Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GitLab up to 13.9.7 Timestamp permission

A vulnerability classified as critical has been found in GitLab up to 13.9.7 (Bug Tracking Software). Affected is an unknown function of the component Timestamp Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GitLab up to 11.6 Pull Mirror Credential information disclosure

A vulnerability was found in GitLab up to 11.6 (Bug Tracking Software). It has been rated as problematic. This issue affects some unknown processing of the component Pull Mirror Credential Handler. There is no information about possible...
Auteur: VulDB

libgetdata 0.10.0 dirfile Database use after free

A vulnerability was found in libgetdata 0.10.0. It has been declared as critical. This vulnerability affects an unknown code block of the component dirfile Database Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

VerityStream MSOW Solutions up to 3.1.0 Primary Source Verification information disclosure

A vulnerability was found in VerityStream MSOW Solutions up to 3.1.0. It has been classified as problematic. This affects an unknown code of the component Primary Source Verification. Upgrading to version 3.1.1 eliminates this vulnerability.
Auteur: VulDB

Red Hat Openstack 16.1 tripleo-ansible information disclosure

A vulnerability was found in Red Hat Openstack 16.1 (Cloud Software) and classified as problematic. Affected by this issue is an unknown part of the component tripleo-ansible. There is no information about possible countermeasures known. It may...
Auteur: VulDB

kennnyshiwa-cogs Tickets Module code injection [CVE-2021-29493]

A vulnerability has been found in kennnyshiwa-cogs (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality of the component Tickets Module. Applying the patch...
Auteur: VulDB

HPE Edgeline Infrastructure Manager up to 1.21 improper authentication

A vulnerability, which was classified as critical, was found in HPE Edgeline Infrastructure Manager up to 1.21. Affected is an unknown functionality. Upgrading to version 1.22 eliminates this vulnerability.
Auteur: VulDB

NSA Emissary 5.9.0 ConsoleAction CONSOLE_COMMAND_STRING cross-site request forgery

A vulnerability, which was classified as problematic, has been found in NSA Emissary 5.9.0. This issue affects an unknown function of the component ConsoleAction. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

CERTFR-2021-AVI-353 : Multiples vulnérabilités dans les produits Foxit (07 mai 2021)

De multiples vulnérabilités ont été découvertes dans les produits Foxit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de...
Auteur: Cert FR

Django up to 2.2.21/3.1.9/3.2.1 URLValidator injection

A vulnerability classified as critical was found in Django up to 2.2.21/3.1.9/3.2.1 (Content Management System). This vulnerability affects some unknown processing of the component URLValidator. Upgrading to version 2.2.22, 3.1.10 or 3.2.2...
Auteur: VulDB

puppyCMS 5.1 /admin/settings.php cross-site request forgery

A vulnerability classified as problematic has been found in puppyCMS 5.1. This affects an unknown code block of the file /admin/settings.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

OpenEMR up to 5.0.2.0 usergroup_admin.php lname cross site scripting

A vulnerability was found in OpenEMR up to 5.0.2.0 (Business Process Management Software). It has been rated as problematic. Affected by this issue is an unknown code of the file interface/usergroup/usergroup_admin.php. Upgrading to version...
Auteur: VulDB

Linux Kernel 5.12-rc5 net/x25/af_x25.c x25_bind out-of-bounds read

A vulnerability was found in Linux Kernel 5.12-rc5 (Operating System). It has been declared as critical. Affected by this vulnerability is the function x25_bind of the file net/x25/af_x25.c. There is no information about possible countermeasures...
Auteur: VulDB

OpenEMR 5.0.2.1 save.php sql injection

A vulnerability was found in OpenEMR 5.0.2.1 (Business Process Management Software). It has been classified as critical. Affected is some unknown functionality of the file interface/forms/eye_mag/save.php. Applying the patch 5.0.2 Patch 5 is able...
Auteur: VulDB

OpenEMR 5.0.2.1 ajax_code.php sql injection

A vulnerability was found in OpenEMR 5.0.2.1 (Business Process Management Software) and classified as critical. This issue affects an unknown functionality of the file library/custom_template/ajax_code.php. Applying the patch 5.0.2 Patch 5 is...
Auteur: VulDB

OpenEMR 5.0.2.1 Patient Portal _machine_config.php access control

A vulnerability has been found in OpenEMR 5.0.2.1 (Business Process Management Software) and classified as critical. This vulnerability affects an unknown function of the file portal/patient/_machine_config.php of the component Patient Portal....
Auteur: VulDB

Artica Pandora FMS 742 pandora_console chart_generator.php session_id sql injection

A vulnerability, which was classified as critical, was found in Artica Pandora FMS 742. This affects some unknown processing of the file /include/chart_generator.php of the component pandora_console. Upgrading to version 743 eliminates this...
Auteur: VulDB

Linux Kernel up to 5.11 Multi-device Driver Module drivers/md/dm-ioctl.c list_devices out-of-bounds write

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.11 (Operating System). Affected by this issue is the function list_devices of the file drivers/md/dm-ioctl.c of the component Multi-device Driver Module....
Auteur: VulDB

puppyCMS 5.1 Folder unknown vulnerability [CVE-2020-18888]

A vulnerability classified as problematic was found in puppyCMS 5.1. Affected by this vulnerability is an unknown code of the component Folder Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Linux Kernel up to 5.12.1 BPF Stack kernel/bpf/verifier.c information disclosure

A vulnerability classified as problematic has been found in Linux Kernel up to 5.12.1 (Operating System). Affected is an unknown part of the file kernel/bpf/verifier.c of the component BPF Stack. Applying a patch is able to eliminate this...
Auteur: VulDB

emlog 5.3.1/6.0.0 Database Backup File admin/data.php unrestricted upload

A vulnerability was found in emlog 5.3.1/6.0.0. It has been rated as critical. This issue affects some unknown functionality of the file admin/data.php of the component Database Backup File Handler. There is no information about possible...
Auteur: VulDB

puppyCMS 5.1 /admin/functions.php permission

A vulnerability was found in puppyCMS 5.1. It has been declared as critical. This vulnerability affects an unknown functionality of the file /admin/functions.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

IBM Tivoli Storage Manager 5 Release 2 Command Line Administrative Interface dsmadmc.exe buffer overflow

A vulnerability was found in IBM Tivoli Storage Manager 5 Release 2 (Backup Software). It has been classified as critical. This affects an unknown function of the file dsmadmc.exe of the component Command Line Administrative Interface. There is...
Auteur: VulDB

MapServer up to 7.0.7/7.2.2/7.4.4/7.6.2 access control [CVE-2021-32062]

A vulnerability was found in MapServer up to 7.0.7/7.2.2/7.4.4/7.6.2 and classified as critical. Affected by this issue is some unknown processing. Upgrading to version 7.0.8, 7.2.3, 7.4.5 or 7.6.3 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

openmptcprouter-vps-admin up to 0.57.3 omr-admin.py timing discrepancy

A vulnerability has been found in openmptcprouter-vps-admin up to 0.57.3 (Router Operating System) and classified as problematic. Affected by this vulnerability is an unknown code block of the file omr-admin.py. Applying a patch is able to...
Auteur: VulDB
12345678910Last

Événements SSI