Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Nextcloud Desktop Client 2.6.4 Cleartext weak encryption

A vulnerability was found in Nextcloud Desktop Client 2.6.4 (Cloud Software). It has been classified as problematic. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Node.js up to 12.18.3/14.10 HTTP Header privilege escalation

A vulnerability was found in Node.js up to 12.18.3/14.10 (JavaScript Library) and classified as critical. This issue affects an unknown code. Upgrading to version 12.18.4 or 14.11.0 eliminates this vulnerability.
Auteur: VulDB

Citrix Storefront Server prior 1912.0.1000 information disclosure

A vulnerability has been found in Citrix Storefront Server (Connectivity Software) and classified as problematic. This vulnerability affects an unknown part. Upgrading to version 1912.0.1000 eliminates this vulnerability.
Auteur: VulDB

TypeORM up to 0.2.24 Object Prototype privilege escalation

A vulnerability, which was classified as critical, was found in TypeORM up to 0.2.24. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Puppet Enterprise 4.0.1 CD4PE Deployment Definition Credentials information disclosure

A vulnerability, which was classified as problematic, has been found in Puppet Enterprise 4.0.1. Affected by this issue is an unknown functionality of the component CD4PE Deployment Definition Handler. There is no information about possible...
Auteur: VulDB

Spring Framework up to 4.3.28/5.0.18/5.1.17/5.2.8 RFD Parameter privilege escalation

A vulnerability classified as critical was found in Spring Framework up to 4.3.28/5.0.18/5.1.17/5.2.8. Affected by this vulnerability is an unknown function of the component RFD Handler. There is no information about possible countermeasures...
Auteur: VulDB

InstallBuilder for Qt Windows up to 20.6.x Installer Code Execution

A vulnerability classified as critical has been found in InstallBuilder for Qt Windows up to 20.6.x. Affected is some unknown processing of the component Installer. Upgrading to version 20.7.0 eliminates this vulnerability.
Auteur: VulDB

MISP prior 2.4.132 Login Page privilege escalation

A vulnerability was found in MISP. It has been rated as critical. This issue affects an unknown code block of the component Login Page. Upgrading to version 2.4.132 eliminates this vulnerability.
Auteur: VulDB

RESTEasy up to 4.5.6.Final Client information disclosure

A vulnerability was found in RESTEasy up to 4.5.6.Final. It has been declared as problematic. This vulnerability affects an unknown code of the component Client. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Philips Collaboration Platform up to 12.2.1 information disclosure

A vulnerability was found in Philips Collaboration Platform up to 12.2.1 (Groupware Software). It has been classified as problematic. This affects an unknown part. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

eWON Flexy and Cosy up to 14.1 Wildcard Cross-Origin privilege escalation

A vulnerability was found in eWON Flexy and Cosy up to 14.1 and classified as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Philips Collaboration Platform up to 12.2.1 Resource Exhaustion denial of service

A vulnerability has been found in Philips Collaboration Platform up to 12.2.1 (Groupware Software) and classified as problematic. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Philips Collaboration Platform up to 12.2.1 weak authentication

A vulnerability, which was classified as critical, was found in Philips Collaboration Platform up to 12.2.1 (Groupware Software). Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

SOY CMS up to 3.0.2 File Upload cross site scripting

A vulnerability, which was classified as problematic, has been found in SOY CMS up to 3.0.2 (Content Management System). This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Alfresco Reset Password Add-On up to 1.1.x privilege escalation

A vulnerability classified as critical was found in Alfresco Reset Password Add-On up to 1.1.x. This vulnerability affects an unknown code block. Upgrading to version 1.2.0 eliminates this vulnerability.
Auteur: VulDB

Philips Collaboration Platform up to 12.2.0 cross site scripting

A vulnerability classified as problematic has been found in Philips Collaboration Platform up to 12.2.0 (Groupware Software). This affects an unknown code. Upgrading to version 12.2.1 eliminates this vulnerability.
Auteur: VulDB

Philips Collaboration Platform up to 12.2.1 privilege escalation

A vulnerability was found in Philips Collaboration Platform up to 12.2.1 (Groupware Software). It has been rated as critical. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Linux Kernel up to 5.9.rc4 Screen Size Out-of-Bounds memory corruption

A vulnerability was found in Linux Kernel up to 5.9.rc4. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Screen Size Handler. Upgrading to version 5.9.rc5 eliminates this...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 RSS to SMS Module XML File Server-Side Request Forgery

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6. It has been classified as critical. Affected is an unknown functionality of the component RSS to SMS Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Ozeki NG SMS Gateway up to 4.17.6 ASP.NET SMS Module privilege escalation

A vulnerability was found in Ozeki NG SMS Gateway up to 4.17.6 and classified as critical. This issue affects an unknown function of the component ASP.NET SMS Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Operation Agent up to 12.10 privilege escalation

A vulnerability has been found in Micro Focus Operation Agent up to 12.10 and classified as critical. This vulnerability affects some unknown processing. Upgrading to version 12.11 eliminates this vulnerability.
Auteur: VulDB

HPE Universal API Framework 2.5.2 sql injection [CVE-2020-24623]

A vulnerability, which was classified as critical, was found in HPE Universal API Framework 2.5.2 (Automation Software). This affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SOY CMS up to 3.0.2.327 Inquiry Form Remote Code Execution

A vulnerability, which was classified as critical, has been found in SOY CMS up to 3.0.2.327 (Content Management System). Affected by this issue is an unknown code of the component Inquiry Form Handler. Upgrading to version 3.0.2.328 eliminates...
Auteur: VulDB

Google Android 11.0 NetworkStackNotifier privilege escalation

A vulnerability classified as critical was found in Google Android 11.0 (Smartphone Operating System). Affected by this vulnerability is an unknown part of the component NetworkStackNotifier. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 netd Out-of-Bounds denial of service

A vulnerability classified as problematic has been found in Google Android 11.0 (Smartphone Operating System). Affected is some unknown functionality of the component netd. Applying a patch is able to eliminate this problem.
Auteur: VulDB
12345678910Last

Événements SSI