Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Jenkins up to 2.251/LTS 2.235.3 Tooltip Stored cross site scripting

A vulnerability classified as problematic has been found in Jenkins up to 2.251/LTS 2.235.3 (Continuous Integration Software). This affects an unknown function of the component Tooltip Handler. There is no information about possible...
Auteur: VulDB

Palo Alto PAN-OS Policy Enforcement Handshake privilege escalation

A vulnerability was found in Palo Alto PAN-OS (Firewall Software) (affected version not known). It has been rated as critical. Affected by this issue is some unknown processing of the component Policy Enforcement. There is no information about...
Auteur: VulDB

Artica Web Proxy 4.30.00000000 Privileges fw.login.php apikey sql injection

A vulnerability was found in Artica Web Proxy 4.30.00000000. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file fw.login.php of the component Privileges. There is no information about possible...
Auteur: VulDB

Artica Web Proxy 4.30.000000 cyrus.php service-cmds command injection

A vulnerability was found in Artica Web Proxy 4.30.000000 (Firewall Software). It has been classified as critical. Affected is an unknown code of the file cyrus.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

iNet wireless daemon up to 1.8 EAPOL Message eapol.c privilege escalation

A vulnerability was found in iNet wireless daemon up to 1.8 and classified as critical. This issue affects an unknown part of the file eapol.c of the component EAPOL Message Handler. There is no information about possible countermeasures known....
Auteur: VulDB

vBulletin up to 5.6.2 Incomplete Fix CVE-2019-16759 widget_tabbedcontainer_tab_panel Request privilege escalation

A vulnerability has been found in vBulletin up to 5.6.2 (Forum Software) and classified as critical. This vulnerability affects some unknown functionality of the file ajax/render/widget_tabbedcontainer_tab_panel of the component Incomplete Fix...
Auteur: VulDB

asyncpg up to 0.20.x Server Response memory corruption

A vulnerability, which was classified as critical, was found in asyncpg up to 0.20.x. This affects an unknown functionality of the component Server Response Handler. Upgrading to version 0.21.0 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 10.0.x sql injection [CVE-2020-17373]

A vulnerability, which was classified as critical, has been found in SugarCRM up to 10.0.x. Affected by this issue is an unknown function. Upgrading to version 10.1.0 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 10.0.x cross site scripting [CVE-2020-17372]

A vulnerability classified as problematic was found in SugarCRM up to 10.0.x. Affected by this vulnerability is some unknown processing. Upgrading to version 10.1.0 eliminates this vulnerability.
Auteur: VulDB

MantisBT up to 2.24.1 view_all_bug_page.php cross site scripting

A vulnerability classified as problematic has been found in MantisBT up to 2.24.1. Affected is an unknown code block of the file view_all_bug_page.php. Upgrading to version 2.24.2 eliminates this vulnerability.
Auteur: VulDB

Roundcube Webmail up to 1.4.7 Message Display SVG Document Stored cross site scripting

A vulnerability was found in Roundcube Webmail up to 1.4.7. It has been rated as problematic. This issue affects an unknown code of the component Message Display. Upgrading to version 1.4.8 eliminates this vulnerability.
Auteur: VulDB

HoRNDIS RNDIS Packet Parser HoRNDIS::receivePacket` Negative Value Integer Overflow memory corruption

A vulnerability was found in HoRNDIS (the affected version is unknown). It has been declared as problematic. This vulnerability affects the function HoRNDIS::receivePacket` of the component RNDIS Packet Parser. There is no information about...
Auteur: VulDB

GitLab up to 13.2.2 Sharing privilege escalation

A vulnerability was found in GitLab up to 13.2.2. It has been classified as critical. This affects some unknown functionality of the component Sharing Handler. Upgrading to version 13.2.3 eliminates this vulnerability.
Auteur: VulDB

GitLab up to 13.0.11/13.1.5/13.2.2 Access Control privilege escalation

A vulnerability was found in GitLab up to 13.0.11/13.1.5/13.2.2 and classified as critical. Affected by this issue is an unknown functionality of the component Access Control. Upgrading to version 13.0.12, 13.1.6 or 13.2.3 eliminates this...
Auteur: VulDB

GitLab up to 13.0.11/13.1.5/13.2.2 CI-CD Jobs Page Stored cross site scripting

A vulnerability has been found in GitLab up to 13.0.11/13.1.5/13.2.2 and classified as problematic. Affected by this vulnerability is an unknown function of the component CI-CD Jobs Page. Upgrading to version 13.0.12, 13.1.6 or 13.2.3 eliminates...
Auteur: VulDB

RosarioSIS Student Information System up to 6.5.0 Modules.php GET Request Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in RosarioSIS Student Information System up to 6.5.0. Affected is some unknown processing of the file Modules.php. Upgrading to version 6.5.1 eliminates this vulnerability.
Auteur: VulDB

Dovecot prior 2.3.11.3 RPA Request Crash denial of service

A vulnerability, which was classified as problematic, has been found in Dovecot. This issue affects an unknown code block of the component RPA Request Handler. Upgrading to version 2.3.11.3 eliminates this vulnerability.
Auteur: VulDB

Dovecot prior 2.3.11.3 NTLM Request Out-of-Bounds denial of service

A vulnerability classified as problematic was found in Dovecot. This vulnerability affects an unknown code of the component NTLM Handler. Upgrading to version 2.3.11.3 eliminates this vulnerability.
Auteur: VulDB

Dovecot prior 2.3.11.3 Submission/lmtp/lda Recursion denial of service

A vulnerability classified as problematic has been found in Dovecot. This affects an unknown part of the component Submission/lmtp/lda. Upgrading to version 2.3.11.3 eliminates this vulnerability.
Auteur: VulDB

Adobe Acrobat Reader Use-After-Free memory corruption [CVE-2020-9722]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074 (Document Reader Software). It has been rated as critical. Affected by this issue is some unknown functionality. Upgrading to...
Auteur: VulDB

Adobe Acrobat Reader Use-After-Free memory corruption [CVE-2020-9715]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality....
Auteur: VulDB

Adobe Acrobat Reader Code Execution memory corruption [CVE-2020-9704]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074 (Document Reader Software). It has been classified as critical. Affected is an unknown function. Upgrading to version...
Auteur: VulDB

Adobe Acrobat Reader Code Execution memory corruption [CVE-2020-9701]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074 (Document Reader Software) and classified as critical. This issue affects some unknown processing. Upgrading to version...
Auteur: VulDB

Adobe Acrobat Reader Code Execution memory corruption [CVE-2020-9700]

A vulnerability has been found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074 (Document Reader Software) and classified as critical. This vulnerability affects an unknown code block. Upgrading to version...
Auteur: VulDB

Adobe Acrobat Reader Code Execution memory corruption [CVE-2020-9699]

A vulnerability, which was classified as critical, was found in Adobe Acrobat Reader up to 2015.006.30523/2017.011.30171/2020.001.30002/2020.009.20074. This affects an unknown code. Upgrading to version 2015.006.30527, 2017.011.30175,...
Auteur: VulDB
12345678910Last

Événements SSI