Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

EPrints 3.4.2 Latex cgi/latex2png Remote Privilege Escalation

A vulnerability classified as critical has been found in EPrints 3.4.2. This affects an unknown code of the file cgi/latex2png?latex of the component Latex Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

WPS Hide Login 1.6.1 post_password protection mechanism

A vulnerability was found in WPS Hide Login 1.6.1. It has been rated as critical. Affected by this issue is the function post_password. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

rakibtg Docker Dashboard API terminal.js command os command injection

A vulnerability was found in rakibtg Docker Dashboard (Virtualization Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the file backend/utilities/terminal.js...
Auteur: VulDB

YMFE YApi up to 1.9.2 JSON Web Token random values

A vulnerability was found in YMFE YApi up to 1.9.2. It has been classified as problematic. Affected is an unknown functionality of the component JSON Web Token Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Veritas Backup Exec up to 21.1 TLS Communication improper authentication

A vulnerability was found in Veritas Backup Exec up to 21.1 (Backup Software) and classified as critical. This issue affects an unknown function of the component TLS Communication Handler. Upgrading to version 21.2 eliminates this vulnerability.
Auteur: VulDB

Veritas Backup Exec up to 21.1 SHA Authentication improper authentication

A vulnerability has been found in Veritas Backup Exec up to 21.1 (Backup Software) and classified as critical. This vulnerability affects some unknown processing of the component SHA Authentication. Upgrading to version 21.2 eliminates this...
Auteur: VulDB

Veritas Backup Exec up to 21.1 TLS Communication input improper authentication

A vulnerability, which was classified as critical, was found in Veritas Backup Exec up to 21.1 (Backup Software). This affects an unknown code block of the component TLS Communication Handler. Upgrading to version 21.2 eliminates this...
Auteur: VulDB

Doctor Appointment System 1.0 contactus.php lastname cross site scripting

A vulnerability, which was classified as problematic, has been found in Doctor Appointment System 1.0 (Appointment Software). Affected by this issue is an unknown code of the file contactus.php. There is no information about possible...
Auteur: VulDB

Doctor Appointment System 1.0 contactus.php comment cross site scripting

A vulnerability classified as problematic was found in Doctor Appointment System 1.0 (Appointment Software). Affected by this vulnerability is an unknown part of the file contactus.php. There is no information about possible countermeasures...
Auteur: VulDB

EPrints 3.4.2 cgi/toolbox/toolbox verb Remote Privilege Escalation

A vulnerability classified as critical has been found in EPrints 3.4.2. Affected is some unknown functionality of the file cgi/toolbox/toolbox. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

EPrints 3.4.2 JSON cgi/ajax/phrase Remote Privilege Escalation

A vulnerability was found in EPrints 3.4.2. It has been rated as critical. This issue affects an unknown functionality of the file cgi/ajax/phrase of the component JSON Handler. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

EPrints 3.4.2 cgi/dataset_dictionary dataset cross site scripting

A vulnerability was found in EPrints 3.4.2. It has been declared as problematic. This vulnerability affects an unknown function of the file cgi/dataset_dictionary. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

EPrints 3.4.2 Latex cgi/cal os command injection

A vulnerability was found in EPrints 3.4.2. It has been classified as critical. This affects some unknown processing of the file cgi/cal?year of the component Latex Handler. Applying a patch is able to eliminate this problem. The bugfix is ready...
Auteur: VulDB

EPrints 3.4.2 cgi/cal cross site scripting

A vulnerability was found in EPrints 3.4.2 and classified as problematic. Affected by this issue is an unknown code block of the file cgi/cal. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

object-collider 1.0.0/1.0.1/1.0.2/1.0.3 Prototype code injection

A vulnerability has been found in object-collider 1.0.0/1.0.1/1.0.2/1.0.3 and classified as critical. Affected by this vulnerability is an unknown code of the component Prototype Handler. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.0.21 Server Module Remote Privilege Escalation

A vulnerability, which was classified as critical, was found in ONLYOFFICE DocumentServer up to 5.6.0.21. Affected is an unknown part of the component Server Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 6.0.0 Core Module heap-based overflow

A vulnerability, which was classified as critical, has been found in ONLYOFFICE DocumentServer up to 6.0.0. This issue affects some unknown functionality of the component Core Module. There is no information about possible countermeasures known....
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Core Module Remote Privilege Escalation

A vulnerability classified as critical was found in ONLYOFFICE DocumentServer up to 5.6.3. This vulnerability affects an unknown functionality of the component Core Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.4 Core Module Remote Privilege Escalation

A vulnerability classified as critical has been found in ONLYOFFICE DocumentServer up to 5.6.4. This affects an unknown function of the component Core Module. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ONLYOFFICE DocumentServer up to 5.6.3 Code Module denial of service

A vulnerability was found in ONLYOFFICE DocumentServer up to 5.6.3. It has been rated as problematic. Affected by this issue is some unknown processing of the component Code Module. There is no information about possible countermeasures known. It...
Auteur: VulDB

VMware Spring-integration-zip up to 1.0.3 Incomplete Fix CVE-2018-1263 path traversal

A vulnerability was found in VMware Spring-integration-zip up to 1.0.3. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Incomplete Fix CVE-2018-1263. Upgrading to version 1.0.4 eliminates...
Auteur: VulDB

Dell EMC SRS Policy Manager 6.x XML Parser xml external entity reference

A vulnerability was found in Dell EMC SRS Policy Manager 6.x (Policy Management Software). It has been classified as critical. Affected is an unknown code of the component XML Parser. There is no information about possible countermeasures known....
Auteur: VulDB

Dell EMC SourceOne up to 7.2SP10 cross site scripting [CVE-2021-21515]

A vulnerability was found in Dell EMC SourceOne up to 7.2SP10 and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Apache AsterixDB UDF Deployment path traversal [CVE-2020-9479]

A vulnerability has been found in Apache AsterixDB (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component UDF Deployment Handler. Applying the patch...
Auteur: VulDB

MongoDB up to 3.6.20/4.0.19 Regex denial of service

A vulnerability, which was classified as problematic, was found in MongoDB up to 3.6.20/4.0.19 (Database Software). This affects an unknown functionality of the component Regex Handler. Upgrading to version 3.6.21 or 4.0.20 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI