Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM WebSphere Application Server 7.0/8.0/8.5/9.0 UNC Path privilege escalation

A vulnerability was found in IBM WebSphere Application Server 7.0/8.0/8.5/9.0 (Application Server Software). It has been classified as critical. This affects an unknown code of the component UNC Path Handler. There is no information about...
Auteur: VulDB

IBM Cognos Anaytics 11.0/11.1 XML Data XML External Entity

A vulnerability was found in IBM Cognos Anaytics 11.0/11.1 (Business Process Management Software) and classified as critical. Affected by this issue is an unknown part of the component XML Data Handler. There is no information about possible...
Auteur: VulDB

IBM Financial Transaction Manager 3.2.4 sql injection [CVE-2020-4328]

A vulnerability has been found in IBM Financial Transaction Manager 3.2.4 (Financial Software) and classified as critical. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known....
Auteur: VulDB

IBM Cognos Analytics 11.0/11.1 My Schedules and Subscriptions Page privilege escalation

A vulnerability, which was classified as critical, was found in IBM Cognos Analytics 11.0/11.1 (Business Process Management Software). Affected is an unknown functionality of the component My Schedules and Subscriptions Page. There is no...
Auteur: VulDB

IBM Cognos Analytics 11.0/11.1 Cache Data information disclosure

A vulnerability, which was classified as problematic, has been found in IBM Cognos Analytics 11.0/11.1 (Business Process Management Software). This issue affects an unknown function of the component Cache Data Handler. There is no information...
Auteur: VulDB

CERTFR-2020-AVI-481 : Vulnérabilité dans IBM WebSphere (03 août 2020)

Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

VMware Tanzu Application Service for VMs up to 2.7.18/2.8.12/2.9.6 App Autoscaler Credentials information disclosure

A vulnerability classified as problematic was found in VMware Tanzu Application Service for VMs up to 2.7.18/2.8.12/2.9.6. This vulnerability affects some unknown processing of the component App Autoscaler. Upgrading to version 2.7.19, 2.8.13 or...
Auteur: VulDB

VMware GemFire/Tanzu GemFire for VMs prior 9.10.0 JMX Service Remote Code Execution

A vulnerability was found in VMware GemFire and Tanzu GemFire for VMs. It has been rated as critical. Affected by this issue is an unknown code of the component JMX Service. Upgrading to version 9.10.0 eliminates this vulnerability.
Auteur: VulDB

RSA MFA Agent 2.0 on Windows weak authentication [CVE-2020-5384]

A vulnerability was found in RSA MFA Agent 2.0 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

tgstation-server 4.4.0/4.4.1 directory traversal [CVE-2020-16136]

A vulnerability was found in tgstation-server 4.4.0/4.4.1. It has been classified as problematic. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 Remote Code Execution

A vulnerability was found in Sonatype Nexus Repository Manager up to 3.25.0 and classified as critical. This issue affects an unknown functionality. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 cross site scripting

A vulnerability has been found in Sonatype Nexus Repository Manager up to 3.25.0 and classified as problematic. This vulnerability affects an unknown function. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.25.0 cross site scripting

A vulnerability, which was classified as problematic, was found in Sonatype Nexus Repository Manager up to 3.25.0. This affects some unknown processing. Upgrading to version 3.25.1 eliminates this vulnerability.
Auteur: VulDB

faye-websocket up to 0.10.x Certificate Verification Faye::WebSocket::Client TLS Certificate Man-in-the-Middle weak authentication

A vulnerability classified as problematic was found in faye-websocket up to 0.10.x. Affected by this vulnerability is the function Faye::WebSocket::Client of the component Certificate Verification. Upgrading to version 0.11.0 eliminates this...
Auteur: VulDB

October CMS up to 1.0.467 Cookie privilege escalation

A vulnerability classified as problematic has been found in October CMS up to 1.0.467 (Content Management System). Affected is an unknown part of the component Cookie Handler. Upgrading to version 1.0.468 eliminates this vulnerability.
Auteur: VulDB

grub2 up to 2.05 ext Filesystem Symlink memory corruption

A vulnerability was found in grub2 up to 2.05. It has been rated as critical. This issue affects some unknown functionality of the component ext Filesystem Handler. Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

grub2 up to 2.05 read_section_as_string() Font File Heap-based memory corruption

A vulnerability was found in grub2 up to 2.05. It has been declared as critical. This vulnerability affects the function read_section_as_string(). Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

FlexNet Publisher 11.14.0.2 Web Portal lmadmin.exe information disclosure

A vulnerability was found in FlexNet Publisher 11.14.0.2. It has been classified as problematic. This affects an unknown function of the file lmadmin.exe of the component Web Portal. There is no information about possible countermeasures known....
Auteur: VulDB

VMware GemFire/Tanzu GemFire for VMs bis JMX Service Remote Code Execution

A vulnerability was found in VMware GemFire and Tanzu GemFire for VMs bis and classified as critical. Affected by this issue is some unknown processing of the component JMX Service. Upgrading eliminates this vulnerability.
Auteur: VulDB

VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1 Kryo Codec Deserialization privilege escalation

A vulnerability classified as critical has been found in VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1. This affects an unknown code block of the component Kryo Codec. Upgrading to version 4.3.23, 5.1.12, 5.2.8 or 5.3.2 eliminates this...
Auteur: VulDB

Faye up to 1.3.x Certificate Verification EM::Connection#start_tls TLS Certificate Man-in-the-Middle weak authentication

A vulnerability, which was classified as problematic, has been found in Faye up to 1.3.x. Affected by this issue is the function EM::Connection#start_tls of the component Certificate Verification. Upgrading to version 1.4.0 eliminates this...
Auteur: VulDB

Huawei P30 prior 10.1.0.160(C00E160R2P11) Messages Memory Leak denial of service

A vulnerability has been found in Huawei P30 (Smartphone Operating System) and classified as problematic. Affected by this vulnerability is an unknown code block. Upgrading to version 10.1.0.160(C00E160R2P11) eliminates this vulnerability.
Auteur: VulDB

Huawei FusionComput 8.0.0 Authorization privilege escalation

A vulnerability, which was classified as critical, was found in Huawei FusionComput 8.0.0. Affected is an unknown code of the component Authorization. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Inductive Automation Ignition up to 8.0.12 information disclosure

A vulnerability, which was classified as problematic, has been found in Inductive Automation Ignition up to 8.0.12 (Automation Software). This issue affects an unknown part. Upgrading to version 8.0.13) eliminates this vulnerability.
Auteur: VulDB

Ansible Tower API Mail Address User information disclosure

A vulnerability classified as problematic was found in Ansible Tower (the affected version is unknown). This vulnerability affects some unknown functionality of the component API. There is no information about possible countermeasures known. It...
Auteur: VulDB
First234567891011Last

Événements SSI