Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability has been found in DaviewIndy up to 8.98.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file Daview.exe. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability, which was classified as critical, was found in DaviewIndy up to 8.98.4. Affected is an unknown function of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

DaviewIndy up to 8.98.7 Daview.exe Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in DaviewIndy up to 8.98.7. This issue affects some unknown processing of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

HPE Intelligent Provisioning grub2 Code Execution [CVE-2020-7205]

A vulnerability classified as critical was found in HPE Intelligent Provisioning, Service Pack for ProLiant and HPE Scripting ToolKit (the affected version is unknown). This vulnerability affects an unknown code block of the component grub2....
Auteur: VulDB

Linux Kernel up to 5.7.11 RNG drivers/char/random.c information disclosure

A vulnerability classified as problematic has been found in Linux Kernel up to 5.7.11 (Operating System). This affects an unknown code of the file drivers/char/random.c of the component RNG. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

SpringBlade up to 2.7.1 DAO/DTO /api/blade-log/api/list asc/desc sql injection

A vulnerability was found in SpringBlade up to 2.7.1. It has been rated as critical. Affected by this issue is an unknown part of the file /api/blade-log/api/list of the component DAO/DTO. There is no information about possible countermeasures...
Auteur: VulDB

RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 Access Restriction privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Access Restriction. There is no information about...
Auteur: VulDB

RIPE NCC RPKI Validator prior 3.1-2020.07.06.14.28 RRDP Fetch privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator. It has been classified as critical. Affected is an unknown functionality of the component RRDP Fetch Handler. Upgrading to version 3.1-2020.07.06.14.28 eliminates this vulnerability.
Auteur: VulDB

RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 CRL Revoked Certificate weak authentication [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 and classified as critical. This issue affects an unknown function of the component CRL Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Nagios Log Server up to 2.1.6 Notification Methods Stored cross site scripting

A vulnerability has been found in Nagios Log Server up to 2.1.6 (Log Management Software) and classified as problematic. This vulnerability affects some unknown processing of the component Notification Methods Handler. Upgrading to version 2.1.7...
Auteur: VulDB

DP3T-Backend-SDK up to 1.1.0 JWT alg DP3T privilege escalation

A vulnerability, which was classified as problematic, was found in DP3T-Backend-SDK up to 1.1.0. This affects an unknown code block of the component JWT Handler. Upgrading to version 1.1.1 eliminates this vulnerability. A possible mitigation has...
Auteur: VulDB

Hashicorp Terraform Enterprise up to 202006-1 Signup Page privilege escalation

A vulnerability, which was classified as critical, has been found in Hashicorp Terraform Enterprise up to 202006-1. Affected by this issue is an unknown code of the component Signup Page. Upgrading to version 202007-1 eliminates this...
Auteur: VulDB

slp-validate up to 1.2.1 on npm NFT1 Child Genesis Transaction Incorrect Comparison

A vulnerability classified as problematic was found in slp-validate up to 1.2.1 on npm. Affected by this vulnerability is an unknown part of the component NFT1 Child Genesis Transaction Handler. Upgrading to version 1.2.2 eliminates this...
Auteur: VulDB

slpjs Package up to 0.27.3 on npm NFT1 Child Genesis Transaction Incorrect Comparison

A vulnerability classified as problematic has been found in slpjs Package up to 0.27.3 on npm. Affected is some unknown functionality of the component NFT1 Child Genesis Transaction Handler. Upgrading to version 0.27.4 eliminates this...
Auteur: VulDB

Traefik up to 1.7.25/2.2.7/2.3.0-rc2 API Dashboard X-Forwarded-Prefix Redirect information disclosure

A vulnerability was found in Traefik up to 1.7.25/2.2.7/2.3.0-rc2. It has been rated as problematic. This issue affects an unknown functionality of the component API Dashboard. Upgrading to version 1.7.26, 2.2.8 or 2.3.0-rc3 eliminates this...
Auteur: VulDB

Pi-Hole up to 5.0 sudo Shell Metacharacter privilege escalation

A vulnerability was found in Pi-Hole up to 5.0. It has been declared as critical. This vulnerability affects an unknown function of the component sudo Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ABUS Secvest FUMO50110 RF Packet weak authentication

A vulnerability was found in ABUS Secvest FUMO50110 (the affected version unknown). It has been classified as critical. This affects some unknown processing of the component RF Handler. There is no information about possible countermeasures...
Auteur: VulDB

Pi-Hole up to 4.4 dns-servers.conf Shell Metacharacter command injection

A vulnerability was found in Pi-Hole up to 4.4 and classified as critical. Affected by this issue is an unknown code block of the file /etc/pihole/dns-servers.conf. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Citrix ICA URL cross site scripting

A vulnerability was found in Pulse Connect Secure up to 9.1R7. It has been rated as problematic. Affected by this issue is some unknown processing of the component Citrix ICA URL Handler. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Invalidation du « Privacy shield » : les premières questions-réponses du CEPD

Suite à l’arrêt de la Cour de justice de l’Union européenne invalidant le Privacy Shield (affaire « Schrems II »), le CEPD offre de premiers éléments de réponse aux questions les plus fréquemment posées, en attendant les futures analyses...
Auteur: Cnil

Pulse Connect Secure up to 9.1R7 Administrator Web Interface directory traversal

A vulnerability has been found in Pulse Connect Secure up to 9.1R7 and classified as critical. Affected by this vulnerability is an unknown code of the component Administrator Web Interface. Upgrading to version 9.1R8 eliminates this...
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Administrator Web Interface directory traversal

A vulnerability, which was classified as critical, was found in Pulse Connect Secure up to 9.1R7. Affected is an unknown part of the component Administrator Web Interface. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 command injection [CVE-2020-8220]

A vulnerability, which was classified as critical, has been found in Pulse Connect Secure up to 9.1R7. This issue affects some unknown functionality. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Permission Check Password privilege escalation

A vulnerability classified as critical was found in Pulse Connect Secure up to 9.1R7. This vulnerability affects an unknown functionality of the component Permission Check. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Admin Web Interface Code Execution

A vulnerability classified as critical has been found in Pulse Connect Secure up to 9.1R7. This affects an unknown function of the component Admin Web Interface. Upgrading to version 9.1RB eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI