Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

i-doit up to 1.15.x cross site scripting [CVE-2021-3151]

A vulnerability has been found in i-doit up to 1.15.x and classified as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 API salt/utils/thin.py salt.utils.thin.gen_thin command injection

A vulnerability, which was classified as critical, was found in SaltStack Salt. Affected is the function salt.utils.thin.gen_thin of the file salt/utils/thin.py of the component API. Upgrading to version 3002.5 eliminates this vulnerability. The...
Auteur: VulDB

SaltStack Salt prior 3002.5 eauth Token unknown vulnerability

A vulnerability, which was classified as critical, has been found in SaltStack Salt. This issue affects an unknown code block of the component eauth Token Handler. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

wpa_supplicant up to 2.9 P2P Provision Discovery Request p2p/p2p_pd.c denial of service

A vulnerability classified as problematic was found in wpa_supplicant up to 2.9. This vulnerability affects an unknown code of the file p2p/p2p_pd.c of the component P2P Provision Discovery Request Handler. Upgrading to version 2.10 eliminates...
Auteur: VulDB

Zint Barcode Generator 2.19.1 C API backend/upcean.c ean_leading_zeroes buffer overflow

A vulnerability classified as critical has been found in Zint Barcode Generator 2.19.1. This affects the function ean_leading_zeroes of the file backend/upcean.c of the component C API. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Visualware MyConnection Server up to 11.0b Build 5382 Web Service myspeed/sf unrestricted upload

A vulnerability was found in Visualware MyConnection Server up to 11.0b Build 5382. It has been rated as critical. Affected by this issue is some unknown functionality of the file myspeed/sf?filename= of the component Web Service. There is no...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 faad path traversal

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component faad. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 synorelayd insertion of sensitive information into sent data

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software). It has been classified as critical. Affected is an unknown function of the component synorelayd. Upgrading to version 6.2.3-25426-3 eliminates this...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session cleartext transmission

A vulnerability was found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This issue affects some unknown processing of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session channel accessible

A vulnerability has been found in Synology DiskStation Manager (Network Attached Storage Software) and classified as problematic. This vulnerability affects an unknown code block of the component HTTP Session Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 Kernel Module access control

A vulnerability, which was classified as problematic, was found in Synology DiskStation Manager (Network Attached Storage Software). This affects an unknown code of the component Kernel Module Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Header syno_finder_site out-of-bounds write

A vulnerability, which was classified as critical, has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this issue is an unknown part of the component HTTP Header Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Header syno_finder_site stack-based overflow

A vulnerability classified as critical was found in Synology DiskStation Manager (Network Attached Storage Software). Affected by this vulnerability is some unknown functionality of the component HTTP Header Handler. Upgrading to version...
Auteur: VulDB

Synology DiskStation Manager prior 6.2.3-25426-3 HTTP Session channel accessible

A vulnerability classified as problematic has been found in Synology DiskStation Manager (Network Attached Storage Software). Affected is an unknown functionality of the component HTTP Session Handler. Upgrading to version 6.2.3-25426-3...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt.modules.cmdmod log file

A vulnerability was found in SaltStack Salt. It has been rated as problematic. This issue affects the function salt.modules.cmdmod. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at saltproject.io.
Auteur: VulDB

SaltStack Salt prior 3002.5 Jinja Renderer injection

A vulnerability was found in SaltStack Salt. It has been declared as critical. This vulnerability affects some unknown processing of the component Jinja Renderer. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt.wheel.pillar_roots.write pathname traversal

A vulnerability was found in SaltStack Salt. It has been classified as critical. This affects the function salt.wheel.pillar_roots.write. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt-api Remote Privilege Escalation

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown code of the component salt-api. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Redis up to 5.0.10/6.0.10 on 32-bit configuration integer overflow

A vulnerability has been found in Redis up to 5.0.10/6.0.10 on 32-bit and classified as critical. Affected by this vulnerability is an unknown part. Upgrading to version 5.0.10, 6.0.10 or 6.2.0 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

PrestaShop up to 1.7.7.1 Soft Logout System improper authentication

A vulnerability, which was classified as critical, was found in PrestaShop up to 1.7.7.1 (E-Commerce Management Software). Affected is some unknown functionality of the component Soft Logout System. Upgrading to version 1.7.7.2 eliminates this...
Auteur: VulDB

PrestaShop up to 1.7.7.1 Admin Panel csv injection

A vulnerability, which was classified as critical, has been found in PrestaShop up to 1.7.7.1 (E-Commerce Management Software). This issue affects an unknown functionality of the component Admin Panel. Upgrading to version 1.7.7.2 eliminates this...
Auteur: VulDB

Google Android 10.0/11.0 cameraisp out-of-bounds write

A vulnerability classified as critical was found in Google Android 10.0/11.0 (Smartphone Operating System). This vulnerability affects an unknown function of the component cameraisp. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 10.0/11.0 Performance Driver out-of-bounds write

A vulnerability classified as critical has been found in Google Android 10.0/11.0 (Smartphone Operating System). This affects some unknown processing of the component Performance Driver. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 mobile_log_d information disclosure

A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been rated as problematic. Affected by this issue is an unknown code block of the component mobile_log_d. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 netdiag information disclosure

A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been declared as problematic. Affected by this vulnerability is an unknown code of the component netdiag. Applying a patch is able to eliminate this problem.
Auteur: VulDB
12345678910Last

Événements SSI