Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

EPrints 3.4.2 cgi/cal cross site scripting

A vulnerability was found in EPrints 3.4.2 and classified as problematic. Affected by this issue is an unknown code block of the file cgi/cal. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

object-collider 1.0.0/1.0.1/1.0.2/1.0.3 Prototype code injection

A vulnerability has been found in object-collider 1.0.0/1.0.1/1.0.2/1.0.3 and classified as critical. Affected by this vulnerability is an unknown code of the component Prototype Handler. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.0.21 Server Module Remote Privilege Escalation

A vulnerability, which was classified as critical, was found in ONLYOFFICE DocumentServer up to 5.6.0.21. Affected is an unknown part of the component Server Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 6.0.0 Core Module heap-based overflow

A vulnerability, which was classified as critical, has been found in ONLYOFFICE DocumentServer up to 6.0.0. This issue affects some unknown functionality of the component Core Module. There is no information about possible countermeasures known....
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Core Module Remote Privilege Escalation

A vulnerability classified as critical was found in ONLYOFFICE DocumentServer up to 5.6.3. This vulnerability affects an unknown functionality of the component Core Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.4 Core Module Remote Privilege Escalation

A vulnerability classified as critical has been found in ONLYOFFICE DocumentServer up to 5.6.4. This affects an unknown function of the component Core Module. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Code Module denial of service

A vulnerability was found in ONLYOFFICE DocumentServer up to 5.6.3. It has been rated as problematic. Affected by this issue is some unknown processing of the component Code Module. There is no information about possible countermeasures known. It...
Auteur: VulDB

VMware Spring-integration-zip up to 1.0.3 Incomplete Fix CVE-2018-1263 path traversal

A vulnerability was found in VMware Spring-integration-zip up to 1.0.3. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Incomplete Fix CVE-2018-1263. Upgrading to version 1.0.4 eliminates...
Auteur: VulDB

Dell EMC SRS Policy Manager 6.x XML Parser xml external entity reference

A vulnerability was found in Dell EMC SRS Policy Manager 6.x (Policy Management Software). It has been classified as critical. Affected is an unknown code of the component XML Parser. There is no information about possible countermeasures known....
Auteur: VulDB

Dell EMC SourceOne up to 7.2SP10 cross site scripting [CVE-2021-21515]

A vulnerability was found in Dell EMC SourceOne up to 7.2SP10 and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Apache AsterixDB UDF Deployment path traversal [CVE-2020-9479]

A vulnerability has been found in Apache AsterixDB (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component UDF Deployment Handler. Applying the patch...
Auteur: VulDB

MongoDB up to 3.6.20/4.0.19 Regex denial of service

A vulnerability, which was classified as problematic, was found in MongoDB up to 3.6.20/4.0.19 (Database Software). This affects an unknown functionality of the component Regex Handler. Upgrading to version 3.6.21 or 4.0.20 eliminates this...
Auteur: VulDB

Crowd up to 4.0.3/4.1.1 ResourceDownloadRewriteRule path traversal

A vulnerability, which was classified as critical, has been found in Crowd up to 4.0.3/4.1.1. Affected by this issue is the function ResourceDownloadRewriteRule. Upgrading to version 4.0.4 or 4.1.2 eliminates this vulnerability.
Auteur: VulDB

MongoDB up to 3.6.10/4.0.5 Generic Explain Command denial of service

A vulnerability classified as problematic was found in MongoDB up to 3.6.10/4.0.5 (Database Software). Affected by this vulnerability is some unknown processing of the component Generic Explain Command Handler. Upgrading to version 3.6.11 or...
Auteur: VulDB

Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 Incomplete Fix CVE-2020-9484 deserialization

A vulnerability classified as critical has been found in Apache Tomcat up to 7.0.107/8.5.61/9.0.41/10.0.0-M1 (Application Server Software). Affected is an unknown code block of the component Incomplete Fix CVE-2020-9484.
Auteur: VulDB

Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 h2c Connection information disclosure

A vulnerability was found in Apache Tomcat up to 8.5.61/9.0.41/10.0.0-M1 (Application Server Software). It has been rated as problematic. This issue affects an unknown code of the component h2c Connection Handler. There is no information about...
Auteur: VulDB

Dataiku DSS up to 8.0.5 Project access control

A vulnerability was found in Dataiku DSS up to 8.0.5. It has been declared as critical. This vulnerability affects an unknown part of the component Project Handler. Upgrading to version 8.0.6 eliminates this vulnerability.
Auteur: VulDB

SerComm Combo VD625 AGSOT_2.1.0 HTTP Header Content-Disposition injection

A vulnerability was found in SerComm Combo VD625 AGSOT_2.1.0. It has been classified as critical. This affects some unknown functionality of the component HTTP Header Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SaltStack Salt prior 3002.5 SSH Client an os command injection

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown functionality of the component SSH Client. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

i-doit up to 1.15.x cross site scripting [CVE-2021-3151]

A vulnerability has been found in i-doit up to 1.15.x and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 API salt/utils/thin.py salt.utils.thin.gen_thin command injection

A vulnerability, which was classified as critical, was found in SaltStack Salt. Affected is the function salt.utils.thin.gen_thin of the file salt/utils/thin.py of the component API. Upgrading to version 3002.5 eliminates this vulnerability. The...
Auteur: VulDB

SaltStack Salt prior 3002.5 eauth Token unknown vulnerability

A vulnerability, which was classified as critical, has been found in SaltStack Salt. This issue affects an unknown code block of the component eauth Token Handler. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

wpa_supplicant up to 2.9 P2P Provision Discovery Request p2p/p2p_pd.c denial of service

A vulnerability classified as problematic was found in wpa_supplicant up to 2.9. This vulnerability affects an unknown code of the file p2p/p2p_pd.c of the component P2P Provision Discovery Request Handler. Upgrading to version 2.10 eliminates...
Auteur: VulDB

Zint Barcode Generator 2.19.1 C API backend/upcean.c ean_leading_zeroes buffer overflow

A vulnerability classified as critical has been found in Zint Barcode Generator 2.19.1. This affects the function ean_leading_zeroes of the file backend/upcean.c of the component C API. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Visualware MyConnection Server up to 11.0b Build 5382 Web Service myspeed/sf unrestricted upload

A vulnerability was found in Visualware MyConnection Server up to 11.0b Build 5382. It has been rated as critical. Affected by this issue is some unknown functionality of the file myspeed/sf?filename= of the component Web Service. There is no...
Auteur: VulDB
12345678910Last

Événements SSI