Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CDATA FD8000 hard-coded password [CVE-2020-29059]

A vulnerability was found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1,...
Auteur: VulDB

CDATA FD8000 /opt/lighttpd/web/cgi/ missing encryption

A vulnerability was found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1,...
Auteur: VulDB

CDATA FD8000 Telnet Service denial of service [CVE-2020-29057]

A vulnerability was found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1,...
Auteur: VulDB

CDATA FD8000 TFTP Config sandbox [CVE-2020-29056]

A vulnerability was found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1,...
Auteur: VulDB

CDATA FD8000 Management Interface cleartext transmission [CVE-2020-29055]

A vulnerability has been found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1,...
Auteur: VulDB

CDATA FD8000 missing encryption [CVE-2020-29054]

A vulnerability, which was classified as problematic, was found in CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN,...
Auteur: VulDB

Hrsale 2.0.0 projects_calendar set_date cross site scripting

A vulnerability, which was classified as problematic, has been found in Hrsale 2.0.0. Affected by this issue is some unknown processing of the file admin/project/projects_calendar. There is no information about possible countermeasures known. It...
Auteur: VulDB

Xen up to 4.14.x stack-based buffer overflow [CVE-2020-29040]

A vulnerability classified as critical was found in Xen up to 4.14.x (Virtualization Software). Affected by this vulnerability is an unknown code block. Applying a patch is able to eliminate this problem.
Auteur: VulDB

MISP up to 2.4.134 ACL GalaxyElementsController.php access control

A vulnerability classified as critical has been found in MISP up to 2.4.134. Affected is an unknown code of the file app/Controller/GalaxyElementsController.php of the component ACL Handler. Upgrading to version 2.4.135 eliminates this...
Auteur: VulDB

Karenderia Multiple Restaurant System up to 5.4.2 sql injection

A vulnerability was found in Karenderia Multiple Restaurant System up to 5.4.2 (Hospitality Software). It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

musl libc up to 1.2.1 Buffer Size buffer overflow

A vulnerability was found in musl libc up to 1.2.1. It has been declared as critical. This vulnerability affects some unknown functionality of the component Buffer Size Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SeedDMS 6.0.13 out/out.AddDocument.php dropfolderfileform1 redirect

A vulnerability was found in SeedDMS 6.0.13. It has been classified as critical. This affects an unknown functionality of the file out/out.AddDocument.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

cron-utils up to 9.1.2 Template injection

A vulnerability was found in cron-utils up to 9.1.2 and classified as critical. Affected by this issue is an unknown function of the component Template Handler. Upgrading eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Highlight.js up to 9.18.1/10.1.1 code injection [CVE-2020-26237]

A vulnerability has been found in Highlight.js up to 9.18.1/10.1.1 (JavaScript Library) and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading to version 9.18.2 or 10.1.2 eliminates this vulnerability....
Auteur: VulDB

Time Crate up to 0.2.22 on Unix Environment Variable try_now_local null pointer dereference

A vulnerability, which was classified as problematic, was found in Time Crate up to 0.2.22 on Unix (Rust Package). Affected is the function...
Auteur: VulDB

Jupyter Server up to 1.0.5 redirect [CVE-2020-26232]

A vulnerability, which was classified as critical, has been found in Jupyter Server up to 1.0.5. This issue affects an unknown code. Upgrading to version 1.0.6 eliminates this vulnerability. The upgrade is hosted for download at github.com....
Auteur: VulDB

Pacemaker up to 1.1.23/2.0.5-rc1 ACL access control

A vulnerability classified as critical was found in Pacemaker up to 1.1.23/2.0.5-rc1. This vulnerability affects an unknown part of the component ACL Handler. Upgrading to version 1.1.24-rc1 or 2.0.5-rc2 eliminates this vulnerability.
Auteur: VulDB

Wildfly up to 20.x Resource Adapter log file

A vulnerability classified as problematic has been found in Wildfly up to 20.x (Application Server Software). This affects some unknown functionality of the component Resource Adapter. Upgrading to version 21.0.0.Final eliminates this...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 News Edit id sql injection

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been rated as critical. Affected by this issue is an unknown functionality of the component News Edit Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 editor_name cross site scripting

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about possible...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 Session Cookie cookie without 'httponly' flag

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software). It has been classified as problematic. Affected is some unknown processing of the component Session Cookie Handler. There is no information...
Auteur: VulDB

SimplePHPscripts News Script PHP Pro 2.3 User cross-site request forgery

A vulnerability was found in SimplePHPscripts News Script PHP Pro 2.3 (Programming Language Software) and classified as problematic. This issue affects an unknown code block of the component User Handler. There is no information about possible...
Auteur: VulDB

RTA 499ES EtherNet-IP Adaptor Source Code stack-based buffer overflow

A vulnerability has been found in RTA 499ES EtherNet-IP Adaptor Source Code (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

MicroStrategy up to 10.4/2019 Update 5/2020 Update 1 PDF Generator server-side request forgery

A vulnerability, which was classified as critical, was found in MicroStrategy up to 10.4/2019 Update 5/2020 Update 1. This affects an unknown part of the component PDF Generator. Upgrading to version 10.4, 2019 Update 6 or 2020 Update 2...
Auteur: VulDB

Apache Unomi up to 1.5.1 Endpoint /context.json injection

A vulnerability, which was classified as critical, has been found in Apache Unomi up to 1.5.1. Affected by this issue is some unknown functionality of the file /context.json of the component Endpoint Handler. Upgrading to version 1.5.2 eliminates...
Auteur: VulDB
12345678910Last

Événements SSI