Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Gradle Enterprise up to 2020.2.3 Export API Cross-Origin information disclosure

A vulnerability, which was classified as problematic, was found in Gradle Enterprise up to 2020.2.3. This affects an unknown function of the component Export API. Upgrading to version 2020.2.4 eliminates this vulnerability.
Auteur: VulDB

Gradle Enterprise up to 2020.2.4 SAML IDP XML External Entity

A vulnerability, which was classified as critical, has been found in Gradle Enterprise up to 2020.2.4. Affected by this issue is some unknown processing of the component SAML IDP Handler. There is no information about possible countermeasures...
Auteur: VulDB

Gradle Enterprise/Enterprise Build Cache Node cross site request forgery

A vulnerability classified as problematic was found in Gradle Enterprise and Enterprise Build Cache Node (affected version unknown). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures...
Auteur: VulDB

Gradle Enterprise 2018.5 Lockout weak authentication

A vulnerability classified as problematic has been found in Gradle Enterprise 2018.5. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Gradle Enterprise up to 2020.2.4 URL Request cross site scripting

A vulnerability was found in Gradle Enterprise up to 2020.2.4. It has been rated as problematic. This issue affects an unknown part of the component URL Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Gradle Enterprise/Enterprise Build Cache Node /info/headers HTTP Header information disclosure

A vulnerability was found in Gradle Enterprise and Enterprise Build Cache Node (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality of the file /info/headers. There is no...
Auteur: VulDB

Gradle Enterprise up to 2020.2.4 cross site request forgery [CVE-2020-15767]

A vulnerability was found in Gradle Enterprise up to 2020.2.4. It has been classified as problematic. This affects an unknown functionality. Upgrading to version 2020.2.5 eliminates this vulnerability.
Auteur: VulDB

Google Android 11.0 Bluetooth Out-of-Bounds memory corruption

A vulnerability was found in Google Android 11.0 and classified as critical. Affected by this issue is an unknown function of the component Bluetooth. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 System UI Crash denial of service

A vulnerability has been found in Google Android 11.0 and classified as critical. Affected by this vulnerability is some unknown processing of the component System UI. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 WiFi Tethering privilege escalation

A vulnerability, which was classified as critical, was found in Google Android 11.0. Affected is an unknown code block of the component WiFi Tethering. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 Audio Server privilege escalation

A vulnerability, which was classified as critical, has been found in Google Android 11.0. This issue affects an unknown code of the component Audio Server. Applying a patch is able to eliminate this problem.
Auteur: VulDB

UNIQLO App up to 7.3.3 on Android Open Redirect [CVE-2020-5629]

A vulnerability classified as critical was found in UNIQLO App up to 7.3.3 on Android (Android App Software). This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

UNIQLO App up to 7.3.3 on Android Open Redirect [CVE-2020-5628]

A vulnerability classified as critical has been found in UNIQLO App up to 7.3.3 on Android (Android App Software). This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Buffalo WHR-G54S up to 1.43 cross site scripting [CVE-2020-5606]

A vulnerability was found in Buffalo WHR-G54S up to 1.43. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Buffalo WHR-G54S up to 1.43 directory traversal [CVE-2020-5605]

A vulnerability was found in Buffalo WHR-G54S up to 1.43. It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Cesanta Mongoose 6.18 mg_get_http_header HTTP Header memory corruption [Disputed]

A vulnerability was found in Cesanta Mongoose 6.18. It has been classified as critical. Affected is the function mg_get_http_header. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

paGO Commerce Plugin 2.5.9.0 on Joomla index.php filter_published sql injection

A vulnerability was found in paGO Commerce Plugin 2.5.9.0 on Joomla and classified as critical. This issue affects an unknown code block of the file administrator/index.php?option=com_pago&view=comments. There is no information about possible...
Auteur: VulDB

DotPlant2 Pay2PayPayment.php Pay2PayPayment $_POST[xml] XML External Entity

A vulnerability has been found in DotPlant2 (the affected version is unknown) and classified as critical. This vulnerability affects the function Pay2PayPayment of the file payment/Pay2PayPayment.php. Upgrading eliminates this vulnerability. A...
Auteur: VulDB

SaferVPN up to 5.0.3.2 on Windows Log Symlink privilege escalation

A vulnerability, which was classified as critical, was found in SaferVPN up to 5.0.3.2 on Windows (Network Encryption Software). This affects an unknown part of the file %LOCALAPPDATA%\SaferVPN\Log. Upgrading to version 5.0.3.3 eliminates this...
Auteur: VulDB

webTareas up to 2.1 clients/editclient.php cross site scripting

A vulnerability, which was classified as problematic, has been found in webTareas up to 2.1. Affected by this issue is some unknown functionality of the file clients/editclient.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

webTareas up to 2.1 files/Default/ Directory information disclosure

A vulnerability classified as problematic was found in webTareas up to 2.1. Affected by this vulnerability is an unknown functionality of the file files/Default/. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

webTareas up to 2.1 File Upload privilege escalation

A vulnerability classified as critical has been found in webTareas up to 2.1. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

CERTFR-2020-ALE-021 : Vulnérabilité dans Samba (18 septembre 2020)

La vulnérabilité CVE-2020-1742 pour laquelle Microsoft a publié un premier correctif le 11 août est une vulnérabilité du protocole Netlogon. L'éditeur du logiciel Samba confirme donc qu'un serveur Samba configuré en tant que contrôleur de domaine...
Auteur: Cert FR

Nitro Pro 13.13.2.242 Rendering Engine Code Execution memory corruption

A vulnerability was found in Nitro Pro 13.13.2.242. It has been rated as critical. This issue affects some unknown processing of the component Rendering Engine. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Nitro Pro 13.13.2.242 Table Use-After-Free memory corruption

A vulnerability was found in Nitro Pro 13.13.2.242. It has been declared as critical. This vulnerability affects an unknown code block of the component Table Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI