.9.3, 3.8.6,...
Auteur: VulDB

Moodle up to 3.5.143.7.8/3.8.5/3.9.2 User Enrollment access control

A vulnerability was found in Moodle up to 3.5.143.7.8/3.8.5/3.9.2 (Learning Management Software). It has been declared as critical. This vulnerability affects an unknown functionality of the component User Enrollment. Upgrading to version 3.9.3,...
Auteur: VulDB

YzmCMS 5.5 Editor cross site scripting

A vulnerability was found in YzmCMS 5.5. It has been classified as problematic. This affects an unknown function of the component Editor. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

TwinCAT XAR 3.1 TcSysUI.exe default permission

A vulnerability was found in TwinCAT XAR 3.1 and classified as critical. Affected by this issue is some unknown processing of the file TcSysUI.exe. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Endress+Hauser Ecograph T 2.0.0 information disclosure [CVE-2020-12496]

A vulnerability has been found in Endress+Hauser Ecograph T 2.0.0 and classified as problematic. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Endress+Hauser Ecograph T up to 1.x Web-based User Interface Neutral/Private privileges management

A vulnerability, which was classified as critical, was found in Endress+Hauser Ecograph T up to 1.x. Affected is an unknown code of the file Neutral/Private of the component Web-based User Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Johnson Controls American Dynamics Victor Web Client HTTP API improper authorization

A vulnerability, which was classified as critical, has been found in Johnson Controls American Dynamics Victor Web Client and Software House C-CURE Web Client (unknown version). This issue affects an unknown part of the component HTTP API. There...
Auteur: VulDB

IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0/7.0.1 Web UI cross site scripting

A vulnerability classified as problematic was found in IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0/7.0.1 (Reporting Software). This vulnerability affects some unknown functionality of the component Web UI.
Auteur: VulDB

IBM DB2/DB2 Connect Server 10.5/11.1/11.5 buffer overflow [CVE-2020-4701]

A vulnerability classified as critical has been found in IBM DB2 and DB2 Connect Server 10.5/11.1/11.5 (Database Software). This affects an unknown functionality.
Auteur: VulDB

JamoDat TSMManager Collector up to 6.5.0.21 authorization [CVE-2020-28054]

A vulnerability was found in JamoDat TSMManager Collector up to 6.5.0.21. It has been rated as critical. Affected by this issue is an unknown function. Applying a patch is able to eliminate this problem.
Auteur: VulDB

com.oppo.ovoicemanager 2.0.1 permission [CVE-2020-11831]

A vulnerability was found in com.oppo.ovoicemanager 2.0.1. It has been declared as critical. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

com.oppo.qualityprotect 2.0 unknown vulnerability [CVE-2020-11830]

A vulnerability was found in com.oppo.qualityprotect 2.0. It has been classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

com.coloros.codebook 2.0.0_5493e40_200722 Backup/Restore SDK unknown vulnerability

A vulnerability was found in com.coloros.codebook 2.0.0_5493e40_200722 and classified as critical. This issue affects an unknown code of the component Backup/Restore SDK. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2020-AVI-763 : Vulnérabilité dans IBM Db2 (19 novembre 2020)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer une exécution de code arbitraire avec les privilèges root.

Auteur: Cert FR

CERTFR-2020-AVI-762 : Vulnérabilité dans F5 BIG-IP (19 novembre 2020)

Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-761 : Multiples vulnérabilités dans VMware SD-WAN Orchestrator (19 novembre 2020)

De multiples vulnérabilités ont été découvertes dans VMware SD-WAN Orchestrator. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

CERTFR-2020-AVI-760 : Vulnérabilité dans Drupal Core (19 novembre 2020)

Une vulnérabilité a été découverte dans Drupal Core. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-759 : Vulnérabilité dans Symantec Endpoint Detection & Response (19 novembre 2020)

Une vulnérabilité a été découverte dans Symantec Endpoint Detection & Response. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-758 : Multiples vulnérabilités dans les produits Cisco (19 novembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la...
Auteur: Cert FR

Nextcloud Social up to 0.3.x Server Certificate certificate validation

A vulnerability has been found in Nextcloud Social up to 0.3.x (Cloud Software) and classified as critical. This vulnerability affects an unknown part of the component Server Certificate Handler. Upgrading to version 0.4.0 eliminates this...
Auteur: VulDB

Nextcloud Social App 0.3.1 access control [CVE-2020-8278]

A vulnerability, which was classified as critical, was found in Nextcloud Social App 0.3.1 (Cloud Software). This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Node.js up to 12.19.0/14.15.0/15.2.0 DNS Request resource consumption

A vulnerability, which was classified as problematic, has been found in Node.js up to 12.19.0/14.15.0/15.2.0 (JavaScript Library). Affected by this issue is an unknown functionality of the component DNS Request Handler. Upgrading to version...
Auteur: VulDB

F5 BIG-IP/BIG-IP Virtual Edition up to 15.1.1/up to 16.0.0.1 TCP Sequence Number random values

A vulnerability classified as problematic was found in F5 BIG-IP and BIG-IP Virtual Edition up to 15.1.1/up to 16.0.0.1 (Firewall Software). Affected by this vulnerability is an unknown function of the component TCP Sequence Number Handler....
Auteur: VulDB
First234567891011Last

Événements SSI