Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Tenda G0/G1/G3 action/setDebugCfg formSetDebugCfg os command injection

A vulnerability was found in Tenda G0, G1 and G3 (affected version not known). It has been rated as critical. Affected by this issue is the function formSetDebugCfg of the file action/setDebugCfg. There is no information about possible...
Auteur: VulDB

Atlassian Connect Spring Boot up to 2.1.2 Lifecycle Endpoint improper authentication

A vulnerability was found in Atlassian Connect Spring Boot up to 2.1.2. It has been declared as critical. Affected by this vulnerability is an unknown code of the component Lifecycle Endpoint. Upgrading to version 2.1.3 eliminates this...
Auteur: VulDB

Atlassian Connect Express up to 6.5.x Lifecycle Endpoint improper authentication

A vulnerability was found in Atlassian Connect Express up to 6.5.x. It has been classified as critical. Affected is an unknown part of the component Lifecycle Endpoint. Upgrading to version 6.6.0 eliminates this vulnerability.
Auteur: VulDB

Synology QTS/QuTS Hero/QuTScloud File Station cross site scripting

A vulnerability was found in Synology QTS, QuTS Hero and QuTScloud (Cloud Software) (unknown version) and classified as problematic. This issue affects some unknown functionality of the component File Station. Upgrading eliminates this...
Auteur: VulDB

Wfilter ICF up to 5.0.117 User-Agent Header cross site scripting

A vulnerability has been found in Wfilter ICF up to 5.0.117 and classified as problematic. This vulnerability affects an unknown functionality of the component User-Agent Header Handler. There is no information about possible countermeasures...
Auteur: VulDB

dio Package 4.0.0 on Dart HTTP Method injection

A vulnerability, which was classified as critical, was found in dio Package 4.0.0 on Dart. This affects an unknown function of the component HTTP Method Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Apache OpenOffice up to 4.1.9 Hyperlink Remote Code Execution

A vulnerability, which was classified as critical, has been found in Apache OpenOffice up to 4.1.9 (Office Suite Software). Affected by this issue is some unknown processing of the component Hyperlink Handler. Upgrading to version 4.1.10...
Auteur: VulDB

WordPress up to 5.7.0 Editor information disclosure

A vulnerability classified as problematic was found in WordPress up to 5.7.0 (Content Management System). Affected by this vulnerability is an unknown code block of the component Editor. Upgrading to version 5.7.1 eliminates this vulnerability.
Auteur: VulDB

Pi-hole Admin Portal cross site scripting [CVE-2021-29448]

A vulnerability classified as problematic has been found in Pi-hole (version unknown). Affected is an unknown code of the component Admin Portal. Applying a patch is able to eliminate this problem.
Auteur: VulDB

WordPress up to 5.7.0 Media Library Parser xml external entity reference

A vulnerability was found in WordPress up to 5.7.0 (Content Management System). It has been rated as critical. This issue affects an unknown part of the component Media Library Parser. Upgrading to version 5.7.1 eliminates this vulnerability.
Auteur: VulDB

Matrix Sydent up to 2.2.0 resource consumption [CVE-2021-29433]

A vulnerability was found in Matrix Sydent up to 2.2.0. It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading to version 2.3.0 eliminates this vulnerability. Applying a patch is able to eliminate...
Auteur: VulDB

Matrix Sydent up to 2.2.x Email input validation

A vulnerability was found in Matrix Sydent up to 2.2.x. It has been classified as problematic. This affects an unknown functionality of the component Email Handler. Upgrading to version 2.3.0 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

Matrix Sydent up to 2.2.x HTTP GET Request server-side request forgery

A vulnerability was found in Matrix Sydent up to 2.2.x and classified as critical. Affected by this issue is an unknown function of the component HTTP GET Request Handler. Upgrading to version 2.3.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

Matrix Sydent up to 2.2.x HTTP Request resource consumption

A vulnerability has been found in Matrix Sydent up to 2.2.x and classified as problematic. Affected by this vulnerability is some unknown processing of the component HTTP Request Handler. Upgrading to version 2.3.0 eliminates this vulnerability....
Auteur: VulDB

Centreon 20.10.0 Centreon Web cross-site request forgery

A vulnerability, which was classified as problematic, was found in Centreon 20.10.0. Affected is an unknown code block of the component Centreon Web. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

LightCMS 1.3.5 External Image NEditorController.php Remote Privilege Escalation

A vulnerability, which was classified as critical, has been found in LightCMS 1.3.5. This issue affects an unknown code of the file /app/Http/Controllers/Admin/NEditorController.php of the component External Image Handler. There is no information...
Auteur: VulDB

HPE IceWall SSO Domain Gateway Option Module cross site scripting

A vulnerability classified as problematic was found in HPE IceWall SSO Domain Gateway Option Module (the affected version is unknown). This vulnerability affects an unknown part. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

Fielcoin Lotus BLS Signature Validation VerifyCompressed signature verification

A vulnerability classified as problematic has been found in Fielcoin Lotus (the affected version unknown). This affects the function VerifyCompressed of the component BLS Signature Validation. Applying a patch is able to eliminate this problem....
Auteur: VulDB

QED ResourceXpress up to 4.9k URL input validation

A vulnerability was found in QED ResourceXpress up to 4.9k. It has been rated as critical. Affected by this issue is an unknown functionality of the component URL Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GNU Binutils up to 2.35 BFD Library memory allocation

A vulnerability was found in GNU Binutils up to 2.35 (Programming Tool Software). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component BFD Library. Upgrading to version 2.36 eliminates this...
Auteur: VulDB

ezXML 0.8.6 XML File Parser libezxml.a ezxml_internal_dtd out-of-bounds write

A vulnerability was found in ezXML 0.8.6. It has been classified as critical. Affected is the function ezxml_internal_dtd of the file libezxml.a of the component XML File Parser. There is no information about possible countermeasures known. It...
Auteur: VulDB

Textpattern 4.8.4 Plug-In unrestricted upload

A vulnerability was found in Textpattern 4.8.4 and classified as critical. This issue affects an unknown code block of the component Plug-In Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Adobe Photoshop up to 21.2.6/22.3 JSX File Parser buffer overflow

A vulnerability has been found in Adobe Photoshop up to 21.2.6/22.3 (Image Processing Software) and classified as critical. This vulnerability affects an unknown code of the component JSX File Parser. Upgrading eliminates this vulnerability.
Auteur: VulDB

Adobe Photoshop up to 21.2.6/22.3 JSX File Parser buffer overflow

A vulnerability, which was classified as critical, was found in Adobe Photoshop up to 21.2.6/22.3 (Image Processing Software). This affects an unknown part of the component JSX File Parser. Upgrading eliminates this vulnerability.
Auteur: VulDB

b2evolution 7.2.2-stable evoadm.php cf_name sql injection

A vulnerability, which was classified as problematic, has been found in b2evolution 7.2.2-stable (Content Management System). Affected by this issue is some unknown functionality of the file evoadm.php. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI