Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

OpenPLC ScadaBR JSP File view_edit.shtm unrestricted upload

A vulnerability, which was classified as critical, has been found in OpenPLC ScadaBR (SCADA Software) (unknown version). This issue affects an unknown part of the file view_edit.shtm of the component JSP File Handler. There is no information...
Auteur: VulDB

Xen initialization [CVE-2021-28687]

A vulnerability classified as critical was found in Xen (Virtualization Software) (the affected version is unknown). This vulnerability affects some unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Schneider Electric IGSS Definition up to 15.0.0.21140 CGF File Def.exe path traversal

A vulnerability classified as critical has been found in Schneider Electric IGSS Definition up to 15.0.0.21140 (SCADA Software). This affects an unknown functionality of the file Def.exe of the component CGF File Handler. There is no information...
Auteur: VulDB

Schneider Electric IGSS Definition up to 15.0.0.21140 Def.exe memory corruption

A vulnerability was found in Schneider Electric IGSS Definition up to 15.0.0.21140 (SCADA Software). It has been rated as critical. Affected by this issue is an unknown function of the file Def.exe. There is no information about possible...
Auteur: VulDB

Schneider Electric IGSS Definition up to 15.0.0.21140 CGF File Def.exe out-of-bounds read

A vulnerability was found in Schneider Electric IGSS Definition up to 15.0.0.21140 (SCADA Software). It has been declared as problematic. Affected by this vulnerability is some unknown processing of the file Def.exe of the component CGF File...
Auteur: VulDB

Schneider Electric IGSS Definition up to 15.0.0.21140 CGF File Def.exe out-of-bounds read

A vulnerability was found in Schneider Electric IGSS Definition up to 15.0.0.21140 (SCADA Software). It has been classified as problematic. Affected is an unknown code block of the file Def.exe of the component CGF File Handler. There is no...
Auteur: VulDB

Schneider Electric IGSS Definition up to 15.0.0.21140 CGF File Def.exe out-of-bounds write

A vulnerability was found in Schneider Electric IGSS Definition up to 15.0.0.21140 (SCADA Software) and classified as critical. This issue affects an unknown code of the file Def.exe of the component CGF File Handler. There is no information...
Auteur: VulDB

Mitsubishi Electricssion MELSEC iQ-R series CPU Module MELSOFT Transmission Port resource consumption

A vulnerability has been found in Mitsubishi Electricssion MELSEC iQ-R series CPU Module (Chip Software) (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown part of the component MELSOFT...
Auteur: VulDB

NetApp E-Series SANtricity OS Controller Software up to 11.70.0 Configuration information disclosure

A vulnerability, which was classified as problematic, was found in NetApp E-Series SANtricity OS Controller Software up to 11.70.0. This affects some unknown functionality of the component Configuration Handler. Upgrading to version 11.70.1...
Auteur: VulDB

actionpack Gem up to 5.2.4.5/5.2.5/6.0.3.6/6.1.3.1 on Ruby Action Controller resource consumption

A vulnerability, which was classified as problematic, has been found in actionpack Gem up to 5.2.4.5/5.2.5/6.0.3.6/6.1.3.1 on Ruby (Ruby Gem). Affected by this issue is the function...
Auteur: VulDB

actionpack Gem up to 6.0.3.6/6.1.3.1 on Ruby Mime Type Parser resource consumption

A vulnerability classified as problematic was found in actionpack Gem up to 6.0.3.6/6.1.3.1 on Ruby (Ruby Gem). Affected by this vulnerability is an unknown function of the component Mime Type Parser. Upgrading to version 6.0.3.7 or 6.1.3.2...
Auteur: VulDB

Drupal Form API cross-site request forgery [CVE-2020-13663]

A vulnerability classified as problematic has been found in Drupal (Content Management System) (version unknown). Affected is some unknown processing of the component Form API. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Drupal up to 8.8.9/8.9.5/9.0.5 Forms cross site scripting

A vulnerability was found in Drupal up to 8.8.9/8.9.5/9.0.5 (Content Management System). It has been rated as problematic. This issue affects an unknown code block of the component Forms Handler. Upgrading to version 8.8.10, 8.9.6 or 9.0.6...
Auteur: VulDB

actionpack Gem up to 6.1.3.1 on Ruby Host Authorization Middleware redirect

A vulnerability was found in actionpack Gem up to 6.1.3.1 on Ruby (Ruby Gem). It has been declared as critical. This vulnerability affects an unknown code of the component Host Authorization Middleware. Upgrading to version 6.1.3.2 eliminates...
Auteur: VulDB

IBM QRadar Analyst Workflow App up to 1.18.0 information disclosure

A vulnerability was found in IBM QRadar Analyst Workflow App up to 1.18.0 (Log Management Software). It has been classified as problematic. This affects an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

cURL up to 7.76.1 TLS 1.3 Session Ticket use after free

A vulnerability was found in cURL up to 7.76.1 (Network Utility Software) and classified as critical. Affected by this issue is some unknown functionality of the component TLS 1.3 Session Ticket Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

IBM Financial Transaction Manager 3.2.4 xml external entity reference

A vulnerability has been found in IBM Financial Transaction Manager 3.2.4 (Financial Software) and classified as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known....
Auteur: VulDB

WoWonder 3.0.4 Parameter recover.php code random values

A vulnerability, which was classified as problematic, was found in WoWonder 3.0.4. Affected is an unknown function of the file recover.php of the component Parameter Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Xen Speculative Execution information disclosure [CVE-2021-28689]

A vulnerability, which was classified as problematic, has been found in Xen (Virtualization Software) (unknown version). This issue affects some unknown processing of the component Speculative Execution. Applying a patch is able to eliminate this...
Auteur: VulDB

IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SAML Web Inbound Trust Association Interceptor access control

A vulnerability classified as critical was found in IBM WebSphere Application Server 7.0/8.0/8.5/9.0 (Application Server Software). This vulnerability affects an unknown code block of the component SAML Web Inbound Trust Association Interceptor....
Auteur: VulDB

NetApp E-Series SANtricity OS Controller Software up to 11.70.0 information exposure

A vulnerability classified as problematic has been found in NetApp E-Series SANtricity OS Controller Software up to 11.70.0. This affects an unknown code. Upgrading to version 11.70.1 eliminates this vulnerability.
Auteur: VulDB

Facebook WhatsApp/WhatsApp Business prior 2.21.8.13 on Android Filename Validation path traversal

A vulnerability was found in Facebook WhatsApp and WhatsApp Business on Android (Social Network Software). It has been rated as critical. Affected by this issue is an unknown part of the component Filename Validation. Upgrading to version...
Auteur: VulDB

Flask-Unchained up to 0.8.x URL Validation _validate_redirect_url

A vulnerability was found in Flask-Unchained up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is the function _validate_redirect_url of the component URL Validation Handler. Upgrading to version 0.9.0 eliminates...
Auteur: VulDB

JerryScript 2.2.0 re-parser.c re_parse_char_escape heap-based overflow

A vulnerability was found in JerryScript 2.2.0. It has been classified as critical. Affected is the function re_parse_char_escape of the file re-parser.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

JerryScript 2.2.0 parser_parse_object_initializer assertion

A vulnerability was found in JerryScript 2.2.0 and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB
12345678910Last

Événements SSI