Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Keymaker up to 0.1.x Assets Endpoint join path traversal

A vulnerability was found in Keymaker up to 0.1.x. It has been rated as critical. This issue affects the function join of the component Assets Endpoint. Upgrading to version 0.2.0 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

gin X-Forwarded-For Header Remote Privilege Escalation [CVE-2020-28483]

A vulnerability was found in gin (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown processing of the component X-Forwarded-For Header Handler. There is no information about possible...
Auteur: VulDB

Akka com.softwaremill.akka-http-session up to 0.6.0 cross-site request forgery

A vulnerability was found in Akka com.softwaremill.akka-http-session up to 0.6.0. It has been classified as problematic. This affects an unknown code block. Upgrading to version 0.6.1 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

Dnsmasq up to 2.82 rfc1035.c extract_name heap-based overflow

A vulnerability was found in Dnsmasq up to 2.82 (Domain Name Software) and classified as critical. Affected by this issue is the function extract_name of the file rfc1035.c. Upgrading to version 2.83 eliminates this vulnerability.
Auteur: VulDB

Dnsmasq up to 2.82 Pending Request security check for standard

A vulnerability has been found in Dnsmasq up to 2.82 (Domain Name Software) and classified as problematic. Affected by this vulnerability is an unknown part of the component Pending Request Handler. Upgrading to version 2.83 eliminates this...
Auteur: VulDB

Dnsmasq up to 2.82 rfc1035.c extract_name heap-based overflow

A vulnerability, which was classified as critical, was found in Dnsmasq up to 2.82 (Domain Name Software). Affected is the function extract_name of the file rfc1035.c. Upgrading to version 2.83 eliminates this vulnerability.
Auteur: VulDB

Dnsmasq up to 2.82 RRSets Sort heap-based overflow

A vulnerability, which was classified as critical, has been found in Dnsmasq up to 2.82 (Domain Name Software). This issue affects an unknown functionality of the component RRSets Sort Handler. Upgrading to version 2.83 eliminates this...
Auteur: VulDB

Open-AudIT up to 3.5.3 Web Interface information disclosure

A vulnerability classified as problematic was found in Open-AudIT up to 3.5.3. This vulnerability affects an unknown function of the component Web Interface. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

PrestaShop 1.7.7.0 id_products sql injection

A vulnerability classified as critical has been found in PrestaShop 1.7.7.0 (E-Commerce Management Software). This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Ardatan graphql-tools up to 6.2.5 load-git.ts exec/execSync command injection

A vulnerability was found in Ardatan graphql-tools up to 6.2.5. It has been rated as critical. Affected by this issue is the function exec/execSync of the file packages/loaders/git/src/load-git.ts. Upgrading to version 6.2.6 eliminates this...
Auteur: VulDB

Oracle Argus Safety 8.2.2 Letters information disclosure

A vulnerability was found in Oracle Argus Safety 8.2.2. It has been declared as problematic. Affected by this vulnerability is an unknown code of the component Letters. Upgrading eliminates this vulnerability.
Auteur: VulDB

Oracle Argus Safety 8.2.2 Case Form/Local Affiliate Form Remote Code Execution

A vulnerability was found in Oracle Argus Safety 8.2.2. It has been classified as critical. Affected is an unknown part of the component Case Form/Local Affiliate Form. Upgrading eliminates this vulnerability.
Auteur: VulDB

IBM Spectrum LSF/Spectrum LSF Suite LSF Job unknown vulnerability

A vulnerability was found in IBM Spectrum LSF and Spectrum LSF Suite (unknown version) and classified as critical. This issue affects some unknown functionality of the component LSF Job Handler. There is no information about possible...
Auteur: VulDB

IBM Security Guardium up to 10.6/11.2 sql injection [CVE-2020-4921]

A vulnerability has been found in IBM Security Guardium up to 10.6/11.2 (Policy Management Software) and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

IBM AIX/VIOS Local Privilege Escalation [CVE-2020-4887]

A vulnerability, which was classified as problematic, was found in IBM AIX and VIOS (Operating System) (the affected version unknown). There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

IBM Security Guardium 10.6/11.2 command injection [CVE-2020-4688]

A vulnerability, which was classified as critical, has been found in IBM Security Guardium 10.6/11.2 (Policy Management Software). Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It...
Auteur: VulDB

Employee Performance Evaluation System 1.0 Admin Portal Task/Description cross site scripting

A vulnerability classified as problematic was found in Employee Performance Evaluation System 1.0. Affected by this vulnerability is an unknown code block of the component Admin Portal. There is no information about possible countermeasures...
Auteur: VulDB

Employee Performance Evaluation System 1.0 Employees/First Name/Last Name cross site scripting

A vulnerability classified as problematic has been found in Employee Performance Evaluation System 1.0. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Vert.x Web Framework 4.0 Milestone 1-4 cross-site request forgery

A vulnerability was found in Vert.x Web Framework 4.0 Milestone 1-4. It has been rated as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Dnsmasq up to 2.82 DNS Cache forward.c reply_query unknown vulnerability

A vulnerability was found in Dnsmasq up to 2.82 (Domain Name Software). It has been declared as problematic. This vulnerability affects the function reply_query of the file forward.c of the component DNS Cache Handler. Upgrading to version 2.83...
Auteur: VulDB

Dnsmasq up to 2.82 DNS Cache forward.c reply_query security check for standard

A vulnerability was found in Dnsmasq up to 2.82 (Domain Name Software). It has been classified as problematic. This affects the function reply_query of the file forward.c of the component DNS Cache Handler. Upgrading to version 2.83 eliminates...
Auteur: VulDB

Dnsmasq up to 2.82 DNSSEC rfc1035.c extract_name heap-based overflow

A vulnerability was found in Dnsmasq up to 2.82 (Domain Name Software) and classified as problematic. Affected by this issue is the function extract_name of the file rfc1035.c of the component DNSSEC. Upgrading to version 2.83 eliminates this...
Auteur: VulDB

STM32Cube 1.5 PKCS Padding information disclosure

A vulnerability has been found in STM32Cube 1.5 and classified as problematic. Affected by this vulnerability is some unknown processing of the component PKCS Padding. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

X.Org Server up to 1.20.9 XkbSetMap memory corruption

A vulnerability, which was classified as critical, was found in X.Org Server up to 1.20.9. Affected is the function XkbSetMap. Upgrading to version 1.20.10 eliminates this vulnerability.
Auteur: VulDB

Oracle VM VirtualBox up to 6.1.17 information disclosure [CVE-2021-2123]

A vulnerability, which was classified as problematic, has been found in Oracle VM VirtualBox up to 6.1.17 (Virtualization Software). This issue affects an unknown code. Upgrading eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB
12345678910Last

Événements SSI