Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

HTMLy 2.8.0 config.html.php blog title/tagline/description cross site scripting

A vulnerability, which was classified as problematic, has been found in HTMLy 2.8.0. Affected by this issue is an unknown code of the file config.html.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

GLSL Linting Extension up to 1.3.x on Visual Studio Workspace Configuration glslangValidatorPath injection

A vulnerability classified as problematic was found in GLSL Linting Extension up to 1.3.x on Visual Studio. Affected by this vulnerability is an unknown part of the component Workspace Configuration Handler. Upgrading to version 1.4.0 eliminates...
Auteur: VulDB

Remote Clinic 2.0 staff/register.php First Name/Last Name cross site scripting

A vulnerability classified as problematic has been found in Remote Clinic 2.0. Affected is some unknown functionality of the file staff/register.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Remote Clinic 2.0 clinics/register.php cross site scripting

A vulnerability was found in Remote Clinic 2.0. It has been rated as problematic. This issue affects an unknown functionality of the file clinics/register.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Remote Clinic 2.0 register-report.php Fever/Blood Pressure cross site scripting

A vulnerability was found in Remote Clinic 2.0. It has been declared as problematic. This vulnerability affects an unknown function of the file patients/register-report.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Remote Clinic 2.0 register-report.php Symptoms cross site scripting

A vulnerability was found in Remote Clinic 2.0. It has been classified as problematic. This affects some unknown processing of the file patients/register-report.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Remote Clinic 2.0 register-patient.php Full Name cross site scripting

A vulnerability was found in Remote Clinic 2.0 and classified as problematic. Affected by this issue is an unknown code block of the file register-patient.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CERTFR-2021-AVI-252 : Vulnérabilité dans MongoDB Database Tools (13 avril 2021)

Une vulnérabilité a été découverte dans MongoDB Database Tools. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

Apache Solr up to 8.8.1 ConfigurableInternodeAuthHadoopPlugin authorization

A vulnerability has been found in Apache Solr up to 8.8.1 and classified as critical. Affected by this vulnerability is the function ConfigurableInternodeAuthHadoopPlugin. Upgrading to version 8.8.2 eliminates this vulnerability.
Auteur: VulDB

Apache Commons IO up to 2.6 FileNameUtils.normalize path traversal

A vulnerability, which was classified as critical, was found in Apache Commons IO up to 2.6. Affected is the function FileNameUtils.normalize. Upgrading to version 2.7 eliminates this vulnerability.
Auteur: VulDB

Apache Solr up to 8.8.1 insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in Apache Solr up to 8.8.1. This issue affects the function SaslZkACLProvider/VMParamsAllAndReadonlyDigestZkACLProvider. Upgrading to version 8.8.2 eliminates this vulnerability.
Auteur: VulDB

Papoo CMS Light/CMS Pro Admin Interface cross-site request forgery

A vulnerability classified as problematic was found in Papoo CMS Light and CMS Pro (Content Management System) (the affected version is unknown). This vulnerability affects an unknown functionality of the component Admin Interface. Upgrading...
Auteur: VulDB

Genexis Platinum 4410 2-1.28 sys_config_valid.xgi os command injection

A vulnerability classified as critical has been found in Genexis Platinum 4410 2-1.28. This affects an unknown function of the file sys_config_valid.xgi?exeshell=%60telnetd%20%26%60. There is no information about possible countermeasures known....
Auteur: VulDB

Siren Federate Thread information disclosure [CVE-2021-28938]

A vulnerability was found in Siren Federate. It has been rated as problematic. Affected by this issue is some unknown processing of the component Thread Handler. Upgrading to version 6.8.14-10.3.9, 7.6.2-20.2, 7.9.3-21.6, 7.10.2-22.2 or...
Auteur: VulDB

Apache Solr up to 8.8.1 /replication masterUrl/leaderUrl server-side request forgery

A vulnerability was found in Apache Solr up to 8.8.1. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file /replication. Upgrading to version 8.8.2 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-251 : Multiples vulnérabilités dans les produits SAP (13 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-250 : Multiples vulnérabilités dans le noyau Linux de SUSE (13 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une...
Auteur: Cert FR

Slab Quill 4.8.0 HTML Editor onloadstart cross site scripting

A vulnerability was found in Slab Quill 4.8.0. It has been classified as problematic. Affected is an unknown code of the component HTML Editor. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

ASUS RT-AX3000/ZenWiFi AX/RT-AX88U IPv6 Router Advertisement infinite loop

A vulnerability was found in ASUS RT-AX3000, ZenWiFi AX and RT-AX88U (Wireless LAN Software) (unknown version) and classified as problematic. This issue affects an unknown part of the component IPv6 Router Advertisement Handler. Upgrading...
Auteur: VulDB

TP-Link TL-XDR5430 Router Advertisement infinite loop [CVE-2021-3125]

A vulnerability has been found in TP-Link TL-XDR3230, TL-XDR1850, TL-XDR1860, TL-XDR3250, TL-XDR6060 and TL-XDR5430 (Router Operating System) and classified as problematic. This vulnerability affects some unknown functionality of the component...
Auteur: VulDB

Gradle up to 6.x Download temp file

A vulnerability, which was classified as problematic, was found in Gradle up to 6.x. This affects an unknown functionality of the component Download Handler. Upgrading to version 7.0 eliminates this vulnerability.
Auteur: VulDB

OutSystems Platform Server prior 10.0.1104.0/11.9.0 ECT Provider server-side request forgery

A vulnerability, which was classified as critical, has been found in OutSystems Platform Server. Affected by this issue is an unknown function of the component ECT Provider. Upgrading to version 10.0.1104.0 or 11.9.0 eliminates this vulnerability.
Auteur: VulDB

TP-Link TL-WR802N/Archer_C50v5_US up to 2020.06 httpd buffer overflow

A vulnerability classified as critical was found in TP-Link TL-WR802N and Archer_C50v5_US up to 2020.06 (Router Operating System). Affected by this vulnerability is some unknown processing of the component httpd. There is no information about...
Auteur: VulDB

Gargoyle OS 1.12.0 Router Advertisement infinite loop

A vulnerability classified as problematic has been found in Gargoyle OS 1.12.0. Affected is an unknown code block of the component Router Advertisement Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

NetIQ Advanced Authentication up to 6.3 SP3 user session [CVE-2021-22497]

A vulnerability was found in NetIQ Advanced Authentication up to 6.3 SP3. It has been rated as problematic. This issue affects an unknown code. Applying the patch 6.3 SP4 is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB
First12131415161718192021Last

Événements SSI