Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

PageLayer up to 1.3.4 Color Settings cross site scripting

A vulnerability, which was classified as problematic, was found in PageLayer up to 1.3.4. This affects an unknown function of the component Color Settings Handler. Upgrading to version 1.3.5 eliminates this vulnerability.
Auteur: VulDB

PageLayer up to 1.3.4 Parameter font-size cross site scripting

A vulnerability, which was classified as problematic, has been found in PageLayer up to 1.3.4. Affected by this issue is some unknown processing of the component Parameter Handler. Upgrading to version 1.3.5 eliminates this vulnerability.
Auteur: VulDB

Sharp NEC UN462A HTTP Request buffer overflow [CVE-2021-20699]

A vulnerability classified as critical was found in Sharp NEC UN462A, UN462VA, UN492S, UN492VS, UN552A, UN552S, UN552VS, UN552, UN552V, UX552S, UN552, V864Q, C861Q, P754Q, V754Q, C751Q, V964Q, C961Q, P654Q, V654Q, C651Q and V554Q. Affected by...
Auteur: VulDB

Red Hat WildFly up to 19.x EJBContext Principle privileges management

A vulnerability classified as critical has been found in Red Hat WildFly up to 19.x (Application Server Software). Affected is an unknown code of the component EJBContext Principle Handler. Upgrading to version 20.0.0.Final eliminates this...
Auteur: VulDB

ArcGIS Server up to 10.8.1 sql injection [CVE-2021-29099]

A vulnerability was found in ArcGIS Server up to 10.8.1. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Sharp NEC UN462A HTTP Request Remote Privilege Escalation [CVE-2021-20698]

A vulnerability was found in Sharp NEC UN462A, UN462VA, UN492S, UN492VS, UN552A, UN552S, UN552VS, UN552, UN552V, UX552S, UN552, V864Q, C861Q, P754Q, V754Q, C751Q, V964Q, C961Q, P654Q, V654Q, C651Q and V554Q. It has been declared as very critical....
Auteur: VulDB

iFlyChat Plugin up to 4.6.4 on WordPress APP ID Setting cross site scripting

A vulnerability was found in iFlyChat Plugin up to 4.6.4 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown functionality of the component APP ID Setting Handler. There is no information about possible...
Auteur: VulDB

Easy Preloader Plugin up to 1.0.0 on WordPress cross site scripting

A vulnerability was found in Easy Preloader Plugin up to 1.0.0 on WordPress (WordPress Plugin) and classified as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

JNews Theme up to 8.0.5 on WordPress POST Request /?ajax-request=jnews cat_id cross site scripting

A vulnerability has been found in JNews Theme up to 8.0.5 on WordPress (WordPress Plugin) and classified as problematic. Affected by this vulnerability is some unknown processing of the file /?ajax-request=jnews of the component POST Request...
Auteur: VulDB

FlightLog Plugin up to 3.0.2 on WordPress POST sql injection

A vulnerability, which was classified as critical, was found in FlightLog Plugin up to 3.0.2 on WordPress (WordPress Plugin). Affected is an unknown code block of the component POST Handler. There is no information about possible countermeasures...
Auteur: VulDB

Wireshark 3.4.0 up to 3.4.5 DVB-S2-BB Dissector denial of service

A vulnerability, which was classified as problematic, has been found in Wireshark 3.4.0 up to 3.4.5 (Packet Analyzer Software). This issue affects an unknown code of the component DVB-S2-BB Dissector. Applying a patch is able to eliminate this...
Auteur: VulDB

WP Statistics Plugin up to 13.0.7 on WordPress esc_sql sql injection

A vulnerability classified as critical was found in WP Statistics Plugin up to 13.0.7 on WordPress (WordPress Plugin). This vulnerability affects the function esc_sql. Upgrading to version 13.0.8 eliminates this vulnerability.
Auteur: VulDB

Video Embed Plugin up to 1.0 on WordPress GET Parameter id sql injection

A vulnerability classified as critical has been found in Video Embed Plugin up to 1.0 on WordPress (WordPress Plugin). This affects some unknown functionality of the component GET Parameter Handler. There is no information about possible...
Auteur: VulDB

IBM DataPower Gateway up to 10.0.1.0/2018.4.1.14 GET Request information disclosure

A vulnerability was found in IBM DataPower Gateway up to 10.0.1.0/2018.4.1.14. It has been rated as problematic. Affected by this issue is an unknown functionality of the component GET Request Handler. There is no information about possible...
Auteur: VulDB

Linux Kernel up to 5.9 ucma.c ctx_list/ucma_migrate_id use after free

A vulnerability was found in Linux Kernel up to 5.9 (Operating System). It has been declared as critical. Affected by this vulnerability is the function ctx_list/ucma_migrate_id of the file drivers/infiniband/core/ucma.c. Upgrading to version...
Auteur: VulDB

IBM WebSphere Application Server 8.5/9.0 Network Deployment path traversal

A vulnerability was found in IBM WebSphere Application Server 8.5/9.0 (Application Server Software). It has been classified as problematic. Affected is some unknown processing of the component Network Deployment. There is no information about...
Auteur: VulDB

CERTFR-2021-ACT-024 : Bulletin d’actualité CERTFR-2021-ACT-024 (07 juin 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-ALE-011 : Vulnérabilité dans VMware vCenter Server (07 juin 2021)

Le 25 mai 2021, VMware a publié un correctif pour la vulnérabilité CVE-2021-21985 affectant le greffon Virtual SAN Health Check qui est installé par défaut dans vCenter Server. L'exploitation de cette vulnérabilité permet à un attaquant non...
Auteur: Cert FR

CERTFR-2021-AVI-439 : Vulnérabilité dans Microsoft Edge (07 juin 2021)

Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-438 : Vulnérabilité dans PostgreSQL Partition Manager (07 juin 2021)

Une vulnérabilité a été découverte dans PostgreSQL Partition Manager. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-AVI-437 : Multiples vulnérabilités dans le noyau Linux de SUSE (07 juin 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-436 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (07 juin 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

Nginx up to 1.13.5 Autoindex Module integer overflow

A vulnerability was found in Nginx up to 1.13.5 (Web Server) and classified as critical. This issue affects an unknown code block of the component Autoindex Module. Upgrading to version 1.13.6 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

2sic 2sxc up to 11.21 dnn/ui.html sxcver cross site scripting

A vulnerability has been found in 2sic 2sxc up to 11.21 and classified as problematic. This vulnerability affects an unknown code of the file dnn/ui.html. Upgrading to version 11.22 eliminates this vulnerability.
Auteur: VulDB

Tencent GameLoop up to 4.1.21.89 Update cleartext transmission

A vulnerability, which was classified as problematic, was found in Tencent GameLoop up to 4.1.21.89. This affects an unknown part of the component Update Handler. Upgrading to version 4.1.21.90 eliminates this vulnerability.
Auteur: VulDB
First14151617181920212223Last

Événements SSI