Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

markdown-it-highlightjs up to 3.3.0 cross site scripting [CVE-2020-7773]

A vulnerability has been found in markdown-it-highlightjs up to 3.3.0 and classified as problematic. This vulnerability affects an unknown code block. Upgrading to version 3.3.1 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Firebase util up to 0.3.3 DeepCopy.ts deepExtend code injection

A vulnerability, which was classified as critical, was found in Firebase util up to 0.3.3. This affects the function deepExtend of the file DeepCopy.ts. Upgrading to version 0.3.4 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

CERTFR-2020-ACT-012 : Bulletin d’actualité CERTFR-2020-ACT-012 (16 novembre 2020)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2020-AVI-750 : Multiples vulnérabilités dans le noyaux linux de SUSE (16 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyaux linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une...
Auteur: Cert FR

Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 os command injection

A vulnerability, which was classified as critical, has been found in Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 (Network Management Software). Affected by this issue is an unknown part. Upgrading to version 10.2.8, 11.1.2b or 11.2.2...
Auteur: VulDB

Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 improper authentication

A vulnerability classified as critical was found in Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 (Network Management Software). Affected by this vulnerability is some unknown functionality. Upgrading to version 10.2.8, 11.1.2b or 11.2.2...
Auteur: VulDB

Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 path traversal

A vulnerability classified as very critical has been found in Citrix SD-WAN Center up to 10.2.7/11.1.2a/11.2.1 (Network Management Software). Affected is an unknown functionality. Upgrading to version 10.2.8, 11.1.2b or 11.2.2 eliminates this...
Auteur: VulDB

Citrix Virtual Apps/XenDesktop on Windows os command injection

A vulnerability was found in Citrix Virtual Apps and XenDesktop on Windows (Connectivity Software) (unknown version). It has been rated as critical. This issue affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Citrix Virtual Apps/XenDesktop on Windows access control [CVE-2020-8269]

A vulnerability was found in Citrix Virtual Apps and XenDesktop on Windows (Connectivity Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown processing. Upgrading eliminates this...
Auteur: VulDB

Nextcloud Server 19.0.1 insufficiently protected credentials

A vulnerability was found in Nextcloud Server 19.0.1 (Cloud Software). It has been classified as critical. This affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Nextcloud Server 19.0.1 insufficiently protected credentials

A vulnerability was found in Nextcloud Server 19.0.1 (Cloud Software) and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Mitsubishi Electric MELSEC iQ-R resource consumption [CVE-2020-5666]

A vulnerability has been found in Mitsubishi Electric MELSEC iQ-R (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

XooNIps up to 3.49 deserialization [CVE-2020-5664]

A vulnerability, which was classified as critical, was found in XooNIps up to 3.49. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

XooNIps up to 3.49 cross site scripting [CVE-2020-5663]

A vulnerability, which was classified as problematic, has been found in XooNIps up to 3.49. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

XooNIps up to 3.49 cross site scripting [CVE-2020-5662]

A vulnerability classified as problematic was found in XooNIps up to 3.49. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

XooNIps up to 3.49 sql injection [CVE-2020-5659]

A vulnerability classified as critical has been found in XooNIps up to 3.49. This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Volkswagen Polo 2019 Discover Media Infotainment System insufficient verification of data authenticity

A vulnerability was found in Volkswagen Polo 2019. It has been rated as critical. Affected by this issue is an unknown code block of the component Discover Media Infotainment System. There is no information about possible countermeasures known....
Auteur: VulDB

WPBakery up to 6.4.0 on WordPress XSS Protection Mechanism kses_remove_filters protection mechanism failure

A vulnerability was found in WPBakery up to 6.4.0 on WordPress (WordPress Plugin). It has been declared as critical. Affected by this vulnerability is the function kses_remove_filters of the component XSS Protection Mechanism. Upgrading to...
Auteur: VulDB

orbisius-child-theme-creator up to 1.5.1 on WordPress orbisius_ctc_theme_editor_manage_file cross-site request forgery

A vulnerability was found in orbisius-child-theme-creator up to 1.5.1 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is the function orbisius_ctc_theme_editor_manage_file. Upgrading to version 1.5.2 eliminates...
Auteur: VulDB

Nagios XI up to 5.7.4 Auto-Discovery input validation

A vulnerability was found in Nagios XI up to 5.7.4 (Log Management Software) and classified as critical. This issue affects some unknown functionality of the component Auto-Discovery. Upgrading to version 5.7.5 eliminates this vulnerability.
Auteur: VulDB

InfiniteWP Admin Panel up to 3.1.12.2 Password resetPasswordSendMail weak password recovery

A vulnerability has been found in InfiniteWP Admin Panel up to 3.1.12.2 and classified as critical. This vulnerability affects the function resetPasswordSendMail of the component Password Handler. Upgrading to version 3.1.12.3 eliminates this...
Auteur: VulDB

controlled-merge up to 1.2.0 Prototype code injection

A vulnerability, which was classified as critical, was found in controlled-merge up to 1.2.0. This affects an unknown function of the component Prototype Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

PostgreSQL up to 13.0 permission [CVE-2020-25695]

A vulnerability, which was classified as critical, has been found in PostgreSQL up to 13.0 (Database Software). Affected by this issue is some unknown processing. Upgrading to version 9.5.24, 9.6.20, 10.15, 11.10, 12.5 or 13.1 eliminates this...
Auteur: VulDB

PostgreSQL up to 13.0 Client Application downgrade

A vulnerability classified as problematic was found in PostgreSQL up to 13.0 (Database Software). Affected by this vulnerability is an unknown code block of the component Client Application Handler. Upgrading to version 9.5.24, 9.6.20, 10.15,...
Auteur: VulDB

QNAP QTS prior 4.4.3.1421 Build 20200907 os command injection

A vulnerability classified as critical has been found in QNAP QTS (Network Attached Storage Software). Affected is an unknown code. Upgrading to version 4.4.3.1421 Build 20200907 eliminates this vulnerability.
Auteur: VulDB
First395396397398399400401402403404Last

Événements SSI