Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cosori Smart Air Fryer CS158-AF 1.1.0 JSON Object heap-based overflow

A vulnerability was found in Cosori Smart Air Fryer CS158-AF 1.1.0. It has been rated as critical. Affected by this issue is an unknown code of the component JSON Object Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

OpenClinic GA 5.173.3 getAssets.jsp assetStatus sql injection

A vulnerability was found in OpenClinic GA 5.173.3. It has been declared as critical. Affected by this vulnerability is an unknown part of the file getAssets.jsp. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Tilde OpenClinic GA 5.173.3 getAssets.jsp code sql injection

A vulnerability was found in Tilde OpenClinic GA 5.173.3. It has been classified as critical. Affected is some unknown functionality of the file getAssets.jsp. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

OpenClinic GA 5.173.3 getAssets.jsp code sql injection

A vulnerability was found in OpenClinic GA 5.173.3 and classified as critical. This issue affects an unknown functionality of the file getAssets.jsp. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Apache Tapestry up to 5.4.5/5.5.0/5.6.2/5.7.0 AppModule.class deserialization

A vulnerability has been found in Apache Tapestry up to 5.4.5/5.5.0/5.6.2/5.7.0 and classified as critical. This vulnerability affects an unknown function of the file /assets/something/services/AppModule.class. Upgrading to version 5.6.2 or 5.7.1...
Auteur: VulDB

PHPGurukul Beauty Parlour Management System 1.0 add-services.php sername sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Beauty Parlour Management System 1.0. This affects some unknown processing of the file add-services.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

PHPGurukul Beauty Parlour Management Syste 1.0 add-services.php sername cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Beauty Parlour Management Syste 1.0. Affected by this issue is an unknown code block of the file add-services.php. There is no information about possible...
Auteur: VulDB

CASAP Automated Enrollment System 1.0 Students ROUTE cross site scripting

A vulnerability classified as problematic was found in CASAP Automated Enrollment System 1.0 (Automation Software). Affected by this vulnerability is an unknown code of the component Students Handler. There is no information about possible...
Auteur: VulDB

McAfee Data Loss Prevention prior 11.6.100 on Windows hdlphook Driver privileges management

A vulnerability classified as critical has been found in McAfee Data Loss Prevention on Windows (Data Loss Prevention Software). Affected is an unknown part of the component hdlphook Driver. Upgrading to version 11.6.100 eliminates this...
Auteur: VulDB

McAfee Data Loss Prevention prior 11.6.100 on Windows hdlphook Driver denial of service

A vulnerability was found in McAfee Data Loss Prevention on Windows (Data Loss Prevention Software). It has been rated as problematic. This issue affects some unknown functionality of the component hdlphook Driver. Upgrading to version 11.6.100...
Auteur: VulDB

McAfee Content Security Reporter up to 2.7.x ePO Extension cleartext transmission

A vulnerability was found in McAfee Content Security Reporter up to 2.7.x (Reporting Software). It has been declared as problematic. This vulnerability affects an unknown functionality of the component ePO Extension. Upgrading to version 2.8.0...
Auteur: VulDB

Google Android pb_encode.c pb_write out-of-bounds write

A vulnerability was found in Google Android (Smartphone Operating System) (the affected version unknown). It has been classified as critical. This affects the function pb_write of the file pb_encode.c. Applying a patch is able to eliminate this...
Auteur: VulDB

McAfee Endpoint Security/Global Threat Intelligence up to 10.7.0 on Windows DNS cleartext transmission

A vulnerability was found in McAfee Endpoint Security and Global Threat Intelligence up to 10.7.0 on Windows and classified as problematic. Affected by this issue is some unknown processing of the component DNS Handler. Upgrading to version...
Auteur: VulDB

McAfee Advanced Threat Defense up to 4.12.1 HTTP Request Parameter information disclosure

A vulnerability has been found in McAfee Advanced Threat Defense up to 4.12.1 and classified as problematic. Affected by this vulnerability is an unknown code block of the component HTTP Request Parameter Handler. Upgrading to version 4.12.2...
Auteur: VulDB

McAfee Advanced Threat Defense up to 4.12.1 HTTP Request Parameter information disclosure

A vulnerability, which was classified as problematic, was found in McAfee Advanced Threat Defense up to 4.12.1. Affected is an unknown code of the component HTTP Request Parameter Handler. Upgrading to version 4.12.2 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-270 : Multiples vulnérabilités dans WordPress (15 avril 2021)

De multiples vulnérabilités ont été découvertes dans Wordpress. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Auteur: Cert FR

Adobe Digital Editions up to 4.5.11.187245 on macOS access control

A vulnerability, which was classified as critical, has been found in Adobe Digital Editions up to 4.5.11.187245 on macOS (Ebook Software). This issue affects an unknown part. Upgrading to version 4.5.11.187606 eliminates this vulnerability. The...
Auteur: VulDB

Zulip Server up to 3.3 Topic Moving API unknown vulnerability

A vulnerability classified as problematic was found in Zulip Server up to 3.3. This vulnerability affects some unknown functionality of the component Topic Moving API. Upgrading to version 3.4 eliminates this vulnerability.
Auteur: VulDB

Zulip Server up to 3.3 all_public_streams API access control

A vulnerability classified as critical has been found in Zulip Server up to 3.3. This affects an unknown functionality of the component all_public_streams API. Upgrading to version 3.4 eliminates this vulnerability.
Auteur: VulDB

Zulip Server up to 3.3 permission [CVE-2021-30478]

A vulnerability was found in Zulip Server up to 3.3. It has been rated as critical. Affected by this issue is an unknown function. Upgrading to version 3.4 eliminates this vulnerability.
Auteur: VulDB

Zulip Server up to 3.3 Webhook access control

A vulnerability was found in Zulip Server up to 3.3. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Webhook Handler. Upgrading to version 3.4 eliminates this vulnerability.
Auteur: VulDB

Jazzband Django Debug Toolbar up to 1.11.0/2.2.0/3.2.0 SQL Panel raw_sql sql injection

A vulnerability was found in Jazzband Django Debug Toolbar up to 1.11.0/2.2.0/3.2.0 (Content Management System). It has been classified as critical. Affected is an unknown code block of the component SQL Panel. Upgrading to version 1.11.1, 2.2.1...
Auteur: VulDB

Intelbras WIN 300/WRN 342 up to 2021-01-04 def_wirelesspassword source code

A vulnerability was found in Intelbras WIN 300 and WRN 342 up to 2021-01-04 and classified as problematic. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

AjaxSearchPro up to 4.20.7 Administration Panel deserialization

A vulnerability has been found in AjaxSearchPro up to 4.20.7 and classified as critical. This vulnerability affects an unknown part of the component Administration Panel. Upgrading to version 4.20.8 eliminates this vulnerability.
Auteur: VulDB

Pi-hole 5.2.4 privileges management [CVE-2021-29449]

A vulnerability, which was classified as critical, was found in Pi-hole 5.2.4. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB
First234567891011Last

Événements SSI