Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Liferay Portal 7.3.4 site name cross site scripting

A vulnerability classified as problematic has been found in Liferay Portal 7.3.4. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.28 Project File out-of-bounds read

A vulnerability was found in Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.28 (Automation Software). It has been rated as critical. This issue affects some unknown functionality of the component Project File Handler. Upgrading...
Auteur: VulDB

Liferay Portal/DXP SimpleCaptcha improper authentication [CVE-2021-29047]

A vulnerability was found in Liferay Portal and DXP (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown functionality of the component SimpleCaptcha. Upgrading eliminates this...
Auteur: VulDB

Liferay DXP up to 7.3 Multi-Factor Authentication Module denial of service

A vulnerability was found in Liferay DXP up to 7.3. It has been classified as problematic. This affects an unknown function of the component Multi-Factor Authentication Module. Applying the patch 7.3 FP1 is able to eliminate this problem.
Auteur: VulDB

Liferay Portal/DXP JSON Web Services information exposure [CVE-2021-29040]

A vulnerability was found in Liferay Portal and DXP (affected version not known) and classified as problematic. Affected by this issue is some unknown processing of the component JSON Web Services. Upgrading eliminates this vulnerability.
Auteur: VulDB

GitHub Enterprise Server up to 2.22.12/3.0.6 UI clickjacking

A vulnerability has been found in GitHub Enterprise Server up to 2.22.12/3.0.6 (Bug Tracking Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component UI. Upgrading to version 2.22.13 or...
Auteur: VulDB

YFCMF 2.3.1 News Page cross site scripting

A vulnerability, which was classified as problematic, was found in YFCMF 2.3.1. Affected is an unknown code of the component News Page. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

v up to 2.2.29 Settings Page tab cross site scripting

A vulnerability, which was classified as problematic, has been found in v up to 2.2.29. This issue affects an unknown part of the component Settings Page. Upgrading to version 2.2.30 eliminates this vulnerability.
Auteur: VulDB

libxml2 up to 2.9.10 XML Document null pointer dereference

A vulnerability classified as problematic was found in libxml2 up to 2.9.10 (Document Processing Software). This vulnerability affects some unknown functionality of the component XML Document Handler. Upgrading to version 2.9.11 eliminates this...
Auteur: VulDB

Firely Incendi Spark up to 1.5.5-r3 Content-Disposition Header cross site scripting

A vulnerability classified as problematic has been found in Firely Incendi Spark up to 1.5.5-r3. This affects an unknown functionality of the component Content-Disposition Header Handler. Upgrading to version 1.5.5-r4 eliminates this...
Auteur: VulDB

ImageMagick up to 7.0.8 Float MagickCore/quantize.c integer overflow

A vulnerability was found in ImageMagick up to 7.0.8 (Image Processing Software). It has been rated as problematic. Affected by this issue is an unknown function of the file MagickCore/quantize.c of the component Float Handler. Upgrading to...
Auteur: VulDB

radare2 up to 5.3.0 pyc Parser double free

A vulnerability was found in radare2 up to 5.3.0 (Programming Tool Software). It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component pyc Parser. There is no information about possible...
Auteur: VulDB

Moxa NPort IA5000A Telnet cleartext transmission [CVE-2020-27184]

A vulnerability was found in Moxa NPort IA5000A (Automation Software) (version unknown). It has been classified as problematic. Affected is an unknown code block of the component Telnet. There is no information about possible countermeasures...
Auteur: VulDB

Moxa NPort IA5000A Configuration Export credentials storage [CVE-2020-27150]

A vulnerability was found in Moxa NPort IA5000A (Automation Software) (unknown version) and classified as problematic. This issue affects an unknown code of the component Configuration Export Handler. There is no information about possible...
Auteur: VulDB

Moxa NPort IA5150A-IEX up to 1.4 Web Console unknown vulnerability

A vulnerability has been found in Moxa NPort IA5150A-IEX, NPort IA5150A-T-IEX, NPort IA5150A-T, NPort IA5150A, NPort IA5150AI-IEX, NPort IA5150AI-T-IE, NPort IA5150AI-T, NPort IA5150AI, NPort IA5250A-IEX, NPort IA5250A-T-IEX, NPort IA5250A-T,...
Auteur: VulDB

Octopus Server Import/Export cleartext storage [CVE-2021-30183]

A vulnerability, which was classified as problematic, was found in Octopus Server (the affected version unknown). This affects some unknown functionality of the component Import/Export. There is no information about possible countermeasures...
Auteur: VulDB

Kaspersky Password Manager Password Generator entropy [CVE-2020-27020]

A vulnerability, which was classified as problematic, has been found in Kaspersky Password Manager (affected version not known). Affected by this issue is an unknown functionality of the component Password Generator. There is no information about...
Auteur: VulDB

haml-coffee up to 1.14.1 cross site scripting [CVE-2021-32818]

A vulnerability classified as problematic was found in haml-coffee up to 1.14.1. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

TP-LINK Archer C1200 1.13 Build 2018-01-24 rel.52299 EU cross site scripting

A vulnerability classified as problematic has been found in TP-LINK Archer C1200 1.13 Build 2018-01-24 rel.52299 EU. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

YARA up to 4.0.3 Mach-O File macho.c buffer overflow

A vulnerability was found in YARA up to 4.0.3. It has been rated as critical. This issue affects an unknown code block of the file libyara/modules/macho/macho.c of the component Mach-O File Handler. Upgrading to version 4.0.4 eliminates this...
Auteur: VulDB

Express-handlebars information disclosure [CVE-2021-32820]

A vulnerability was found in Express-handlebars (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown code. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

express-hbs layout information disclosure

A vulnerability was found in express-hbs (the affected version unknown). It has been classified as problematic. This affects an unknown part of the file hbs. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

ProtonMail Web Client prior 3.16.60 Regular Expression resource consumption

A vulnerability was found in ProtonMail Web Client and classified as problematic. Affected by this issue is some unknown functionality of the component Regular Expression Handler. Upgrading to version 3.16.60 eliminates this vulnerability....
Auteur: VulDB

DedeCMS 5.7 cross-site request forgery [CVE-2021-32073]

A vulnerability has been found in DedeCMS 5.7 (Content Management System) and classified as problematic. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

UPX 4.0.0 p_lx_elf.cpp heap-based overflow

A vulnerability, which was classified as critical, was found in UPX 4.0.0. Affected is an unknown function of the file p_lx_elf.cpp. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB
12345678910Last

Événements SSI