Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ezXML 0.8.6 XML File Parser libezxml.a ezxml_parse_str memory corruption

A vulnerability was found in ezXML 0.8.6. It has been rated as critical. Affected by this issue is the function ezxml_parse_str of the file libezxml.a of the component XML File Parser. There is no information about possible countermeasures known....
Auteur: VulDB

a12n-server 0.18.0 on npm HAL-Form privileges management

A vulnerability was found in a12n-server 0.18.0 on npm (NPM Package). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HAL-Form. Upgrading to version 0.18.2 eliminates this...
Auteur: VulDB

Portofino up to 5.2.0 JSON Web Token signature verification

A vulnerability was found in Portofino up to 5.2.0. It has been classified as critical. Affected is an unknown function of the component JSON Web Token Handler. Upgrading to version 5.2.1 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

jose-node-cjs-runtime up to 3.11.3 on npm information exposure

A vulnerability was found in jose-node-cjs-runtime up to 3.11.3 on npm (NPM Package) and classified as problematic. This issue affects some unknown processing. Upgrading to version 3.11.4 eliminates this vulnerability.
Auteur: VulDB

jose-node-esm-runtime up to 3.11.3 on npm information exposure

A vulnerability has been found in jose-node-esm-runtime up to 3.11.3 on npm (NPM Package) and classified as problematic. This vulnerability affects an unknown code block. Upgrading to version 3.11.4 eliminates this vulnerability.
Auteur: VulDB

jose-browser-runtime up to 3.11.3 on npm information exposure

A vulnerability, which was classified as problematic, was found in jose-browser-runtime up to 3.11.3 on npm (NPM Package). This affects an unknown code. Upgrading to version 3.11.4 eliminates this vulnerability.
Auteur: VulDB

jose prior 1.28.1/2.0.5/3.11.4 on npm information exposure [CVE-2021-29443]

A vulnerability, which was classified as problematic, has been found in jose on npm (NPM Package). Affected by this issue is an unknown part. Upgrading to version 1.28.1, 2.0.5 or 3.11.4 eliminates this vulnerability.
Auteur: VulDB

Siemens Mendix up to 7.23.18/8.6.8/8.12.4/9.0.4 User Role privileges management

A vulnerability classified as critical was found in Siemens Mendix up to 7.23.18/8.6.8/8.12.4/9.0.4. Affected by this vulnerability is some unknown functionality of the component User Role Handler. Upgrading to version 7.23.19, 8.6.9, 8.12.5,...
Auteur: VulDB

Tribal Systems Zenario CMS 8.8.52729 Pugin Library Delete Module ajax.php ID sql injection

A vulnerability classified as critical has been found in Tribal Systems Zenario CMS 8.8.52729 (Content Management System). Affected is an unknown functionality of the file ajax.php of the component Pugin Library Delete Module. Upgrading to...
Auteur: VulDB

Adobe Genuine Service up to 6.6 uncontrolled search path [CVE-2020-9681]

A vulnerability was found in Adobe Genuine Service up to 6.6. It has been rated as critical. This issue affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Genuine Service up to 6.6 Symlink access control

A vulnerability was found in Adobe Genuine Service up to 6.6. It has been declared as critical. This vulnerability affects some unknown processing of the component Symlink Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Genuine Service up to 6.6 uncontrolled search path [CVE-2020-9667]

A vulnerability was found in Adobe Genuine Service up to 6.6. It has been classified as critical. This affects an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

QNAP QTS Multimedia Console/Media Streaming Add-on sql injection

A vulnerability was found in QNAP QTS (Network Attached Storage Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code of the component Multimedia Console/Media Streaming Add-on. Upgrading...
Auteur: VulDB

QNAP QTS/QuTS Hero command injection [CVE-2020-2509]

A vulnerability has been found in QNAP QTS and QuTS Hero (Network Attached Storage Software) (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

IBM Spectrum Protect 7.1/8.1 Command Parser stack-based overflow

A vulnerability, which was classified as critical, was found in IBM Spectrum Protect 7.1/8.1 (Backup Software). Affected is some unknown functionality of the component Command Parser. There is no information about possible countermeasures known....
Auteur: VulDB

vscode-bazel up to 0.4.0 JSON Config File file inclusion

A vulnerability, which was classified as problematic, has been found in vscode-bazel up to 0.4.0. This issue affects an unknown functionality of the component JSON Config File Handler. Upgrading to version 0.4.1 eliminates this vulnerability....
Auteur: VulDB

CERTFR-2021-AVI-279 : Multiples vulnérabilités dans Microsoft Edge (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-278 : Multiples vulnérabilités dans le noyau Linux de SUSE (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de...
Auteur: Cert FR

CERTFR-2021-AVI-277 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-276 : Multiples vulnérabilités dans Google Chrome (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-275 : Multiples vulnérabilités dans F5 BIG-IP et BIG-IQ (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP et BIG-IQ. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2021-AVI-274 : Multiples vulnérabilités dans les produits Qnap (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-273 : Multiples vulnérabilités dans Junos OS (16 avril 2021)

De multiples vulnérabilités ont été découvertes dans Junos OS. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Auteur: Cert FR

vscode-rpm-spec Extension up to 0.3.1 on Visual Studio Workspace Configuration Remote Code Execution

A vulnerability classified as problematic was found in vscode-rpm-spec Extension up to 0.3.1 on Visual Studio. This vulnerability affects an unknown function of the component Workspace Configuration Handler. Upgrading to version 0.3.2 eliminates...
Auteur: VulDB

Tenda G1/G3 umountUSBPartition formSetUSBPartitionUmount os command injection

A vulnerability classified as critical has been found in Tenda G1 and G3 (the affected version unknown). This affects the function formSetUSBPartitionUmount of the file action/umountUSBPartition. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI