Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Fortinet FortiGate up to 6.2.4/6.4.0 Log Dashboard cross site scripting

A vulnerability classified as problematic was found in Fortinet FortiGate up to 6.2.4/6.4.0 (Firewall Software). This vulnerability affects an unknown part of the component Log Dashboard. Upgrading to version 6.2.5 or 6.4.1 eliminates this...
Auteur: VulDB

grub2 up to 2.05 ACPI Command memory corruption

A vulnerability classified as critical has been found in grub2 up to 2.05. This affects some unknown functionality of the component ACPI Command Handler. Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

WebKit WebKitGTK 2.30.1 Web Page AudioSourceProviderGStreamer use after free

A vulnerability was found in WebKit WebKitGTK 2.30.1 (Web Browser). It has been rated as critical. Affected by this issue is the function AudioSourceProviderGStreamer of the component Web Page Handler. There is no information about possible...
Auteur: VulDB

Advantech WebAccess/SCADA 9.0.1 access control [CVE-2020-13554]

A vulnerability was found in Advantech WebAccess and SCADA 9.0.1 (SCADA Software). It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Pillow up to 8.1.0 ICO Container memory allocation

A vulnerability was found in Pillow up to 8.1.0. It has been classified as problematic. Affected is some unknown processing of the component ICO Container Handler. Upgrading to version 8.1.1 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

Pillow up to 8.1.0 Image memory allocation

A vulnerability was found in Pillow up to 8.1.0 and classified as problematic. This issue affects an unknown code block of the component Image Handler. Upgrading to version 8.1.1 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Pillow up to 8.1.0 BLP Container memory allocation

A vulnerability has been found in Pillow up to 8.1.0 and classified as problematic. This vulnerability affects an unknown code of the component BLP Container. Upgrading to version 8.1.1 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

SuSE Linux Enterprise Server 15 SP3 salt improper authentication

A vulnerability, which was classified as very critical, was found in SuSE Linux Enterprise Server 15 SP3 (Operating System). This affects an unknown part of the component salt. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Argo CD up to 1.7.12/1.8.5 SSO Provider cross site scripting

A vulnerability, which was classified as problematic, has been found in Argo CD up to 1.7.12/1.8.5. Affected by this issue is some unknown functionality of the component SSO Provider. Upgrading to version 1.7.13 or 1.8.6 eliminates this...
Auteur: VulDB

GitHub Enterprise Server 2.12.22/2.20.23/2.21.14/2.22.6/3.0.0 GraphQL API improper authorization

A vulnerability classified as critical was found in GitHub Enterprise Server 2.12.22/2.20.23/2.21.14/2.22.6/3.0.0 (Bug Tracking Software). Affected by this vulnerability is an unknown functionality of the component GraphQL API. Upgrading to...
Auteur: VulDB

GitHub Enterprise Server 3.0.0/3.0.0.rc1/3.0.0.rc2 Fork improper authorization

A vulnerability classified as critical has been found in GitHub Enterprise Server 3.0.0/3.0.0.rc1/3.0.0.rc2 (Bug Tracking Software). Affected is an unknown function of the component Fork Handler. Upgrading to version 3.0.1 eliminates this...
Auteur: VulDB

GitHub Enterprise Server up to 2.4.20/2.20.23/2.21.14/2.22.6/3.0.0 REST API improper authorization

A vulnerability was found in GitHub Enterprise Server up to 2.4.20/2.20.23/2.21.14/2.22.6/3.0.0 (Bug Tracking Software). It has been rated as critical. This issue affects some unknown processing of the component REST API. Upgrading to version...
Auteur: VulDB

Oracle Cloud Infrastructure Data Science Notebook Sessions Local Privilege Escalation

A vulnerability was found in Oracle Cloud Infrastructure Data Science Notebook Sessions (Cloud Software) (the affected version is unknown). It has been declared as problematic. There is no information about possible countermeasures known. It may...
Auteur: VulDB

pug up to 2.0.2/3.0.0 on npm Template injection

A vulnerability was found in pug up to 2.0.2/3.0.0 on npm (NPM Package). It has been classified as problematic. This affects an unknown code of the component Template Handler. Upgrading to version 2.0.3 or 3.0.1 eliminates this vulnerability. The...
Auteur: VulDB

Anuko Time Tracker prior 1.19.24.5415/1.19.24.5416 Password Reset password recovery

A vulnerability was found in Anuko Time Tracker and classified as problematic. Affected by this issue is an unknown part of the component Password Reset Handler. Upgrading to version 1.19.24.5415 or 1.19.24.5416 eliminates this vulnerability....
Auteur: VulDB

GitHub Enterprise Server up to 2.20.23/2.21.14/2.22.6 Parser Configuration command injection

A vulnerability has been found in GitHub Enterprise Server up to 2.20.23/2.21.14/2.22.6 (Bug Tracking Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component Parser Configuration...
Auteur: VulDB

CERTFR-2021-ALE-004 : Multiples vulnérabilités dans Microsoft Exchange Server (03 mars 2021)

Le 2 mars 2021, Microsoft a publié des correctifs concernant des vulnérabilités critiques de type « jour zéro » (zero day) affectant les serveurs de messagerie Exchange en version 2010, 2013, 2016 et 2019. Ces vulnérabilités permettent à un...
Auteur: Cert FR

CERTFR-2021-AVI-161 : Multiples vulnérabilités dans Joomla! (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-160 : Vulnérabilité dans Junos OS (03 mars 2021)

Une vulnérabilité a été découverte dans Junos OS. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-159 : Vulnérabilité dans les produits Trend Micro (03 mars 2021)

Une vulnérabilité a été découverte dans les produits Trend Micro. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-158 : Multiples vulnérabilités dans le noyau Linux de Red Hat (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2021-AVI-157 : Multiples vulnérabilités dans Tenable.sc (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant authentifié de provoquer une exécution de code arbitraire à distance et un dénis de service.

Auteur: Cert FR

CERTFR-2021-AVI-156 : Multiples vulnérabilités dans Microsoft Exchange Server (03 mars 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Exchange Server. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

Stormshield Network Security up to 2.7.7/2.16.0/3.7.16/3.11.4/4.1.5 Table Management denial of service

A vulnerability, which was classified as problematic, was found in Stormshield Network Security up to 2.7.7/2.16.0/3.7.16/3.11.4/4.1.5. Affected is an unknown functionality of the component Table Management Handler. Upgrading to version 2.7.8,...
Auteur: VulDB

e107 CMS up to 2.3.0 usersettings.php protection mechanism

A vulnerability, which was classified as critical, has been found in e107 CMS up to 2.3.0 (Content Management System). This issue affects an unknown function of the file usersettings.php. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB
First3456789101112Last

Événements SSI