Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Chrome prior 85.0.4183.121 Extension Policy Validator Sandbox privilege escalation

A vulnerability was found in Google Chrome (Web Browser). It has been declared as critical. This vulnerability affects some unknown functionality of the component Extension Policy Validator. Upgrading to version 85.0.4183.121 eliminates this...
Auteur: VulDB

Google Chrome prior 85.0.4183.121 Storage HTML Page Out-of-Bounds memory corruption

A vulnerability was found in Google Chrome (Web Browser). It has been classified as critical. This affects an unknown functionality of the component Storage. Upgrading to version 85.0.4183.121 eliminates this vulnerability.
Auteur: VulDB

Données personnelles des bacheliers : la CNIL rappelle à l’ordre le rectorat de Normandie et la députée Sonia KRIMI

La formation restreinte de la CNIL a prononcé deux rappels à l’ordre à l’encontre du rectorat de l’académie de Normandie et de Madame Sonia KRIMI, députée de la 4e circonscription de la Manche. Dans les deux cas, la sanction fait suite à...
Auteur: Cnil

Advantech WebAccess Node up to 9.0.0 privilege escalation [CVE-2020-16202]

A vulnerability was found in Advantech WebAccess Node up to 9.0.0 and classified as critical. Affected by this issue is an unknown function. Upgrading to version 9.0.1 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

AVEVA Enterprise Data Management Web prior 2019 SP1 sql injection

A vulnerability has been found in AVEVA Enterprise Data Management Web and classified as critical. Affected by this vulnerability is some unknown processing. Upgrading to version 2019 SP1 eliminates this vulnerability. A possible mitigation has...
Auteur: VulDB

AVEVA Enterprise Data Management Web prior 2019 SP1 sql injection

A vulnerability, which was classified as critical, was found in AVEVA Enterprise Data Management Web. Affected is an unknown code block. Upgrading to version 2019 SP1 eliminates this vulnerability. A possible mitigation has been published...
Auteur: VulDB

AVEVA Enterprise Data Management Web prior 2019 SP1 sql injection

A vulnerability, which was classified as critical, has been found in AVEVA Enterprise Data Management Web. This issue affects an unknown code. Upgrading to version 2019 SP1 eliminates this vulnerability. A possible mitigation has been published...
Auteur: VulDB

Fatek PLC WinProladder up to 3.28 Stack-based memory corruption

A vulnerability classified as critical was found in Fatek PLC WinProladder up to 3.28. This vulnerability affects an unknown part. The problem might be mitigated by replacing the product with as an alternative.
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 AJAX API cross site scripting

A vulnerability classified as problematic has been found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System). This affects some unknown functionality of the component AJAX API. Upgrading to version 8.8.10, 8.9.6 or 9.0.6 eliminates this...
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 File Module privilege escalation

A vulnerability was found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System). It has been rated as critical. Affected by this issue is an unknown functionality of the component File Module. Upgrading to version 8.8.10, 8.9.6 or 9.0.6...
Auteur: VulDB

FreeBSD 11.3/11.4/12.1/12.2 ftpd privilege escalation

A vulnerability was found in FreeBSD 11.3/11.4/12.1/12.2 (Operating System). It has been declared as critical. Affected by this vulnerability is an unknown function of the component ftpd. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 Experimental Workspaces privilege escalation

A vulnerability was found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System). It has been classified as critical. Affected is some unknown processing of the component Experimental Workspaces. Upgrading to version 8.8.10, 8.9.6 or 9.0.6...
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 CKEditor Reflected cross site scripting

A vulnerability was found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System) and classified as problematic. This issue affects an unknown code block of the component CKEditor. Upgrading to version 8.8.10, 8.9.6 or 9.0.6 eliminates this...
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 Reflected cross site scripting

A vulnerability has been found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System) and classified as problematic. This vulnerability affects an unknown code. Upgrading to version 8.8.10, 8.9.6 or 9.0.6 eliminates this vulnerability. A...
Auteur: VulDB

FreeBSD 11.3/11.4/12.1/12.2 bhyve SVM Guest privilege escalation

A vulnerability, which was classified as very critical, was found in FreeBSD 11.3/11.4/12.1/12.2 (Operating System). This affects an unknown part of the component bhyve SVM Guest Handler. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

FreeBSD 11.3/11.4/12.1/12.2 bhyve privilege escalation

A vulnerability, which was classified as critical, has been found in FreeBSD 11.3/11.4/12.1/12.2 (Operating System). Affected by this issue is some unknown functionality of the component bhyve. Applying a patch is able to eliminate this problem....
Auteur: VulDB

FreeBSD 11.3/11.4/12.1/12.2 ure Device Driver Injection privilege escalation

A vulnerability classified as critical was found in FreeBSD 11.3/11.4/12.1/12.2 (Operating System). Affected by this vulnerability is an unknown functionality of the component ure Device Driver. Applying a patch is able to eliminate this problem....
Auteur: VulDB

CERTFR-2020-AVI-584 : Multiples vulnérabilités dans Moodle (21 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Moodle . Elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-583 : Vulnérabilité dans IBM WebSphere Application Server (21 septembre 2020)

Une vulnérabilité a été découverte dans IBM WebSphere Application Server (version standard et version WebSphere Application Server Hypervisor). Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-582 : Vulnérabilité dans les produits Fortinet (21 septembre 2020)

Une vulnérabilité a été découverte dans les produits Fortinet . Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-581 : Multiples vulnérabilités dans les produits Citrix (21 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Citrix ADC, Citrix Gateway et Citrix SD-WAN WANOP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une injection de...
Auteur: Cert FR

CERTFR-2020-AVI-580 : Multiples vulnérabilités dans les routeurs de série RV340 de Cisco (21 septembre 2020)

Cet avis fait suite à la mise à jour du bulletin de l'éditeur le 17 septembre. De multiples vulnérabilités ont été découvertes dans les routeurs de série RV340 de Cisco. Elles permettent à un attaquant non-authentifié de provoquer une exécution...
Auteur: Cert FR

Acronis Cyber Backup up to 12.5 Build 16341 Server-Side Request Forgery

A vulnerability classified as critical has been found in Acronis Cyber Backup up to 12.5 Build 16341 (Backup Software). Affected is an unknown function. Upgrading to version 12.5 Build 16342 eliminates this vulnerability.
Auteur: VulDB

ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3/3.0.4 ReDoS denial of service

A vulnerability was found in ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3/3.0.4. It has been rated as problematic. This issue affects some unknown processing. Applying the patch cve-2020-15598.patch is able to eliminate this problem. The bugfix is ready...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.5.7/8.11.0 QueryComponent!Default.jspa information disclosure

A vulnerability was found in Atlassian JIRA Server and Data Center up to 8.5.7/8.11.0 (Bug Tracking Software). It has been classified as problematic. This affects an unknown code of the file /secure/QueryComponent!Default.jspa. Upgrading to...
Auteur: VulDB
First3456789101112Last

Événements SSI