CVE-2020-13133 - Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) unauthenticated users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-13133
Partager : LinkedIn / Twitter / Facebook

CVE-2020-13134 - Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be triggered by) admin users. All TOS versions with SecureChange deployments prior to R19.3 HF3 and R20-1 HF1 are affected. Vulnerabilities were fixed in R19.3 HF3 and R20-1 HF1.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-13134
Partager : LinkedIn / Twitter / Facebook

CVE-2020-14360 - A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-14360
Partager : LinkedIn / Twitter / Facebook

CVE-2020-14756 - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-14756
Partager : LinkedIn / Twitter / Facebook

CVE-2020-19360 - Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-19360
Partager : LinkedIn / Twitter / Facebook

CVE-2020-19361 - Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-19361
Partager : LinkedIn / Twitter / Facebook

CVE-2020-19362 - Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-19362
Partager : LinkedIn / Twitter / Facebook

CVE-2020-19363 - Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-19363
Partager : LinkedIn / Twitter / Facebook

CVE-2020-19364 - OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-19364
Partager : LinkedIn / Twitter / Facebook

CVE-2020-20949 - Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924). The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-20949
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25385 - Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25385
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25681 - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25681
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25682 - A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25682
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25683 - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25683
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25684 - A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25684
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25685 - A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25685
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25686 - A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25686
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25687 - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25687
Partager : LinkedIn / Twitter / Facebook

CVE-2020-26252 - OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-26252
Partager : LinkedIn / Twitter / Facebook

CVE-2020-26278 - Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. This setting was not necessary, and is being removed. You are only vulnerable if you have an additional vulnerability (e.g. a bug in Kubernetes) or misconfiguration that allows an attacker to run code inside the Weave Net pod, No such bug is known at the time of release, and there are no known instances of this being exploited. Weave Net 2.8.0 removes the hostPID setting and moves CNI plugin install to an init container. Users who do not update to 2.8.0 can edit the hostPID line in their existing DaemonSet manifest to say false instead of true, arrange some other way to install CNI plugins (e.g. Ansible) and remove those mounts from the DaemonSet manifest.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-26278
Partager : LinkedIn / Twitter / Facebook

CVE-2020-27850 - A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-27850
Partager : LinkedIn / Twitter / Facebook

CVE-2020-27851 - Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-27851
Partager : LinkedIn / Twitter / Facebook

CVE-2020-27852 - A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role (Administrator, Editor, etc.).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-27852
Partager : LinkedIn / Twitter / Facebook

CVE-2020-27858 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-27858
Partager : LinkedIn / Twitter / Facebook

CVE-2020-27859 - This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-9607.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-27859
Partager : LinkedIn / Twitter / Facebook

CVE-2020-28452 - This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request that contains the same value for both the X-XSRF-TOKEN header and the XSRF-TOKEN cookie value, as the check in randomTokenCsrfProtection only checks that the two values are equal and non-empty.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-28452
Partager : LinkedIn / Twitter / Facebook

CVE-2020-28483 - This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-28483
Partager : LinkedIn / Twitter / Facebook

CVE-2020-35217 - Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-35217
Partager : LinkedIn / Twitter / Facebook

CVE-2020-35271 - Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-35271
Partager : LinkedIn / Twitter / Facebook

CVE-2020-35272 - Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-35272
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4688 - IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-4688
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4887 - IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-4887
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4921 - IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-4921
Partager : LinkedIn / Twitter / Facebook

CVE-2020-4983 - IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-4983
Partager : LinkedIn / Twitter / Facebook

CVE-2020-6024 - Check Point SmartConsole before R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-6024
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1067 - NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1067
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1068 - NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1068
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1069 - NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1069
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1129 - A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1129
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1133 - Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1133
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1135 - Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1135
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1138 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1138
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1139 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1139
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1140 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1140
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1141 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1141
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1142 - Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1142
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1218 - A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1218
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1219 - A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1219
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1222 - A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1222
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1225 - Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1225
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1233 - A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1233
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1235 - A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read database files from the filesystem of the underlying operating system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1235
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1241 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1241
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1247 - Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1247
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1248 - Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1248
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1249 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1249
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1250 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1250
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1253 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1253
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1255 - Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1255
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1257 - A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1257
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1259 - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1259
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1260 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1260
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1261 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1261
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1262 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1262
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1263 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1263
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1264 - A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1264
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1265 - A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1265
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1269 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1269
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1270 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1270
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1271 - A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1271
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1272 - A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1272
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1273 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1273
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1274 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1274
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1276 - Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1276
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1277 - Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1277
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1278 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1278
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1279 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1279
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1280 - A vulnerability in the loading mechanism of specific DLLs of Cisco Advanced Malware Protection (AMP) for Endpoints for Windows and Immunet for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with SYSTEM privileges.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1280
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1282 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1282
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1283 - A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1283
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1286 - Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1286
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1298 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1298
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1299 - Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1299
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1300 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1300
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1301 - Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1301
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1302 - Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1302
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1303 - A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to improper enforcement of actions for assigned user roles. An attacker could exploit this vulnerability by authenticating as a user with an Observer role and executing commands on the affected device. A successful exploit could allow a user with the Observer role to execute commands to view diagnostic information of the devices that Cisco DNA Center manages.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1303
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1304 - Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1304
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1305 - Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1305
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1312 - A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for the maximum number of TCP connections and SYN backlog. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to block TCP listening ports that are used by the health monitor API. This vulnerability only affects customers who use the health monitor API.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1312
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1349 - A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1349
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1350 - A vulnerability in the web UI of Cisco Umbrella could allow an unauthenticated, remote attacker to negatively affect the performance of this service. The vulnerability exists due to insufficient rate limiting controls in the web UI. An attacker could exploit this vulnerability by sending crafted HTTPS packets at a high and sustained rate. A successful exploit could allow the attacker to negatively affect the performance of the web UI. Cisco has addressed this vulnerability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1350
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1353 - A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1353
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1355 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1355
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1357 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1357
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1364 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1364
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1993 - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 4.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1993
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1994 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1994
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1995 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1995
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1996 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1996
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2020-15799 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The vulnerability could allow an unauthenticated attacker to reboot the device over the network by using special urls from integrated web server of the affected products.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-15799
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15800 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-15800
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25226 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-25226
Partager : LinkedIn / Twitter / Facebook

CVE-2020-26262 - Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x.x.x`. However, it was observed that when sending a `CONNECT` request with the `XOR-PEER-ADDRESS` value of `0.0.0.0`, a successful response was received and subsequently, `CONNECTIONBIND` also received a successful response. Coturn then is able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either `[::1]` or `[::]` as the peer address. By using the address `0.0.0.0` as the peer address, a malicious user will be able to relay packets to the loopback interface, unless `--denied-peer-ip=0.0.0.0` (or similar) has been specified. Since the default configuration implies that loopback peers are not allowed, coturn administrators may choose to not set the `denied-peer-ip` setting. The issue patched in version 4.5.2. As a workaround the addresses in the address block `0.0.0.0/8`, `[::1]` and `[::]` should be denied by default unless `--allow-loopback-peers` has been specified.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-26262
Partager : LinkedIn / Twitter / Facebook

CVE-2020-26733 - Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-26733
Partager : LinkedIn / Twitter / Facebook

CVE-2020-28390 - A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3). The application contains an information leakage vulnerability in the handling of web client sessions. A local attacker who has access to the Web Client Session Storage could disclose the passwords of currently logged-in users.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-28390
Partager : LinkedIn / Twitter / Facebook

CVE-2020-28391 - A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-28391
Partager : LinkedIn / Twitter / Facebook

CVE-2020-28395 - A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-28395
Partager : LinkedIn / Twitter / Facebook

CVE-2020-29015 - A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-29015
Partager : LinkedIn / Twitter / Facebook

CVE-2020-29016 - A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-29016
Partager : LinkedIn / Twitter / Facebook

CVE-2020-29017 - An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-29017
Partager : LinkedIn / Twitter / Facebook

CVE-2020-29018 - A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-29018
Partager : LinkedIn / Twitter / Facebook

CVE-2020-29019 - A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-29019
Partager : LinkedIn / Twitter / Facebook

CVE-2020-35687 - PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2020-35687
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1126 - A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1126
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1143 - A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1143
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1144 - A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1144
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1145 - A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the affected device. The vulnerability is due to insecure handling of symbolic links. An attacker could exploit this vulnerability by sending a crafted SFTP command to an affected device. A successful exploit could allow the attacker to read arbitrary files on the affected device.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1145
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1238 - Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1238
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1239 - Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1239
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1240 - A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1240
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1242 - A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1242
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1245 - Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1245
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1246 - Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism. For more information about these vulnerabilities, see the Details section of this advisory.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1246
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1258 - A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1258
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1267 - A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1267
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1307 - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1307
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1310 - A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1310
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1311 - A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1311
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1360 - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1360
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1658 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1658
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1659 - Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1652, CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1688, CVE-2021-1693.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1659
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1660 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1660
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1661 - Windows Installer Elevation of Privilege Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1661
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1662 - Windows Event Tracing Elevation of Privilege Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1662
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1663 - Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1663
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1664 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1664
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1665 - GDI+ Remote Code Execution Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1665
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1667 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1671, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1667
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1668 - Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1668
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1669 - Windows Remote Desktop Security Feature Bypass Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1669
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1670 - Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1672.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1670
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1671 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1673, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1671
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1672 - Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1672
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1673 - Remote Procedure Call Runtime Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1658, CVE-2021-1660, CVE-2021-1664, CVE-2021-1666, CVE-2021-1667, CVE-2021-1671, CVE-2021-1700, CVE-2021-1701.
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1673
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1674 - Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1674
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1676 - Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1676
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1677 - Azure Active Directory Pod Identity Spoofing Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1677
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1678 - NTLM Security Feature Bypass Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1678
Partager : LinkedIn / Twitter / Facebook

CVE-2021-1679 - Windows CryptoAPI Denial of Service Vulnerability
20/01/2021 | https://nvd.nist.gov/vuln/detail/CVE-2021-1679
Partager : LinkedIn / Twitter / Facebook