jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

PHP Markdown up to 1.2.0 Parser cross site scripting

A vulnerability classified as problematic has been found in PHP Markdown up to 1.2.0. Affected is a part of the component Parser. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue...
Auteur: VulDB

FasterXML Jackson up to 2.9.7 jackson-databind nanoseconds denial of service

A vulnerability was found in FasterXML Jackson up to 2.9.7. It has been rated as problematic. This issue affects a functionality of the component jackson-databind. The manipulation of the argument nanoseconds with an unknown input leads to a...
Auteur: VulDB

OpenKMIP PyKMIP up to 0.7.x denial of service [CVE-2018-1000872]

A vulnerability was found in OpenKMIP PyKMIP up to 0.7.x. It has been declared as problematic. This vulnerability affects a function. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the...
Auteur: VulDB

HotelDruid up to 2.3.0 gestione_utenti.php id_utente_mod sql injection

A vulnerability was found in HotelDruid up to 2.3.0. It has been classified as critical. This affects some functionality of the file gestione_utenti.php. The manipulation of the argument id_utente_mod with an unknown input leads to a sql...
Auteur: VulDB

phpipam up to 1.3.2 User Settings print-user.php Parameter cross site scripting

A vulnerability was found in phpipam up to 1.3.2 and classified as problematic. Affected by this issue is an unknown function of the file /app/admin/users/print-user.php of the component User Settings. The manipulation as part of a Parameter...
Auteur: VulDB

phpipam 1.3.2 item-add-submit.php sql injection

A vulnerability has been found in phpipam 1.3.2 and classified as critical. Affected by this vulnerability is some processing of the file /app/admin/nat/item-add-submit.php. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

WebID 1.2.2 user_login.php cross site scripting

A vulnerability, which was classified as problematic, was found in WebID 1.2.2. Affected is a code block of the file user_login.php. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the...
Auteur: VulDB

WebID 1.2.2 HTTP Request Blind sql injection

A vulnerability, which was classified as critical, has been found in WebID 1.2.2. This issue affects code. The manipulation as part of a HTTP Request leads to a sql injection vulnerability (Blind). Using CWE to declare the problem leads to...
Auteur: VulDB

phpipam up to 1.3.2 Cookie cross site scripting

A vulnerability classified as problematic was found in phpipam up to 1.3.2. This vulnerability affects a part. The manipulation with the input value r5zkh'>alert(1)quqtl leads to a cross site scripting vulnerability. The CWE definition for the...
Auteur: VulDB

GnuPG up to 2.2.11 cross site request forgery [CVE-2018-1000858]

A vulnerability classified as problematic has been found in GnuPG up to 2.2.11. This affects a functionality. The manipulation with an unknown input leads to a cross site request forgery vulnerability. CWE is classifying the issue as CWE-352....
Auteur: VulDB

log-user-session up to 0.7 Environment Variable directory traversal

A vulnerability was found in log-user-session up to 0.7. It has been rated as critical. Affected by this issue is a function of the file /usr/local/bin/log-user-session. The manipulation as part of a Environment Variable leads to a directory...
Auteur: VulDB

DomainMod up to 4.11.01 cross site scripting [CVE-2018-1000856]

A vulnerability was found in DomainMod up to 4.11.01. It has been declared as problematic. Affected by this vulnerability is some functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

easymon up to 1.4 Firefox Reflected cross site scripting

A vulnerability was found in easymon up to 1.4. It has been classified as problematic. Affected is an unknown function of the component Firefox Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

esigate up to 5.2 XSLT Code Execution

A vulnerability was found in esigate up to 5.2 and classified as critical. This issue affects some processing of the component XSLT Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution)....
Auteur: VulDB

FreeRDP up to 2.0.0-rc3 drdynvc_main.c drdynvc_process_capability_request Request memory corruption

A vulnerability has been found in FreeRDP up to 2.0.0-rc3 and classified as critical. This vulnerability affects the function drdynvc_process_capability_request of the file channels/drdynvc/client/drdynvc_main.c. The manipulation as part of a...
Auteur: VulDB

Copay Bitcoin Wallet up to 5.1.0 Private Key Storage information disclosure

A vulnerability, which was classified as problematic, was found in Copay Bitcoin Wallet up to 5.1.0. This affects code of the component Private Key Storage. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

Square Retrofit up to 2.5.0 directory traversal [CVE-2018-1000850]

A vulnerability, which was classified as critical, has been found in Square Retrofit up to 2.5.0. Affected by this issue is a part. The manipulation with an unknown input leads to a directory traversal vulnerability. Using CWE to declare the...
Auteur: VulDB

Alpine Linux up to 2.6.9/2.7.5/2.10.0 Package Manager Code Execution

A vulnerability classified as critical was found in Alpine Linux up to 2.6.9/2.7.5/2.10.0. Affected by this vulnerability is a functionality of the component Package Manager. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

WampServer up to 3.1.4 index.php cross site scripting

A vulnerability classified as problematic has been found in WampServer up to 3.1.4. Affected is a function of the file index.php. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue...
Auteur: VulDB

FreshDNS up to 1.0.3 Admin Interface cross site scripting

A vulnerability was found in FreshDNS up to 1.0.3. It has been rated as problematic. This issue affects some functionality of the component Admin Interface. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

FreshDNS up to 1.0.3 index.php API Call cross site request forgery

A vulnerability was found in FreshDNS up to 1.0.3. It has been declared as problematic. This vulnerability affects an unknown function of the file index.php. The manipulation as part of a API Call leads to a cross site request forgery...
Auteur: VulDB

Avahi 0.7 avahi-daemon Network Packet denial of service

A vulnerability was found in Avahi 0.7. It has been classified as problematic. This affects some processing of the component avahi-daemon. The manipulation as part of a Network Packet leads to a denial of service vulnerability. CWE is...
Auteur: VulDB

Square Open Source Retrofit XML Data XML External Entity [CVE-2018-1000844]

A vulnerability was found in Square Open Source Retrofit (affected version not known) and classified as critical. Affected by this issue is a code block of the component XML Data Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Luigi up to 2.7.x API Endpoint spotify/luigi/pull/1870 id cross site request forgery

A vulnerability has been found in Luigi up to 2.7.x and classified as problematic. Affected by this vulnerability is code of the file spotify/luigi/pull/1870 of the component API Endpoint. The manipulation of the argument id as part of a...
Auteur: VulDB

FatFreeCRM up to 0.14.1/0.15.1/0.16.3/0.17.2/0.18.0 cross site scripting

A vulnerability, which was classified as problematic, was found in FatFreeCRM up to 0.14.1/0.15.1/0.16.3/0.17.2/0.18.0. Affected is a part. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying...
Auteur: VulDB
First1020102110221023102410251026102710281029Last

Événements SSI