Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

markdown2 up to 2.3.x Regular Expression denial of service

A vulnerability was found in markdown2 up to 2.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Regular Expression Handler. Upgrading to version 2.4.0 eliminates this vulnerability....
Auteur: VulDB

Trend Micro Visua Scan API/Advanced Threat Scan Engine File denial of service

A vulnerability was found in Trend Micro Visua Scan API and Advanced Threat Scan Engine (Automation Software) (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the...
Auteur: VulDB

Node.js up to 10.23.x/12.20.x/14.15.x/15.9.x DNS Server /etc/hosts dns rebinding

A vulnerability was found in Node.js up to 10.23.x/12.20.x/14.15.x/15.9.x (JavaScript Library). It has been classified as critical. Affected is an unknown function of the file /etc/hosts of the component DNS Server Handler. Upgrading to version...
Auteur: VulDB

Node.js up to 10.23.x/12.20.x/14.15.x/15.9.x File Descriptor Limit resource consumption

A vulnerability was found in Node.js up to 10.23.x/12.20.x/14.15.x/15.9.x (JavaScript Library) and classified as problematic. This issue affects some unknown processing of the component File Descriptor Limit Handler. Upgrading to version 10.24.0,...
Auteur: VulDB

Nextcloud Server up to 20.0.5 Notification OC.Notification.show cross site scripting

A vulnerability has been found in Nextcloud Server up to 20.0.5 (Cloud Software) and classified as problematic. This vulnerability affects an unknown code block of the component Notification Handler. Upgrading to version 20.0.6 eliminates this...
Auteur: VulDB

CERTFR-2021-AVI-162 : Multiples vulnérabilités dans Google Chrome (04 mars 2021)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

 

Auteur: Cert FR

NextCloud up to 20.0.5 access control [CVE-2021-22877]

A vulnerability, which was classified as critical, was found in NextCloud up to 20.0.5 (Cloud Software). This affects an unknown code. Upgrading to version 20.0.6 eliminates this vulnerability. Applying a patch is able to eliminate this problem....
Auteur: VulDB

Fatek FvDesigner up to 1.5.76 Project File out-of-bounds write

A vulnerability, which was classified as critical, has been found in Fatek FvDesigner up to 1.5.76. Affected by this issue is an unknown part of the component Project File Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Rockwell Automation Studio 5000 Logix Designer/RSLogix 5000 insufficiently protected credentials

A vulnerability classified as critical was found in Rockwell Automation Studio 5000 Logix Designer and RSLogix 5000 (Automation Software) (affected version unknown). Affected by this vulnerability is some unknown functionality. There is no...
Auteur: VulDB

Fatek FvDesigner up to 1.5.76 Project File uninitialized pointer

A vulnerability classified as critical has been found in Fatek FvDesigner up to 1.5.76. Affected is an unknown functionality of the component Project File Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Fatek FvDesigner up to 1.5.76 Project File stack-based overflow

A vulnerability was found in Fatek FvDesigner up to 1.5.76. It has been rated as critical. This issue affects an unknown function of the component Project File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Fatek FvDesigner up to 1.5.76 Project File use after free

A vulnerability was found in Fatek FvDesigner up to 1.5.76. It has been declared as critical. This vulnerability affects some unknown processing of the component Project File Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Fatek FvDesigner up to 1.5.76 Project File out-of-bounds read

A vulnerability was found in Fatek FvDesigner up to 1.5.76. It has been classified as critical. This affects an unknown code block of the component Project File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition 13.0 Branch Log information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition 13.0 (Bug Tracking Software) and classified as problematic. Affected by this issue is an unknown code of the component Branch Log Handler. There is no information about...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition 13.7 Merge Request cross site scripting

A vulnerability has been found in GitLab Community Edition and Enterprise Edition 13.7 (Bug Tracking Software) and classified as problematic. Affected by this vulnerability is an unknown part of the component Merge Request Handler. There is no...
Auteur: VulDB

Bitnami Docker Container /tmp/app/.env APP_KEY random values

A vulnerability, which was classified as problematic, was found in Bitnami Docker Container (Virtualization Software). Affected is some unknown functionality of the file /tmp/app/.env. Upgrading to version 6.20.0-debian-10-r107,...
Auteur: VulDB

VMware View Planner up to 4.6 logupload Web Application improper authorization

A vulnerability, which was classified as critical, has been found in VMware View Planner up to 4.6. This issue affects an unknown functionality of the component logupload Web Application. Applying the patch 4.6 Security Patch 1 is able to...
Auteur: VulDB

DataDog API Client Java up to 1.0.0-beta.8 Temporary Files prepareDownloadFilecreates temp file

A vulnerability classified as problematic was found in DataDog API Client Java up to 1.0.0-beta.8 (Network Management Software). This vulnerability affects the function prepareDownloadFilecreates of the component Temporary Files Handler....
Auteur: VulDB

GLPI up to 9.5.3 Ticket Update cross site scripting

A vulnerability classified as problematic has been found in GLPI up to 9.5.3 (Asset Management Software). This affects some unknown processing of the component Ticket Update Handler. Upgrading to version 9.5.4 eliminates this vulnerability. The...
Auteur: VulDB

GLPI up to 9.5.3 /ajax/common.tabs.php _target/id cross site scripting

A vulnerability was found in GLPI up to 9.5.3 (Asset Management Software). It has been rated as problematic. Affected by this issue is an unknown code block of the file /ajax/common.tabs.php. Upgrading to version 9.5.4 eliminates this...
Auteur: VulDB

GLPI up to 9.5.3 Document Upload /front/document.form.php cross site scripting

A vulnerability was found in GLPI up to 9.5.3 (Asset Management Software). It has been declared as problematic. Affected by this vulnerability is an unknown code of the file /front/document.form.php of the component Document Upload. Upgrading to...
Auteur: VulDB

IBM Security Verify Bridge external hard-coded credentials [CVE-2021-20442]

A vulnerability was found in IBM Security Verify Bridge (version unknown). It has been classified as problematic. Affected is an unknown part of the component external. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Security Verify Bridge inadequate encryption [CVE-2021-20441]

A vulnerability was found in IBM Security Verify Bridge (unknown version) and classified as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

grub2 up to 2.05 Calculation Setparam_prefix out-of-bounds write

A vulnerability has been found in grub2 up to 2.05 and classified as critical. This vulnerability affects the function Setparam_prefix of the component Calculation Handler. Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB

grub2 up to 2.05 Options out-of-bounds write

A vulnerability, which was classified as critical, was found in grub2 up to 2.05. This affects an unknown function of the component Options Handler. Upgrading to version 2.06 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI