lundi 6 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ElasticBox Jenkins Kubernetes CI-CD Plugin up to 1.3 on Jenkins YAML Parser Remote Code Execution

A vulnerability classified as critical has been found in ElasticBox Jenkins Kubernetes CI-CD Plugin up to 1.3 on Jenkins (Virtualization Software). This affects an unknown code block of the component YAML Parser. There is no information about...
Auteur: VulDB

Stash Branch Parameter Plugin up to 0.3.0 on Jenkins Credentials weak encryption

A vulnerability was found in Stash Branch Parameter Plugin up to 0.3.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Jenkins TestComplete Support Plugin up to 2.4.1 config.xml information disclosure

A vulnerability was found in Jenkins TestComplete Support Plugin up to 2.4.1 (Continuous Integration Software). It has been declared as problematic. Affected by this vulnerability is an unknown part of the file config.xml. There is no information...
Auteur: VulDB

Slack Upload Plugin up to 1.7 on Jenkins config.xml information disclosure

A vulnerability was found in Slack Upload Plugin up to 1.7 on Jenkins (Messaging Software). It has been classified as problematic. Affected is some unknown functionality of the file config.xml. There is no information about possible...
Auteur: VulDB

VncViewer Plugin up to 1.7 on Jenkins checkVncServ Parameter cross site scripting

A vulnerability was found in VncViewer Plugin up to 1.7 on Jenkins (Jenkins Plugin) and classified as problematic. This issue affects the function checkVncServ. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

VncRecorder Plugin up to 1.25 on Jenkins checkVncServ Parameter cross site scripting

A vulnerability has been found in VncRecorder Plugin up to 1.25 on Jenkins (Jenkins Plugin) and classified as problematic. This vulnerability affects the function checkVncServ. There is no information about possible countermeasures known. It may...
Auteur: VulDB

VncRecorder Plugin up to 1.25 on Jenkins Validation Endpoint checkVncServ cross site scripting

A vulnerability, which was classified as problematic, was found in VncRecorder Plugin up to 1.25 on Jenkins (Jenkins Plugin). This affects the function checkVncServ of the component Validation Endpoint. There is no information about possible...
Auteur: VulDB

Fortify on Demand Plugin up to 5.0.1 on Jenkins Demand Endpoint privilege escalation

A vulnerability, which was classified as critical, has been found in Fortify on Demand Plugin up to 5.0.1 on Jenkins (Jenkins Plugin). Affected by this issue is an unknown code block of the component Demand Endpoint. There is no information about...
Auteur: VulDB

Fortify on Demand Plugin up to 5.0.1 on Jenkins Demand Endpoint cross site request forgery

A vulnerability classified as problematic was found in Fortify on Demand Plugin up to 5.0.1 on Jenkins (Jenkins Plugin). Affected by this vulnerability is an unknown code of the component Demand Endpoint. There is no information about possible...
Auteur: VulDB

Fortify on Demand Plugin up to 6.0.0 on Jenkins Permission Check Credentials information disclosure

A vulnerability classified as problematic has been found in Fortify on Demand Plugin up to 6.0.0 on Jenkins (Jenkins Plugin). Affected is an unknown part of the component Permission Check. There is no information about possible countermeasures...
Auteur: VulDB

Sonargraph Integration Plugin up to 3.0.0 on Jenkins Stored cross site scripting

A vulnerability was found in Sonargraph Integration Plugin up to 3.0.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

LibRaw up to 0.19 unpack_thumb.cpp memory corruption

A vulnerability was found in LibRaw up to 0.19. It has been declared as critical. This vulnerability affects an unknown functionality of the file decoders/unpack_thumb.cpp. Upgrading to version 0.20-RC1 eliminates this vulnerability.
Auteur: VulDB

DuckDuckGo App duckduckgo.com information disclosure [Disputed]

A vulnerability was found in DuckDuckGo App (the affected version unknown). It has been classified as problematic. This affects an unknown function of the file duckduckgo.com. There is no information about possible countermeasures known. It may...
Auteur: VulDB

QEMU 4.2.0 MemoryRegionOps denial of service

A vulnerability was found in QEMU 4.2.0 and classified as problematic. Affected by this issue is the function MemoryRegionOps. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Tendermint up to 0.33.5 Signature denial of service

A vulnerability has been found in Tendermint up to 0.33.5 and classified as problematic. Affected by this vulnerability is an unknown code block of the component Signature Handler. Upgrading to version 0.33.6 eliminates this vulnerability.
Auteur: VulDB

PrestaShop up to 1.7.6.5 Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in PrestaShop up to 1.7.6.5. Affected is an unknown code. Upgrading to version 1.7.6.6 eliminates this vulnerability.
Auteur: VulDB

PrestaShop up to 1.7.6.5 Dashboard privilege escalation

A vulnerability, which was classified as critical, has been found in PrestaShop up to 1.7.6.5 (E-Commerce Management Software). This issue affects an unknown part of the component Dashboard. Upgrading to version 1.7.6.6 eliminates this...
Auteur: VulDB

PrestaShop up to 1.7.6.5 index.php information disclosure

A vulnerability classified as problematic was found in PrestaShop up to 1.7.6.5 (E-Commerce Management Software). This vulnerability affects some unknown functionality of the file index.php. Upgrading to version 1.7.6.6 eliminates this...
Auteur: VulDB

PrestaShop up to 1.7.6.5 Release Archive information disclosure

A vulnerability classified as problematic has been found in PrestaShop up to 1.7.6.5 (E-Commerce Management Software). This affects an unknown functionality of the component Release Archive. Upgrading to version 1.7.6.6 eliminates this...
Auteur: VulDB

PrestaShop up to 1.7.6.5 Carrier Page/Module Manager/Module Positions privilege escalation

A vulnerability was found in PrestaShop up to 1.7.6.5 (E-Commerce Management Software). It has been rated as critical. Affected by this issue is an unknown function of the component Carrier Page/Module Manager/Module Positions. Upgrading to...
Auteur: VulDB

CodePeople Payment Form for PayPal Pro Plugin up to 1.1.64 on WordPress sql injection

A vulnerability was found in CodePeople Payment Form for PayPal Pro Plugin up to 1.1.64 on WordPress (WordPress Plugin). It has been declared as critical. Affected by this vulnerability is some unknown processing. Upgrading to version 1.1.65...
Auteur: VulDB

Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 10 WebMail Reflected cross site scripting

A vulnerability was found in Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 10 (Groupware Software). It has been classified as problematic. Affected is an unknown code block of the component WebMail. Applying the patch 8.8.15 Patch 11 is...
Auteur: VulDB

Ledger Live up to 2.6.x RBF privilege escalation

A vulnerability was found in Ledger Live up to 2.6.x and classified as critical. This issue affects an unknown code of the component RBF Handler. Upgrading to version 2.7.0 eliminates this vulnerability.
Auteur: VulDB

PrestaShop up to 1.7.7.5 Quick Access Item Name Stored cross site scripting

A vulnerability has been found in PrestaShop up to 1.7.7.5 (E-Commerce Management Software) and classified as problematic. This vulnerability affects an unknown part of the component Quick Access Item Name Handler. Upgrading to version 1.7.7.6...
Auteur: VulDB

Traefik 2.x TLS Verification weak authentication

A vulnerability, which was classified as critical, was found in Traefik 2.x. This affects some unknown functionality of the component TLS Verification. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
12345678910Last

Événements SSI