vendredi 3 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apache Guacamole up to 1.1.0 RDP memory corruption

A vulnerability was found in Apache Guacamole up to 1.1.0. It has been declared as critical. This vulnerability affects some unknown functionality of the component RDP Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Apache Guacamole up to 1.1.0 RDP information disclosure

A vulnerability was found in Apache Guacamole up to 1.1.0. It has been classified as problematic. This affects an unknown functionality of the component RDP Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

UniFi Protect up to 1.13.2/1.14.9 Command privilege escalation

A vulnerability was found in UniFi Protect up to 1.13.2/1.14.9 and classified as critical. Affected by this issue is an unknown function. Upgrading to version 1.13.3 or 1.14.10 eliminates this vulnerability.
Auteur: VulDB

Ruby on Rails up to 6.0.3.1 denial of service [CVE-2020-8185]

A vulnerability has been found in Ruby on Rails up to 6.0.3.1 (Programming Language Software) and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading to version 6.0.3.2 eliminates this vulnerability.
Auteur: VulDB

Nextcloud Deck 1.0.0 Access Control Injection privilege escalation

A vulnerability, which was classified as critical, was found in Nextcloud Deck 1.0.0 (Cloud Software). Affected is an unknown code block of the component Access Control. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

koa-shopify-auth 3.1.61/3.1.62 enable_cookies shop cross site scripting

A vulnerability, which was classified as problematic, has been found in koa-shopify-auth 3.1.61/3.1.62. This issue affects an unknown code of the file /shopify/auth/enable_cookies. There is no information about possible countermeasures known. It...
Auteur: VulDB

Ruby on Rails up to 5.2.4/6.0.3 cross site request forgery [CVE-2020-8166]

A vulnerability classified as problematic was found in Ruby on Rails up to 5.2.4/6.0.3. This vulnerability affects an unknown part. Upgrading to version 5.2.5 or 6.0.4 eliminates this vulnerability.
Auteur: VulDB

Ruby on Rails up to 5.0.0 render locals privilege escalation

A vulnerability classified as critical has been found in Ruby on Rails up to 5.0.0. This affects the function render. Upgrading to version 5.0.1 eliminates this vulnerability.
Auteur: VulDB

Rack up to 2.1.x Rack::Directory directory traversal

A vulnerability was found in Rack up to 2.1.x. It has been rated as problematic. Affected by this issue is the function Rack::Directory. Upgrading to version 2.2.0 eliminates this vulnerability.
Auteur: VulDB

Nexacro14-17 ExtCommonApiV13 prior 2019.9.6 Registry Remote Code Execution

A vulnerability was found in Nexacro14-17 ExtCommonApiV13. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Registry Handler. Upgrading to version 2019.9.6 eliminates this vulnerability.
Auteur: VulDB

Nexacro14-17 ExtCommonApiV13 Library prior 2019.9.6 API Argument Remote Code Execution

A vulnerability was found in Nexacro14-17 ExtCommonApiV13 Library. It has been classified as critical. Affected is some unknown processing of the component API. Upgrading to version 2019.9.6 eliminates this vulnerability.
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption

A vulnerability was found in Nginx Controller up to 1.0.1/2.8.x/3.4.x and classified as problematic. This issue affects an unknown code block of the component Kubernetes Package Download Handler. Upgrading to version 2.9.0 or 3.5.0 eliminates...
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication

A vulnerability has been found in Nginx Controller up to 1.0.1/2.8.x/3.4.x and classified as critical. This vulnerability affects an unknown code of the component NATS Messaging System. Upgrading to version 2.9.0 or 3.5.0 eliminates this...
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication

A vulnerability, which was classified as critical, was found in Nginx Controller up to 1.0.1/2.8.x/3.4.x. This affects an unknown part of the component User Interface. Upgrading to version 2.9.0 or 3.5.0 eliminates this vulnerability.
Auteur: VulDB

PrestaShop up to 1.7.7.5 Authentication Request Command privilege escalation

A vulnerability, which was classified as critical, has been found in PrestaShop up to 1.7.7.5 (E-Commerce Management Software). Affected by this issue is some unknown functionality of the component Authentication. Upgrading to version 1.7.7.6...
Auteur: VulDB

October up to 1.0.466 Froala Richeditor Reflected cross site scripting

A vulnerability classified as problematic was found in October up to 1.0.466. Affected by this vulnerability is an unknown functionality of the component Froala Richeditor. Upgrading to version 1.0.467 eliminates this vulnerability.
Auteur: VulDB

Cisco Unified Communications Manager Web-based Management Interface cross site scripting

A vulnerability classified as problematic has been found in Cisco Unified Communications Manager, Unified Communications Manager Session Management Edition, Unified Communications Manager IM & Presence Service and Cisco Unity Connection (Unified...
Auteur: VulDB

Link Column Plugin up to 1.0 on Jenkins Permission Stored cross site scripting

A vulnerability was found in Link Column Plugin up to 1.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. This issue affects some unknown processing of the component Permission. There is no information about possible...
Auteur: VulDB

HP ALM Quality Center Plugin up to 1.6 on Jenkins Global Configuration weak encryption

A vulnerability was found in HP ALM Quality Center Plugin up to 1.6 on Jenkins (Jenkins Plugin). It has been declared as problematic. This vulnerability affects an unknown code block of the component Global Configuration. There is no information...
Auteur: VulDB

Compatibility Action Storage Plugin up to 1.0 on Jenkins MongoDB Test Connection Reflected cross site scripting

A vulnerability was found in Compatibility Action Storage Plugin up to 1.0 on Jenkins. It has been classified as problematic. This affects an unknown code of the component MongoDB Test Connection Handler. There is no information about possible...
Auteur: VulDB

Zephyr for JIRA Test Management Plugin up to 1.5 on Jenkins Permission Check privilege escalation

A vulnerability was found in Zephyr for JIRA Test Management Plugin up to 1.5 on Jenkins and classified as critical. Affected by this issue is an unknown part of the component Permission Check. There is no information about possible...
Auteur: VulDB

Zephyr for JIRA Test Management Plugin up to 1.5 on Jenkins cross site request forgery

A vulnerability has been found in Zephyr for JIRA Test Management Plugin up to 1.5 on Jenkins and classified as problematic. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

ZAP Pipeline Plugin up to 1.9 on Jenkins CSP privilege escalation

A vulnerability, which was classified as critical, was found in ZAP Pipeline Plugin up to 1.9 on Jenkins. Affected is an unknown functionality of the component CSP Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

White Source Plugin up to 19.1.1 on Jenkins Global Configuration config.xml weak encryption

A vulnerability, which was classified as problematic, has been found in White Source Plugin up to 19.1.1 on Jenkins. This issue affects an unknown function of the file config.xml of the component Global Configuration. There is no information...
Auteur: VulDB

GitHub Coverage Reporter Plugin up to 1.8 on Jenkins Global Configuration weak encryption

A vulnerability classified as problematic was found in GitHub Coverage Reporter Plugin up to 1.8 on Jenkins (Bug Tracking Software). This vulnerability affects some unknown processing of the component Global Configuration. There is no information...
Auteur: VulDB
12345678910Last

Événements SSI