Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

JNews Theme up to 8.0.5 on WordPress POST Request /?ajax-request=jnews cat_id cross site scripting

A vulnerability has been found in JNews Theme up to 8.0.5 on WordPress (WordPress Plugin) and classified as problematic. Affected by this vulnerability is some unknown processing of the file /?ajax-request=jnews of the component POST Request...
Auteur: VulDB

FlightLog Plugin up to 3.0.2 on WordPress POST sql injection

A vulnerability, which was classified as critical, was found in FlightLog Plugin up to 3.0.2 on WordPress (WordPress Plugin). Affected is an unknown code block of the component POST Handler. There is no information about possible countermeasures...
Auteur: VulDB

Wireshark 3.4.0 up to 3.4.5 DVB-S2-BB Dissector denial of service

A vulnerability, which was classified as problematic, has been found in Wireshark 3.4.0 up to 3.4.5 (Packet Analyzer Software). This issue affects an unknown code of the component DVB-S2-BB Dissector. Applying a patch is able to eliminate this...
Auteur: VulDB

WP Statistics Plugin up to 13.0.7 on WordPress esc_sql sql injection

A vulnerability classified as critical was found in WP Statistics Plugin up to 13.0.7 on WordPress (WordPress Plugin). This vulnerability affects the function esc_sql. Upgrading to version 13.0.8 eliminates this vulnerability.
Auteur: VulDB

Video Embed Plugin up to 1.0 on WordPress GET Parameter id sql injection

A vulnerability classified as critical has been found in Video Embed Plugin up to 1.0 on WordPress (WordPress Plugin). This affects some unknown functionality of the component GET Parameter Handler. There is no information about possible...
Auteur: VulDB

IBM DataPower Gateway up to 10.0.1.0/2018.4.1.14 GET Request information disclosure

A vulnerability was found in IBM DataPower Gateway up to 10.0.1.0/2018.4.1.14. It has been rated as problematic. Affected by this issue is an unknown functionality of the component GET Request Handler. There is no information about possible...
Auteur: VulDB

Linux Kernel up to 5.9 ucma.c ctx_list/ucma_migrate_id use after free

A vulnerability was found in Linux Kernel up to 5.9 (Operating System). It has been declared as critical. Affected by this vulnerability is the function ctx_list/ucma_migrate_id of the file drivers/infiniband/core/ucma.c. Upgrading to version...
Auteur: VulDB

IBM WebSphere Application Server 8.5/9.0 Network Deployment path traversal

A vulnerability was found in IBM WebSphere Application Server 8.5/9.0 (Application Server Software). It has been classified as problematic. Affected is some unknown processing of the component Network Deployment. There is no information about...
Auteur: VulDB

CERTFR-2021-ACT-024 : Bulletin d’actualité CERTFR-2021-ACT-024 (07 juin 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-ALE-011 : Vulnérabilité dans VMware vCenter Server (07 juin 2021)

Le 25 mai 2021, VMware a publié un correctif pour la vulnérabilité CVE-2021-21985 affectant le greffon Virtual SAN Health Check qui est installé par défaut dans vCenter Server. L'exploitation de cette vulnérabilité permet à un attaquant non...
Auteur: Cert FR

CERTFR-2021-AVI-439 : Vulnérabilité dans Microsoft Edge (07 juin 2021)

Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-438 : Vulnérabilité dans PostgreSQL Partition Manager (07 juin 2021)

Une vulnérabilité a été découverte dans PostgreSQL Partition Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-AVI-437 : Multiples vulnérabilités dans le noyau Linux de SUSE (07 juin 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-436 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (07 juin 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

Nginx up to 1.13.5 Autoindex Module integer overflow

A vulnerability was found in Nginx up to 1.13.5 (Web Server) and classified as critical. This issue affects an unknown code block of the component Autoindex Module. Upgrading to version 1.13.6 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

2sic 2sxc up to 11.21 dnn/ui.html sxcver cross site scripting

A vulnerability has been found in 2sic 2sxc up to 11.21 and classified as problematic. This vulnerability affects an unknown code of the file dnn/ui.html. Upgrading to version 11.22 eliminates this vulnerability.
Auteur: VulDB

Tencent GameLoop up to 4.1.21.89 Update cleartext transmission

A vulnerability, which was classified as problematic, was found in Tencent GameLoop up to 4.1.21.89. This affects an unknown part of the component Update Handler. Upgrading to version 4.1.21.90 eliminates this vulnerability.
Auteur: VulDB

Backdoor.Win32.Neakse.bit permission

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.Neakse.bit (Remote Access Software) (affected version not known). Affected by this issue is some unknown functionality. There is no information about possible...
Auteur: VulDB

Invoice Ninja up to 4.3.x AccountRepository.php deserialization

A vulnerability classified as critical was found in Invoice Ninja up to 4.3.x. Affected by this vulnerability is an unknown functionality of the file app/Ninja/Repositories/AccountRepository.php. Upgrading to version 4.4.0 eliminates this...
Auteur: VulDB

Trojan-Dropper.Win32.Googite.a Service Port 1202 backdoor

A vulnerability classified as critical has been found in Trojan-Dropper.Win32.Googite.a (version unknown). Affected is an unknown function of the component Service Port 1202. It is possible to mitigate the weakness by firewalling .
Auteur: VulDB

Backdoor.Win32.Wollf.12 Service Port 7614 backdoor

A vulnerability was found in Backdoor.Win32.Wollf.12 (Remote Access Software) (unknown version). It has been rated as critical. This issue affects some unknown processing of the component Service Port 7614. Addressing this vulnerability is...
Auteur: VulDB

EmTec ZOC up to 8.02.1 unknown vulnerability [CVE-2021-32198]

A vulnerability was found in EmTec ZOC up to 8.02.1. It has been declared as problematic. Upgrading to version 8.02.2 eliminates this vulnerability. The upgrade is hosted for download at emtec.com.
Auteur: VulDB

Mintty up to 3.4.6 Bracketed Paste Mode unknown vulnerability

A vulnerability was found in Mintty up to 3.4.6. It has been classified as problematic. This affects an unknown code of the component Bracketed Paste Mode. Upgrading to version 3.4.7 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

NXP MIFARE Ultralight/NTAG Card protection mechanism [CVE-2021-33881]

A vulnerability was found in NXP MIFARE Ultralight and NTAG Card (affected version not known) and classified as problematic. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

aaugustin Websockets up to 9.0 on Python HTTP Basic Authentication timing discrepancy

A vulnerability has been found in aaugustin Websockets up to 9.0 on Python and classified as problematic. Affected by this vulnerability is some unknown functionality of the component HTTP Basic Authentication Handler. Upgrading to version 9.1...
Auteur: VulDB
First9101112131415161718Last

Événements SSI