Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERN Indico up to 2.3.3 Host Header password recovery

A vulnerability was found in CERN Indico up to 2.3.3. It has been rated as critical. Affected by this issue is an unknown function of the component Host Header Handler. Upgrading to version 2.3.4 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

FreeBSD up to 12.2/13.0 Listening Socket accf_create use after free

A vulnerability was found in FreeBSD up to 12.2/13.0 (Operating System). It has been declared as critical. Affected by this vulnerability is the function accf_create of the component Listening Socket Handler. Applying a patch is able to eliminate...
Auteur: VulDB

FreeBSD up to 11.4/12.2/13.0-RC5/12.2 Shared Memory Page use after free

A vulnerability was found in FreeBSD up to 11.4/12.2/13.0-RC5/12.2 (Operating System). It has been classified as problematic. Affected is an unknown code block of the component Shared Memory Page Handler. Applying a patch is able to eliminate...
Auteur: VulDB

libretro RetroArch 0.11 on Windows PowerShell platform_win32.c accessibility_speak_windows command injection

A vulnerability was found in libretro RetroArch 0.11 on Windows and classified as critical. This issue affects the function accessibility_speak_windows of the file platform_win32.c of the component PowerShell Handler. Applying a patch is able to...
Auteur: VulDB

Jenkins Promoted Builds Plugin up to 3.9 cross-site request forgery

A vulnerability has been found in Jenkins Promoted Builds Plugin up to 3.9 (Continuous Integration Software) and classified as problematic. This vulnerability affects an unknown part. There is no information about possible countermeasures known....
Auteur: VulDB

Jenkins up to LTS 2.277.1/2.286 View permission

A vulnerability, which was classified as critical, was found in Jenkins up to LTS 2.277.1/2.286 (Continuous Integration Software). This affects some unknown functionality of the component View Handler. There is no information about possible...
Auteur: VulDB

Jenkins up to LTS 2.277.1/2.286 REST API Endpoint config.xml permission

A vulnerability, which was classified as critical, has been found in Jenkins up to LTS 2.277.1/2.286 (Continuous Integration Software). Affected by this issue is an unknown functionality of the file config.xml of the component REST API Endpoint....
Auteur: VulDB

FreeBSD up to 11.4/12.2/13.0-RC5/12.2 jail race condition

A vulnerability classified as problematic was found in FreeBSD up to 11.4/12.2/13.0-RC5/12.2 (Operating System). Affected by this vulnerability is an unknown function of the component jail. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Wcms 0.3.2 wex/html.php pagename cross site scripting

A vulnerability classified as problematic has been found in Wcms 0.3.2. Affected is some unknown processing of the file wex/html.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Wcms 0.3.2 wex/html.php pagename pathname traversal

A vulnerability was found in Wcms 0.3.2. It has been rated as problematic. This issue affects an unknown code block of the file wex/html.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

GNU Chess 6.2.7 PGN frontend/cmd.cc cmd_pgnload/cmd_pgnreplay buffer overflow

A vulnerability was found in GNU Chess 6.2.7. It has been declared as critical. This vulnerability affects the function cmd_pgnload/cmd_pgnreplay of the file frontend/cmd.cc of the component PGN Handler. There is no information about possible...
Auteur: VulDB

GNOME file-roller up to 3.38.0 Extraction fr-archive-libarchive.c pathname traversal

A vulnerability was found in GNOME file-roller up to 3.38.0. It has been classified as critical. This affects an unknown part of the file fr-archive-libarchive.c of the component Extraction Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

PHP-Nuke 8.3.3 User Registration OrderBy sql injection

A vulnerability was found in PHP-Nuke 8.3.3 (Content Management System) and classified as critical. Affected by this issue is some unknown functionality of the component User Registration Handler. There is no information about possible...
Auteur: VulDB

D-Link DSL-320B-D1 up to EU_1.25 login.xgi user/pass buffer overflow

A vulnerability has been found in D-Link DSL-320B-D1 up to EU_1.25 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.xgi. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

EikiSoft Archive Collectively Operation Utility up to 2.10.1.0 ZIP Archive pathname traversal

A vulnerability, which was classified as critical, was found in EikiSoft Archive Collectively Operation Utility up to 2.10.1.0. Affected is an unknown function of the component ZIP Archive Handler. Upgrading to version 2.10.2.0 eliminates this...
Auteur: VulDB

Yomi-Search 4.22 cross site scripting [CVE-2021-20691]

A vulnerability, which was classified as problematic, has been found in Yomi-Search 4.22. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Yomi-Search 4.22 cross site scripting [CVE-2021-20690]

A vulnerability classified as problematic was found in Yomi-Search 4.22. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Yomi-Search 4.22 cross site scripting [CVE-2021-20689]

A vulnerability classified as problematic has been found in Yomi-Search 4.22. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

Click Ranker 3.5 cross site scripting [CVE-2021-20688]

A vulnerability was found in Click Ranker 3.5. It has been rated as problematic. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Kagemai 0.8.8 cross-site request forgery [CVE-2021-20687]

A vulnerability was found in Kagemai 0.8.8. It has been declared as problematic. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Kagemai 0.8.8 cross site scripting [CVE-2021-20686]

A vulnerability was found in Kagemai 0.8.8. It has been classified as problematic. Affected is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Kagemai 0.8.8 cross site scripting [CVE-2021-20685]

A vulnerability was found in Kagemai 0.8.8 and classified as problematic. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

MagazinegerZ 1.01 cross site scripting [CVE-2021-20684]

A vulnerability has been found in MagazinegerZ 1.01 and classified as problematic. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Qualcomm Snapdragon Compute IO Control memory corruption [CVE-2021-1892]

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking (Chip Software). This affects an...
Auteur: VulDB

Qualcomm Snapdragon Auto RTCP Packet denial of service [CVE-2020-11255]

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile and Snapdragon...
Auteur: VulDB
12345678910Last

Événements SSI