Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Knowage Suite 7.3 update surname cross site scripting

A vulnerability was found in Knowage Suite 7.3 and classified as problematic. This issue affects an unknown function of the file /knowage/restful-services/signup/update. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Knowage Suite 7.3 Template update name injection

A vulnerability has been found in Knowage Suite 7.3 and classified as critical. This vulnerability affects some unknown processing of the file /knowage/restful-services/signup/update of the component Template Handler. There is no information...
Auteur: VulDB

Codoforum up to 4.8 Topic.php get_topic_info sql injection

A vulnerability, which was classified as critical, was found in Codoforum up to 4.8 (Forum Software). This affects the function get_topic_info of the file sys/CODOF/Forum/Topic.php. Upgrading to version 4.9 eliminates this vulnerability.
Auteur: VulDB

McAfee Total Protection up to 16.0.31 Client Token privileges management

A vulnerability, which was classified as critical, has been found in McAfee Total Protection up to 16.0.31. Affected by this issue is an unknown code of the component Client Token Handler. Upgrading to version 16.0.32 eliminates this...
Auteur: VulDB

McAfee Total Protection up to 16.0.31 File Lock privileges management

A vulnerability classified as critical was found in McAfee Total Protection up to 16.0.31. Affected by this vulnerability is an unknown part of the component File Lock. Upgrading to version 16.0.32 eliminates this vulnerability.
Auteur: VulDB

hivex up to 1.3.19 Registry File hivex_open out-of-bounds read

A vulnerability classified as critical has been found in hivex up to 1.3.19. Affected is the function hivex_open of the component Registry File Handler. Upgrading to version 1.3.20 eliminates this vulnerability.
Auteur: VulDB

SolarWinds Serv-U up to 15.2.2 SenderEmail unknown vulnerability

A vulnerability was found in SolarWinds Serv-U up to 15.2.2 (File Transfer Software). It has been rated as problematic. Upgrading to version 15.2.3 eliminates this vulnerability. The upgrade is hosted for download at documentation.solarwinds.com.
Auteur: VulDB

ImageMagick up to 7.0.10 Signature TransformSignature information disclosure

A vulnerability was found in ImageMagick up to 7.0.10 (Image Processing Software). It has been declared as problematic. This vulnerability affects the function TransformSignature of the component Signature Handler. Upgrading to version 7.0.11...
Auteur: VulDB

McAfee Endpoint Security on Linux Installation toctou

A vulnerability was found in McAfee Endpoint Security on Linux (the affected version unknown). It has been classified as critical. This affects some unknown processing of the component Installation. There is no information about possible...
Auteur: VulDB

ImageMagick 7.0.11 coders/thumbnail.c WriteTHUMBNAILImage integer overflow

A vulnerability was found in ImageMagick 7.0.11 (Image Processing Software) and classified as critical. Affected by this issue is the function WriteTHUMBNAILImage of the file coders/thumbnail.c. There is no information about possible...
Auteur: VulDB

ImageMagick up to 7.0.10 MagickCore/colorspace.c sRGBTransformImage divide by zero

A vulnerability has been found in ImageMagick up to 7.0.10 (Image Processing Software) and classified as problematic. Affected by this vulnerability is the function sRGBTransformImage of the file MagickCore/colorspace.c. Upgrading to version...
Auteur: VulDB

ImageMagick up to 7.0.10 MagickCore/colorspace.c ConvertXYZToJzazbz divide by zero

A vulnerability, which was classified as problematic, was found in ImageMagick up to 7.0.10 (Image Processing Software). Affected is the function ConvertXYZToJzazbz of the file MagickCore/colorspace.c. Upgrading to version 7.0.11 eliminates this...
Auteur: VulDB

ImageMagick up to 6.9.11/7.0.10 visual-effects.c WaveImage divide by zero

A vulnerability, which was classified as problematic, has been found in ImageMagick up to 6.9.11/7.0.10 (Image Processing Software). This issue affects the function WaveImage of the file MagickCore/visual-effects.c. Upgrading to version 6.9.12 or...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.5.12/8.13.4/8.15.0 QueryComponentRendererValue!Default.jspa information disclosure

A vulnerability classified as problematic was found in Atlassian JIRA Server and Data Center up to 8.5.12/8.13.4/8.15.0 (Bug Tracking Software). This vulnerability affects an unknown functionality of the file...
Auteur: VulDB

ZZZCMS zzzphp up to 2.0.3 ?location=search keys os command injection

A vulnerability classified as critical has been found in ZZZCMS zzzphp up to 2.0.3 (Content Management System). This affects an unknown function of the file ?location=search. Upgrading to version 2.0.4 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-370 : [SCADA] Multiples vulnérabilités dans les produits Schneider (12 mai 2021)

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité.

Auteur: Cert FR

Linux Kernel up to 5.12.2 net/can/isotp.c isotp_setsockopt use after free

A vulnerability was found in Linux Kernel up to 5.12.2 (Operating System). It has been rated as critical. Affected by this issue is the function isotp_setsockopt of the file net/can/isotp.c. There is no information about possible countermeasures...
Auteur: VulDB

CERTFR-2021-ALE-010 : Vulnérabilité dans Adobe Acrobat et Acrobat Reader (12 mai 2021)

Une vulnérabilité a été découverte dans Adobe Acrobat et Acrobat Reader. Elle permet à un attaquant de provoquer une exécution de code arbitraire. L'éditeur indique que cette vulnérabilité aurait été exploitée dans des attaques ciblées visant des...
Auteur: Cert FR

Xray Test Management for Jira Plugin up to 2.4.0 on Jenkins cross-site request forgery

A vulnerability was found in Xray Test Management for Jira Plugin up to 2.4.0 on Jenkins (Atlassian Jira App Software). It has been declared as problematic. Affected by this vulnerability is an unknown code block. There is no information about...
Auteur: VulDB

Dashboard View Plugin up to 2.15 on Jenkins Image Dashboard Portlet cross site scripting

A vulnerability was found in Dashboard View Plugin up to 2.15 on Jenkins (Jenkins Plugin). It has been classified as problematic. Affected is an unknown code of the component Image Dashboard Portlet. There is no information about possible...
Auteur: VulDB

Credentials Plugin up to 2.3.18 on Jenkins cross site scripting

A vulnerability was found in Credentials Plugin up to 2.3.18 on Jenkins (Jenkins Plugin) and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

kk Star Ratings Plugin up to 4.1.4 cross site scripting [CVE-2020-35438]

A vulnerability has been found in kk Star Ratings Plugin up to 4.1.4 (Feedback Software) and classified as problematic. This vulnerability affects some unknown functionality. Upgrading to version 4.1.5 eliminates this vulnerability. The upgrade...
Auteur: VulDB

express-cart Package up to 1.1.10 on Node.js Product Option cross site scripting [Disputed]

A vulnerability, which was classified as problematic, was found in express-cart Package up to 1.1.10 on Node.js (JavaScript Library). This affects an unknown functionality of the component Product Option Handler. There is no information about...
Auteur: VulDB

Xcode Integration Plugin up to 2.0.14 on Jenkins XML Parser xml external entity reference

A vulnerability, which was classified as critical, has been found in Xcode Integration Plugin up to 2.0.14 on Jenkins (Jenkins Plugin). Affected by this issue is an unknown function of the component XML Parser. There is no information about...
Auteur: VulDB

OctoPrint up to 1.5.x API Error cross site scripting

A vulnerability classified as problematic was found in OctoPrint up to 1.5.x. Affected by this vulnerability is some unknown processing of the component API Error Handler. Upgrading to version 1.6.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB
First78910111213141516Last

Événements SSI