Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Node-Red up to 1.2.7 Projects API path traversal

A vulnerability classified as problematic was found in Node-Red up to 1.2.7. Affected by this vulnerability is an unknown functionality of the component Projects API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

Node-Red up to 1.2.7 Admin API dynamically-determined object attributes

A vulnerability classified as critical has been found in Node-Red up to 1.2.7. Affected is an unknown function of the component Admin API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Auteur: VulDB

Synapse up to 1.24.x .well-known resource consumption

A vulnerability was found in Synapse up to 1.24.x. It has been rated as problematic. This issue affects some unknown processing of the file .well-known. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Synapse up to 1.24.x redirect [CVE-2021-21273]

A vulnerability was found in Synapse up to 1.24.x. It has been declared as problematic. This vulnerability affects an unknown code block. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download at github.com....
Auteur: VulDB

ownCloud Client up to 2.6 DLL injection

A vulnerability was found in ownCloud Client up to 2.6 (Cloud Software). It has been classified as critical. This affects an unknown code of the component DLL Handler. Upgrading to version 2.7 eliminates this vulnerability.
Auteur: VulDB

best it Amazon Pay Plugin up to 9.4.1 on Shopware information disclosure

A vulnerability was found in best it Amazon Pay Plugin up to 9.4.1 on Shopware and classified as problematic. Affected by this issue is an unknown part. Upgrading to version 9.4.2 eliminates this vulnerability.
Auteur: VulDB

Kaspersky Rescue Disk/Endpoint Security UEFI Module improper authentication

A vulnerability has been found in Kaspersky Rescue Disk and Endpoint Security (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality of the component UEFI Module Handler. Upgrading...
Auteur: VulDB

ABB AC500 V2 Web Visualization resource consumption [CVE-2020-24686]

A vulnerability, which was classified as problematic, was found in ABB AC500 V2 (version unknown). Affected is an unknown functionality of the component Web Visualization. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Bosch DIVAR IP 5000 access control [CVE-2019-11684]

A vulnerability, which was classified as critical, has been found in Bosch Video Recording Manager, Video Management System and DIVAR IP 5000 (unknown version). This issue affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Keylime up to 5.8.1 Agent/Registrar signature verification

A vulnerability classified as critical was found in Keylime up to 5.8.1. This vulnerability affects some unknown processing of the component Agent/Registrar. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Custom Global Variables Plugin 1.0.5 on WordPress Form Field vars[0][name] cross site scripting

A vulnerability classified as problematic has been found in Custom Global Variables Plugin 1.0.5 on WordPress (WordPress Plugin). This affects an unknown code block of the component Form Field Handler. There is no information about possible...
Auteur: VulDB

Triconsole Datepicker Calendar up to 3.76 calendar_form.php cross site scripting

A vulnerability was found in Triconsole Datepicker Calendar up to 3.76 (Calendar Software). It has been rated as problematic. Affected by this issue is an unknown code of the file calendar_form.php. Upgrading to version 3.77 eliminates this...
Auteur: VulDB

Mozilla Firefox up to 85.x on Android toctou [CVE-2021-23977]

A vulnerability was found in Mozilla Firefox up to 85.x on Android (Web Browser). It has been classified as problematic. Affected is some unknown functionality. Upgrading to version 86.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox up to 85.x on Android Fullscreen improper restriction of rendered ui layers

A vulnerability was found in Mozilla Firefox up to 85.x on Android (Web Browser) and classified as critical. This issue affects an unknown functionality of the component Fullscreen Handler. Upgrading to version 86.0 eliminates this vulnerability....
Auteur: VulDB

Microsoft Edge unknown vulnerability [CVE-2021-24113]

A vulnerability was found in Microsoft Edge (Web Browser) (affected version unknown). It has been declared as problematic. Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the...
Auteur: VulDB

Mozilla Firefox up to 85.x Developer Page allocation of resources

A vulnerability has been found in Mozilla Firefox up to 85.x (Web Browser) and classified as problematic. This vulnerability affects an unknown function of the component Developer Page. Upgrading to version 86.0 eliminates this vulnerability. The...
Auteur: VulDB

Mozilla Firefox up to 85.x DOMParser API cross site scripting

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 85.x (Web Browser). This affects some unknown processing of the component DOMParser API. Upgrading to version 86.0 eliminates this vulnerability. The upgrade...
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird Decoding unknown vulnerability

A vulnerability, which was classified as critical, has been found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (affected version not known). Affected by this issue is an unknown code block of the component Decoding Handler....
Auteur: VulDB

Mozilla Firefox up to 85.x HTTP Authentication improper restriction of rendered ui layers

A vulnerability classified as critical was found in Mozilla Firefox up to 85.x (Web Browser). Affected by this vulnerability is an unknown code of the component HTTP Authentication Handler. Upgrading to version 86.0 eliminates this vulnerability....
Auteur: VulDB

Mozilla Firefox up to 85.x Referer Policy information disclosure

A vulnerability classified as problematic has been found in Mozilla Firefox up to 85.x (Web Browser). Affected is an unknown part of the component Referer Policy Handler. Upgrading to version 86.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

Mozilla Firefox up to 85.x Shared Jump Table assertion

A vulnerability was found in Mozilla Firefox up to 85.x (Web Browser). It has been rated as problematic. This issue affects some unknown functionality of the component Shared Jump Table Handler. Upgrading to version 86.0 eliminates this...
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird Content Security Policy information disclosure

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown functionality of the component Content Security...
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird Content Security Policy unknown vulnerability

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (the affected version unknown). It has been classified as critical. This affects an unknown function of the component Content Security Policy Handler....
Auteur: VulDB

Mozilla Firefox up to 84.x WebRTC Share permission

A vulnerability was found in Mozilla Firefox up to 84.x (Web Browser) and classified as critical. Affected by this issue is some unknown processing of the component WebRTC Share Handler. Upgrading to version 85.0 eliminates this vulnerability....
Auteur: VulDB

Mozilla Firefox up to 84.x RowCountChanged denial of service

A vulnerability has been found in Mozilla Firefox up to 84.x (Web Browser) and classified as problematic. Affected by this vulnerability is the function RowCountChanged. Upgrading to version 85.0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI