Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Hrsale 2.0.0 projects_calendar set_date cross site scripting

A vulnerability, which was classified as problematic, has been found in Hrsale 2.0.0. Affected by this issue is some unknown processing of the file admin/project/projects_calendar. There is no information about possible countermeasures known. It...
Auteur: VulDB

Xen up to 4.14.x stack-based buffer overflow [CVE-2020-29040]

A vulnerability classified as critical was found in Xen up to 4.14.x (Virtualization Software). Affected by this vulnerability is an unknown code block. Applying a patch is able to eliminate this problem.
Auteur: VulDB

MISP up to 2.4.134 ACL GalaxyElementsController.php access control

A vulnerability classified as critical has been found in MISP up to 2.4.134. Affected is an unknown code of the file app/Controller/GalaxyElementsController.php of the component ACL Handler. Upgrading to version 2.4.135 eliminates this...
Auteur: VulDB

Karenderia Multiple Restaurant System up to 5.4.2 sql injection

A vulnerability was found in Karenderia Multiple Restaurant System up to 5.4.2 (Hospitality Software). It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

musl libc up to 1.2.1 Buffer Size buffer overflow

A vulnerability was found in musl libc up to 1.2.1. It has been declared as critical. This vulnerability affects some unknown functionality of the component Buffer Size Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SeedDMS 6.0.13 out/out.AddDocument.php dropfolderfileform1 redirect

A vulnerability was found in SeedDMS 6.0.13. It has been classified as critical. This affects an unknown functionality of the file out/out.AddDocument.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

cron-utils up to 9.1.2 Template injection

A vulnerability was found in cron-utils up to 9.1.2 and classified as critical. Affected by this issue is an unknown function of the component Template Handler. Upgrading eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Highlight.js up to 9.18.1/10.1.1 code injection [CVE-2020-26237]

A vulnerability has been found in Highlight.js up to 9.18.1/10.1.1 (JavaScript Library) and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading to version 9.18.2 or 10.1.2 eliminates this vulnerability....
Auteur: VulDB

Time Crate up to 0.2.22 on Unix Environment Variable try_now_local null pointer dereference

A vulnerability, which was classified as problematic, was found in Time Crate up to 0.2.22 on Unix (Rust Package). Affected is the function...
Auteur: VulDB

Jupyter Server up to 1.0.5 redirect [CVE-2020-26232]

A vulnerability, which was classified as critical, has been found in Jupyter Server up to 1.0.5. This issue affects an unknown code. Upgrading to version 1.0.6 eliminates this vulnerability. The upgrade is hosted for download at github.com....
Auteur: VulDB

Pacemaker up to 1.1.23/2.0.5-rc1 ACL access control

A vulnerability classified as critical was found in Pacemaker up to 1.1.23/2.0.5-rc1. This vulnerability affects an unknown part of the component ACL Handler. Upgrading to version 1.1.24-rc1 or 2.0.5-rc2 eliminates this vulnerability.
Auteur: VulDB

Wildfly up to 20.x Resource Adapter log file

A vulnerability classified as problematic has been found in Wildfly up to 20.x (Application Server Software). This affects some unknown functionality of the component Resource Adapter. Upgrading to version 21.0.0.Final eliminates this...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 News Edit id sql injection

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been rated as critical. Affected by this issue is an unknown functionality of the component News Edit Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 editor_name cross site scripting

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about possible...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 Session Cookie cookie without 'httponly' flag

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been classified as problematic. Affected is some unknown processing of the component Session Cookie Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 User cross-site request forgery

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software) and classified as problematic. This issue affects an unknown code block of the component User Handler. There is no information about possible...
Auteur: VulDB

RTA 499ES EtherNet-IP Adaptor Source Code stack-based buffer overflow

A vulnerability has been found in RTA 499ES EtherNet-IP Adaptor Source Code (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

MicroStrategy up to 10.4/2019 Update 5/2020 Update 1 PDF Generator server-side request forgery

A vulnerability, which was classified as critical, was found in MicroStrategy up to 10.4/2019 Update 5/2020 Update 1. This affects an unknown part of the component PDF Generator. Upgrading to version 10.4, 2019 Update 6 or 2020 Update 2...
Auteur: VulDB

Apache Unomi up to 1.5.1 Endpoint /context.json injection

A vulnerability, which was classified as critical, has been found in Apache Unomi up to 1.5.1. Affected by this issue is some unknown functionality of the file /context.json of the component Endpoint Handler. Upgrading to version 1.5.2 eliminates...
Auteur: VulDB

FASTGate FGA2130FWB up to 2020-05-26 Admin Web Panel cross-site request forgery

A vulnerability classified as problematic was found in FASTGate FGA2130FWB up to 2020-05-26. Affected by this vulnerability is an unknown functionality of the component Admin Web Panel. There is no information about possible countermeasures...
Auteur: VulDB

Heketi up to 10.0.x log file [CVE-2020-10763]

A vulnerability classified as problematic has been found in Heketi up to 10.0.x. Affected is an unknown function. Upgrading to version 10.1.0 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Auteur: VulDB

gluster-block up to 0.5.0 CLI cmd_history.log log file

A vulnerability was found in gluster-block up to 0.5.0. It has been rated as problematic. This issue affects some unknown processing of the file cmd_history.log of the component CLI Handler. Upgrading to version 0.5.1 eliminates this...
Auteur: VulDB

TOTOLINK A850R-V1/F1-V2 Management Interface formSysCmd/sysCmd backdoor

A vulnerability was found in TOTOLINK A850R-V1 and F1-V2 (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block of the component Management Interface. There is no information about...
Auteur: VulDB

TOTOLINK A850R-V1/F1-V2 Web Management Interface access control

A vulnerability was found in TOTOLINK A850R-V1 and F1-V2 (the affected version unknown). It has been classified as critical. This affects an unknown code of the component Web Management Interface. There is no information about possible...
Auteur: VulDB

Exercice des droits via un mandat : la CNIL lance une consultation publique sur son projet de recommandation

Par le biais d’un mandat, une personne peut désigner une société afin que celle-ci exerce ses droits à sa place. Afin de clarifier le cadre applicable, la CNIL propose une consultation publique sur un projet de recommandation.
Auteur: Cnil
First891011121314151617Last

Événements SSI