Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Zenphoto CMS up to 1.5.7 Uploader Plugin unrestricted upload

A vulnerability, which was classified as critical, has been found in Zenphoto CMS up to 1.5.7 (Content Management System). Affected by this issue is some unknown processing of the component Uploader Plugin. There is no information about possible...
Auteur: VulDB

SaltStack Salt prior 3002.5 certificate validation [CVE-2020-35662]

A vulnerability classified as critical was found in SaltStack Salt. Affected by this vulnerability is an unknown code block. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 certificate validation [CVE-2020-28972]

A vulnerability classified as critical has been found in SaltStack Salt. Affected is an unknown code. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 Process Name command injection

A vulnerability was found in SaltStack Salt. It has been rated as critical. This issue affects an unknown part of the component Process Name Handler. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

GNU C Library up to 2.32 Mutlibyte iconv infinite loop

A vulnerability was found in GNU C Library up to 2.32 (Software Library). It has been declared as problematic. This vulnerability affects the function iconv of the component Mutlibyte Handler. There is no information about possible...
Auteur: VulDB

Eclipse Jetty up to 9.4.36.v20210114/10.0.0/11.0.0 Accept Header algorithmic complexity

A vulnerability was found in Eclipse Jetty up to 9.4.36.v20210114/10.0.0/11.0.0. It has been classified as problematic. This affects an unknown functionality of the component Accept Header Handler. There is no information about possible...
Auteur: VulDB

Scytl sVote 2.1 X-Forwarded-For Header injection

A vulnerability was found in Scytl sVote 2.1 and classified as critical. Affected by this issue is an unknown function of the component X-Forwarded-For Header Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Scytl sVote 2.1 Event Alias Runtime.getRuntime.exec code injection

A vulnerability has been found in Scytl sVote 2.1 and classified as critical. Affected by this vulnerability is the function Runtime.getRuntime.exec of the component Event Alias Handler. There is no information about possible countermeasures...
Auteur: VulDB

Scytl sVote 2.1 Database Manager hard-coded password

A vulnerability, which was classified as critical, was found in Scytl sVote 2.1. Affected is an unknown code block of the component Database Manager. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Scytl sVote 2.1 sdm-ws-rest API preconfiguration improper authentication

A vulnerability, which was classified as critical, has been found in Scytl sVote 2.1. This issue affects an unknown code of the file /sdm-ws-rest/preconfiguration of the component sdm-ws-rest API. Addressing this vulnerability is possible by...
Auteur: VulDB

OpenText Content Server 20.3 cross site scripting [CVE-2021-3010]

A vulnerability classified as problematic was found in OpenText Content Server 20.3. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

LMA ISIDA Retriever 5.2 sql injection [CVE-2021-26904]

A vulnerability classified as critical has been found in LMA ISIDA Retriever 5.2. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

LMA ISIDA Retriever 5.2 query['text'] cross site scripting

A vulnerability was found in LMA ISIDA Retriever 5.2. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Mozilla Firefox up to 85.x memory corruption [CVE-2021-23979]

A vulnerability was found in Mozilla Firefox up to 85.x (Web Browser). It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading to version 86.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2021-23978]

A vulnerability was found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (version unknown). It has been classified as critical. Affected is some unknown processing. Upgrading eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Mozilla Firefox up to 84.x memory corruption [CVE-2021-23965]

A vulnerability was found in Mozilla Firefox up to 84.x (Web Browser) and classified as critical. This issue affects an unknown code block. Upgrading to version 85.0 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org.
Auteur: VulDB

Mozilla Firefox/Firefox ESR/Thunderbird memory corruption [CVE-2021-23964]

A vulnerability has been found in Mozilla Firefox, Firefox ESR and Thunderbird (Web Browser) (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. Upgrading eliminates this vulnerability. The...
Auteur: VulDB

thecodingmachine Gotenberg /convert/html src server-side request forgery

A vulnerability, which was classified as critical, was found in thecodingmachine Gotenberg (the affected version unknown). This affects an unknown part of the file /convert/html. There is no information about possible countermeasures known. It...
Auteur: VulDB

ProSoft ICX35-HWC-A/ICX35-HWC-E up to 1.9.62 Module Webpage access control

A vulnerability, which was classified as critical, has been found in ProSoft ICX35-HWC-A and ICX35-HWC-E up to 1.9.62. Affected by this issue is some unknown functionality of the component Module Webpage. There is no information about possible...
Auteur: VulDB

Node-Red up to 1.2.7 Projects API path traversal

A vulnerability classified as problematic was found in Node-Red up to 1.2.7. Affected by this vulnerability is an unknown functionality of the component Projects API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

Node-Red up to 1.2.7 Admin API dynamically-determined object attributes

A vulnerability classified as critical has been found in Node-Red up to 1.2.7. Affected is an unknown function of the component Admin API. Upgrading to version 1.2.8 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Auteur: VulDB

Synapse up to 1.24.x .well-known resource consumption

A vulnerability was found in Synapse up to 1.24.x. It has been rated as problematic. This issue affects some unknown processing of the file .well-known. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Synapse up to 1.24.x redirect [CVE-2021-21273]

A vulnerability was found in Synapse up to 1.24.x. It has been declared as problematic. This vulnerability affects an unknown code block. Upgrading to version 1.25.0 eliminates this vulnerability. The upgrade is hosted for download at github.com....
Auteur: VulDB

ownCloud Client up to 2.6 DLL injection

A vulnerability was found in ownCloud Client up to 2.6 (Cloud Software). It has been classified as critical. This affects an unknown code of the component DLL Handler. Upgrading to version 2.7 eliminates this vulnerability.
Auteur: VulDB

best it Amazon Pay Plugin up to 9.4.1 on Shopware information disclosure

A vulnerability was found in best it Amazon Pay Plugin up to 9.4.1 on Shopware and classified as problematic. Affected by this issue is an unknown part. Upgrading to version 9.4.2 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI