Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Adobe Premiere Pro up to 14.4 uncontrolled search path [CVE-2020-24424]

A vulnerability classified as critical was found in Adobe Premiere Pro up to 14.4. Affected by this vulnerability is an unknown functionality. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Media Encoder up to 14.4 on Windows uncontrolled search path

A vulnerability classified as critical has been found in Adobe Media Encoder up to 14.4 on Windows. Affected is an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Creative Cloud Desktop Application up to 2.1/5.2 on Windows uncontrolled search path

A vulnerability was found in Adobe Creative Cloud Desktop Application up to 2.1/5.2 on Windows (Cloud Software). It has been rated as critical. This issue affects some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe InDesign up to 15.1.2 indd File memory corruption

A vulnerability was found in Adobe InDesign up to 15.1.2 (Image Processing Software). It has been declared as critical. This vulnerability affects an unknown code block of the component indd File Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Photoshop up to 21.2.1 on Windows uncontrolled search path

A vulnerability was found in Adobe Photoshop up to 21.2.1 on Windows (Image Processing Software). It has been classified as critical. This affects an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe After Effects up to 17.1.1 on Windows uncontrolled search path

A vulnerability was found in Adobe After Effects up to 17.1.1 on Windows and classified as critical. Affected by this issue is an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe After Effects up to 17.1.1 aepx File out-of-bounds read

A vulnerability has been found in Adobe After Effects up to 17.1.1 and classified as problematic. Affected by this vulnerability is some unknown functionality of the file aepx of the component aepx File Handler. Upgrading eliminates this...
Auteur: VulDB

WSO2 API Manager up to 3.1.0 publisher cross site scripting

A vulnerability, which was classified as problematic, was found in WSO2 API Manager up to 3.1.0 (Automation Software). Affected is an unknown functionality of the component publisher.
Auteur: VulDB

Ghisler Total Commander 9.51 Access Restriction TOTALCMD64.EXE access control

A vulnerability, which was classified as critical, has been found in Ghisler Total Commander 9.51. This issue affects an unknown function of the file %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE of the component Access Restriction Handler. There is no...
Auteur: VulDB

Arista EOS prior 4.21.12M/4.22.7M/4.23.5M/4.24.2F DHCP Packet denial of service

A vulnerability classified as problematic was found in Arista EOS. This vulnerability affects some unknown processing of the component DHCP Packet Handler. Upgrading to version 4.21.12M, 4.22.7M, 4.23.5M or 4.24.2F eliminates this vulnerability.
Auteur: VulDB

TensorFlow up to 2.3.x Large Value tf.image.crop_and_resize boxes memory corruption

A vulnerability classified as problematic has been found in TensorFlow up to 2.3.x (Artificial Intelligence Software). This affects the function tf.image.crop_and_resize of the component Large Value Handler. Upgrading to version 2.4.0 eliminates...
Auteur: VulDB

TensorFlow up to 2.3.x Dimensions tf.quantization.quantize_and_dequantize axis out-of-bounds read

A vulnerability was found in TensorFlow up to 2.3.x (Artificial Intelligence Software). It has been rated as problematic. Affected by this issue is the function tf.quantization.quantize_and_dequantize of the component Dimensions Handler....
Auteur: VulDB

magento-lts Gem up to 19.4.7/20.0.3 on Ruby Product Attribute injection

A vulnerability was found in magento-lts Gem up to 19.4.7/20.0.3 on Ruby (Ruby Gem). It has been declared as critical. Affected by this vulnerability is an unknown part of the component Product Attribute Handler. Upgrading to version 19.4.8 or...
Auteur: VulDB

omniauth-auth0 Gem 2.3.x/2.4.0 on Ruby JWT Token Signature Validation jwt_validator.verify improper authentication

A vulnerability was found in omniauth-auth0 Gem 2.3.x/2.4.0 on Ruby (Ruby Gem). It has been classified as critical. Affected is the function jwt_validator.verify of the component JWT Token Signature Validation. Upgrading to version 2.4.1...
Auteur: VulDB

Apache Hadoop 3.0.0/3.0.0-alph/3.0.0-beta Web Endpoint Authentication improper authentication

A vulnerability was found in Apache Hadoop 3.0.0/3.0.0-alph/3.0.0-beta (Network Management Software) and classified as critical. This issue affects an unknown functionality of the component Web Endpoint Authentication Handler. There is no...
Auteur: VulDB

scratch-svg-renderer up to 0.1.x SVG _transformMeasurements cross site scripting

A vulnerability has been found in scratch-svg-renderer up to 0.1.x and classified as critical. This vulnerability affects the function _transformMeasurements of the component SVG Handler. Upgrading to version 0.2.0-prerelease.20201019174008...
Auteur: VulDB

Fortinet FortiOS up to 6.2.4 Command Line Interface information disclosure

A vulnerability, which was classified as problematic, was found in Fortinet FortiOS up to 6.2.4 (Firewall Software). This affects some unknown processing of the component Command Line Interface. There is no information about possible...
Auteur: VulDB

« TousAntiCovid » : la CNIL revient sur l’évolution de l’application « StopCovid »

Le Gouvernement a annoncé, jeudi 22 octobre 2020, le déploiement d’une nouvelle version de son application de traçage des cas contacts pour lutter contre la propagation du COVID-19. Elle fournit notamment des informations actualisées sur la...
Auteur: Cnil

Simple Download Monitor up to 3.8.8 URL sql injection

A vulnerability, which was classified as critical, has been found in Simple Download Monitor up to 3.8.8. Affected by this issue is an unknown code block of the component URL Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Simple Download Monitor up to 3.8.8 on WordPress Scripting cross site scripting

A vulnerability classified as critical was found in Simple Download Monitor up to 3.8.8 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown code of the component Scripting Handler.
Auteur: VulDB

BigBlueButton up to 2.2.27 FreeSWITCH hard-coded key

A vulnerability classified as problematic has been found in BigBlueButton up to 2.2.27. Affected is an unknown part of the component FreeSWITCH. Upgrading to version 2.2.28 eliminates this vulnerability.
Auteur: VulDB

BigBlueButton up to 2.2.28 Username information disclosure

A vulnerability was found in BigBlueButton up to 2.2.28. It has been rated as problematic. This issue affects some unknown functionality of the component Username Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

BigBlueButton up to 2.2.28 STUN/TURN unknown vulnerability [CVE-2020-27611]

A vulnerability was found in BigBlueButton up to 2.2.28. It has been declared as critical. This vulnerability affects an unknown functionality of the component STUN/TURN Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

BigBlueButton up to 2.2.27 Firewall Configuration access control

A vulnerability was found in BigBlueButton up to 2.2.27. It has been classified as critical. This affects an unknown function of the component Firewall Configuration Handler. Upgrading to version 2.2.28 eliminates this vulnerability.
Auteur: VulDB

BigBlueButton up to 2.2.28 Interface information disclosure

A vulnerability was found in BigBlueButton up to 2.2.28 and classified as problematic. Affected by this issue is some unknown processing of the component Interface Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First398399400401402403404405406407Last

Événements SSI