Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CODESYS Gateway up to 3.5.16.x denial of service [CVE-2021-29241]

A vulnerability, which was classified as problematic, has been found in CODESYS Gateway up to 3.5.16.x. This issue affects an unknown code block. Upgrading to version 3.5.17.0 eliminates this vulnerability.
Auteur: VulDB

CODESYS Development System up to 3.5.16.x Library injection

A vulnerability classified as problematic was found in CODESYS Development System up to 3.5.16.x. This vulnerability affects an unknown code of the component Library Handler. Upgrading to version 3.5.17.0 eliminates this vulnerability.
Auteur: VulDB

Amazon Web Services FreeRTOS up to 10.4.2 heap-based overflow

A vulnerability classified as critical has been found in Amazon Web Services FreeRTOS up to 10.4.2. This affects an unknown part. Upgrading to version 10.4.3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Libre Wireless LS9 LS1.5-p7040 Web Interface improper authentication

A vulnerability was found in Libre Wireless LS9 LS1.5-p7040. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Interface. Addressing this vulnerability is possible by firewalling .
Auteur: VulDB

Libre Wireless LS9 LS1.5-p7040 luci_service Daemon information disclosure

A vulnerability was found in Libre Wireless LS9 LS1.5-p7040. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component luci_service Daemon. Proper firewalling of is able to address this issue.
Auteur: VulDB

Libre Wireless LS9 LS1.5-p7040 luci_service Daemon Read_ information disclosure

A vulnerability was found in Libre Wireless LS9 LS1.5-p7040. It has been classified as problematic. Affected is the function Read_ of the component luci_service Daemon. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

JEECG up to 4.0 jeecgFormDemoController.do unrestricted upload

A vulnerability was found in JEECG up to 4.0 and classified as critical. This issue affects some unknown processing of the file jeecgFormDemoController.do?commonUpload. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OPNsense up to 20.1.5 Login Page url redirect

A vulnerability has been found in OPNsense up to 20.1.5 and classified as critical. This vulnerability affects an unknown code block of the component Login Page. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

MikroTik RouterOS up to 6.46.4 Traceroute /nova/bin/traceroute memory corruption

A vulnerability, which was classified as critical, was found in MikroTik RouterOS up to 6.46.4 (Router Operating System). This affects an unknown code of the file /nova/bin/traceroute of the component Traceroute Handler. Upgrading to version...
Auteur: VulDB

MikroTik RouterOS 6.44.6 Traceroute /nova/bin/traceroute memory corruption

A vulnerability, which was classified as critical, has been found in MikroTik RouterOS 6.44.6 (Router Operating System). Affected by this issue is an unknown part of the file /nova/bin/traceroute of the component Traceroute Handler. There is no...
Auteur: VulDB

Libre Wireless LS9 LS1.5-p7040 ADB over TCP improper authentication

A vulnerability classified as critical was found in Libre Wireless LS9 LS1.5-p7040. Affected by this vulnerability is some unknown functionality of the component ADB over TCP. Proper firewalling of is able to address this issue.
Auteur: VulDB

OctoberCMS up to 1.1.1 Safe Mode permission

A vulnerability classified as critical has been found in OctoberCMS up to 1.1.1. Affected is an unknown functionality of the component Safe Mode. Upgrading to version 1.1.2 eliminates this vulnerability.
Auteur: VulDB

mixme up to 0.5.0 on Node.js mutate/merge denial of service

A vulnerability was found in mixme up to 0.5.0 on Node.js (JavaScript Library). It has been rated as problematic. This issue affects the function mutate/merge. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

LibreOffice up to 7.0.4/7.1.1 Denylist ShellExecute incomplete blacklist

A vulnerability was found in LibreOffice up to 7.0.4/7.1.1 (Office Suite Software). It has been declared as critical. This vulnerability affects the function ShellExecute of the component Denylist. Upgrading to version 7.0.5 or 7.1.2 eliminates...
Auteur: VulDB

gnuplot Package up to 0.9.x on Node.js os command injection [CVE-2021-29369]

A vulnerability was found in gnuplot Package up to 0.9.x on Node.js (JavaScript Library). It has been classified as critical. This affects an unknown code block. Upgrading to version 0.1.0 eliminates this vulnerability. Applying a patch is able...
Auteur: VulDB

CERTFR-2021-AVI-335 : Multiples vulnérabilités dans Pulse Connect Secure (03 mai 2021)

De multiples vulnérabilités ont été découvertes dans Pulse Connect Secure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

algorithmica Crate up to 2021-03-07 on Rust merge_sort::merge double free

A vulnerability was found in algorithmica Crate up to 2021-03-07 on Rust (Rust Package) and classified as critical. Affected by this issue is the function merge_sort::merge. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2021-AVI-334 : Vulnérabilité dans Qnap QTS (03 mai 2021)

Une vulnérabilité a été découverte dans Qnap QTS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2021-AVI-333 : Vulnérabilité dans MongoDB Server (03 mai 2021)

Une vulnérabilité a été découverte dans MongoDB mongod. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2021-AVI-332 : Vulnérabilité dans IBM Db2 (03 mai 2021)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Apache Airflow up to 1.10.14/2.0.1 /trigger origin cross site scripting

A vulnerability has been found in Apache Airflow up to 1.10.14/2.0.1 and classified as problematic. Affected by this vulnerability is an unknown part of the file /trigger. Upgrading to version 1.10.15 or 2.0.2 eliminates this vulnerability.
Auteur: VulDB

Amazon AWS Cognito password recovery

A vulnerability, which was classified as problematic, was found in Amazon AWS Cognito (version unknown). Affected is some unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just...
Auteur: VulDB

OX Software OX App Suite up to 7.10.4 Distribution List common name cross site scripting

A vulnerability, which was classified as problematic, has been found in OX Software OX App Suite up to 7.10.4. This issue affects an unknown functionality of the component Distribution List Handler. There is no information about possible...
Auteur: VulDB

OX Software OX App Suite up to 7.10.4 Contact Object position/company cross site scripting

A vulnerability classified as problematic was found in OX Software OX App Suite up to 7.10.4. This vulnerability affects an unknown function of the component Contact Object Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

SuiteCRM up to 7.11.18 Client Account Page name cross site scripting

A vulnerability classified as problematic has been found in SuiteCRM up to 7.11.18. This affects some unknown processing of the component Client Account Page. Upgrading to version 7.11.19 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB
12345678910Last

Événements SSI