Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Hashicorp Nomad/Nomad Enterprise up to 0.12.7 Docker File Sandbox sandbox

A vulnerability was found in Hashicorp Nomad and Nomad Enterprise up to 0.12.7. It has been rated as critical. Affected by this issue is an unknown code of the component Docker File Sandbox. Upgrading to version 0.10.8, 0.11.7 or 0.12.8...
Auteur: VulDB

Matrix Synap Synapse JSON denial of service

A vulnerability was found in Matrix Synap Synapse. It has been declared as problematic. Affected by this vulnerability is an unknown part of the component JSON Handler. Upgrading to version 1.20.0 eliminates this vulnerability.
Auteur: VulDB

Ortus TestBox up to 4.1.0 Query String HTMLRunner.cfm Remote Privilege Escalation

A vulnerability was found in Ortus TestBox up to 4.1.0. It has been classified as critical. Affected is some unknown functionality of the file system/runners/HTMLRunner.cfm of the component Query String Handler. There is no information about...
Auteur: VulDB

Ortus TestBox up to 4.1.0 Query String test-browser/index.cfm pathname traversal

A vulnerability was found in Ortus TestBox up to 4.1.0 and classified as critical. This issue affects an unknown functionality of the file test-browser/index.cfm of the component Query String Handler. There is no information about possible...
Auteur: VulDB

MongoDB Ops Manager up to 4.2.17/4.3.9/4.4.2 API Key information disclosure

A vulnerability has been found in MongoDB Ops Manager up to 4.2.17/4.3.9/4.4.2 (Database Software) and classified as problematic. This vulnerability affects an unknown function of the component API Key Handler. Upgrading to version 4.4.3...
Auteur: VulDB

VMware Workspace One Access command injection [CVE-2020-4006]

A vulnerability, which was classified as critical, was found in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector (the affected version unknown). This affects some unknown processing. There is no...
Auteur: VulDB

SPIP up to 3.2.7 configurer_preferences.php unknown vulnerability

A vulnerability, which was classified as problematic, has been found in SPIP up to 3.2.7 (Content Management System). Affected by this issue is an unknown code block of the file prive/formulaires/configurer_preferences.php. Upgrading to version...
Auteur: VulDB

Magicpin 2.1 User Registration cross site scripting

A vulnerability classified as problematic was found in Magicpin 2.1. Affected by this vulnerability is an unknown code of the component User Registration Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Mutt/NeoMutt IMAP Server Response cleartext transmission [CVE-2020-28896]

A vulnerability classified as problematic has been found in Mutt and NeoMutt (Mail Client Software) (version unknown). Affected is an unknown part of the component IMAP Server Response Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

WinSCP 5.17.8 FTP Server denial of service

A vulnerability was found in WinSCP 5.17.8 (Connectivity Software). It has been rated as problematic. This issue affects some unknown functionality of the component FTP Server Handler. There is no information about possible countermeasures known....
Auteur: VulDB

private-ip up to 1.0.5 on npm IP Range Filter server-side request forgery

A vulnerability was found in private-ip up to 1.0.5 on npm. It has been declared as critical. This vulnerability affects an unknown functionality of the component IP Range Filter. There is no information about possible countermeasures known. It...
Auteur: VulDB

Scratch up to 1.3.1 Regular Expression cross site scripting

A vulnerability was found in Scratch up to 1.3.1. It has been classified as problematic. This affects an unknown function of the component Regular Expression Handler. Upgrading to version 1.3.2 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

October CMS up to 1.0.469/1.1.0 Twig Sandbox authorization

A vulnerability was found in October CMS up to 1.0.469/1.1.0 (Content Management System) and classified as critical. Affected by this issue is some unknown processing of the component Twig Sandbox. Upgrading to version 1.0.470 or 1.1.1 eliminates...
Auteur: VulDB

TYPO3 up to 10.4.9 RSS Widget xml external entity reference

A vulnerability has been found in TYPO3 up to 10.4.9 (Content Management System) and classified as critical. Affected by this vulnerability is an unknown code block of the component RSS Widget. Upgrading to version 10.4.10 eliminates this...
Auteur: VulDB

TYPO3 up to 9.5.22/10.4.9 Session Identifier cleartext storage

A vulnerability, which was classified as problematic, was found in TYPO3 up to 9.5.22/10.4.9 (Content Management System). Affected is an unknown code of the component Session Identifier Handler. Upgrading to version 9.5.23 or 10.4.10 eliminates...
Auteur: VulDB

TYPO3 up to 9.5.22/10.4.9 Fluid as cross site scripting

A vulnerability, which was classified as problematic, has been found in TYPO3 up to 9.5.22/10.4.9 (Content Management System). This issue affects an unknown part of the component Fluid. Upgrading to version 9.5.23 or 10.4.10 eliminates this...
Auteur: VulDB

PostgreSQL up to 13.0 psql Interactive Terminal privileges management

A vulnerability classified as critical was found in PostgreSQL up to 13.0 (Database Software). This vulnerability affects some unknown functionality of the component psql Interactive Terminal. Upgrading to version 9.5.24, 9.6.20, 10.15, 11.10,...
Auteur: VulDB

rhacm up to 2.0.5 Internal API hard-coded key

A vulnerability classified as problematic has been found in rhacm up to 2.0.5. This affects an unknown functionality of the component Internal API. Upgrading to version 2.0.5 or 2.1.0 eliminates this vulnerability.
Auteur: VulDB

Cephx up to 14.2.13/15.2.5 improper authentication [CVE-2020-25660]

A vulnerability was found in Cephx up to 14.2.13/15.2.5. It has been rated as critical. Affected by this issue is an unknown function. Upgrading to version 14.2.14 or 15.2.6 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Playground Sessions up to 2.5.582 on Windows UserProfiles.sol credentials storage

A vulnerability was found in Playground Sessions up to 2.5.582 on Windows. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the file UserProfiles.sol. There is no information about possible...
Auteur: VulDB

Linux Kernel up to 5.7 8250_core.c serial8250_isa_init_ports null pointer dereference

A vulnerability was found in Linux Kernel up to 5.7 (Operating System). It has been classified as problematic. Affected is the function serial8250_isa_init_ports of the file drivers/tty/serial/8250/8250_core.c. Upgrading to version 5.8 eliminates...
Auteur: VulDB

Linux Kernel up to 5.7 Error Field fs/block_dev.c use after free

A vulnerability was found in Linux Kernel up to 5.7 (Operating System) and classified as problematic. This issue affects an unknown code of the file fs/block_dev.c of the component Error Field Handler. Upgrading to version 5.8 eliminates this...
Auteur: VulDB

October CMS up to 1.0.468 Upload File evil.svg cross site scripting

A vulnerability has been found in October CMS up to 1.0.468 (Content Management System) and classified as problematic. This vulnerability affects an unknown part of the file /storage/app/media/evil.svg of the component Upload File Handler....
Auteur: VulDB

October CMS up to 1.0.469 New User authorization

A vulnerability, which was classified as problematic, was found in October CMS up to 1.0.469 (Content Management System). This affects some unknown functionality of the component New User Handler. Upgrading to version 1.0.470 or 1.1.1 eliminates...
Auteur: VulDB

October CMS up to 1.0.468 Twig Sandbox authorization

A vulnerability, which was classified as critical, has been found in October CMS up to 1.0.468 (Content Management System). Affected by this issue is an unknown functionality of the component Twig Sandbox. Upgrading to version 1.0.469 or 1.1.0...
Auteur: VulDB
12345678910Last

Événements SSI