Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Nitro Pro 13.13.2.242 JPEG 2000 File Out-of-Bounds memory corruption

A vulnerability was found in Nitro Pro 13.13.2.242 and classified as critical. Affected by this issue is an unknown part of the component JPEG 2000 File Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ZoneMinder up to 1.34.20 download.php connkey cross site scripting

A vulnerability has been found in ZoneMinder up to 1.34.20 (Video Surveillance Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the file download.php. Upgrading to version 1.34.21 eliminates...
Auteur: VulDB

Reset Password Add-On up to 1.1.x on Alfresco weak authentication

A vulnerability, which was classified as critical, was found in Reset Password Add-On up to 1.1.x on Alfresco. Affected is an unknown functionality. Upgrading to version 1.2.0 eliminates this vulnerability.
Auteur: VulDB

Reset Password Add-On up to 1.1.x on Alfresco sql injection [CVE-2020-25727]

A vulnerability, which was classified as critical, has been found in Reset Password Add-On up to 1.1.x on Alfresco. This issue affects an unknown function. Upgrading to version 1.2.0 eliminates this vulnerability.
Auteur: VulDB

Sqreen PHP Agent Daemon up to 1.15.x Virtual Machine privilege escalation

A vulnerability classified as critical was found in Sqreen PHP Agent Daemon up to 1.15.x. This vulnerability affects some unknown processing of the component Virtual Machine. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

Sqreen PyMiniRacer up to 0.2.x Heap-based memory corruption

A vulnerability classified as critical has been found in Sqreen PyMiniRacer up to 0.2.x. This affects an unknown code block. Upgrading to version 0.3.0 eliminates this vulnerability.
Auteur: VulDB

yWorks yEd Desktop up to 3.20.0 XSL Stylesheet Code Execution

A vulnerability was found in yWorks yEd Desktop up to 3.20.0. It has been rated as critical. Affected by this issue is an unknown code of the component XSL Handler. Upgrading to version 3.20.1 eliminates this vulnerability.
Auteur: VulDB

yWorks yEd Desktop up to 3.20.0 XML Data XML External Entity

A vulnerability was found in yWorks yEd Desktop up to 3.20.0. It has been declared as critical. Affected by this vulnerability is an unknown part of the component XML Data Handler. Upgrading to version 3.20.1 eliminates this vulnerability.
Auteur: VulDB

Objective Systems Objective Open CBOR Run-time Stack-based memory corruption

A vulnerability was found in Objective Systems Objective Open CBOR Run-time (version unknown). It has been classified as critical. Affected is some unknown functionality of the component CBOR Handler. Upgrading eliminates this vulnerability. A...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.10.5 Serialized privilege escalation

A vulnerability was found in FasterXML jackson-databind up to 2.9.10.5 and classified as critical. This issue affects an unknown functionality of the component com.pastdev.httpcomponents.configuration.JndiConfiguration. Upgrading to version...
Auteur: VulDB

TitanHQ SpamTitan 7.07 Sandbox /etc/passwd privilege escalation

A vulnerability has been found in TitanHQ SpamTitan 7.07 (Anti-Spam Software) and classified as critical. This vulnerability affects an unknown function of the file /etc/passwd of the component Sandbox. There is no information about possible...
Auteur: VulDB

TitanHQ SpamTitan 7.07 ISO privilege escalation

A vulnerability, which was classified as critical, was found in TitanHQ SpamTitan 7.07 (Anti-Spam Software). This affects some unknown processing of the component ISO Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Helm up to 2.16.10/3.3.1 Plugin privilege escalation

A vulnerability, which was classified as critical, has been found in Helm up to 2.16.10/3.3.1. Affected by this issue is an unknown code block of the component Plugin Handler. Upgrading to version 2.16.11 or 3.3.2 eliminates this vulnerability.
Auteur: VulDB

Helm up to 2.16.10/3.3.1 Plugin Name privilege escalation

A vulnerability classified as critical was found in Helm up to 2.16.10/3.3.1. Affected by this vulnerability is an unknown code of the component Plugin Name Handler. Upgrading to version 2.16.11 or 3.3.2 eliminates this vulnerability.
Auteur: VulDB

Helm up to 2.16.10/3.3.1 Chart Injection privilege escalation

A vulnerability classified as problematic has been found in Helm up to 2.16.10/3.3.1. Affected is an unknown part of the component Chart Handler. Upgrading to version 2.16.11 or 3.3.2 eliminates this vulnerability.
Auteur: VulDB

Helm up to 2.16.10/3.3.1 Chart.yaml alias Injection privilege escalation

A vulnerability was found in Helm up to 2.16.10/3.3.1. It has been rated as critical. This issue affects some unknown functionality of the file Chart.yaml. Upgrading to version 2.16.11 or 3.3.2 eliminates this vulnerability.
Auteur: VulDB

SOY CMS up to 3.0.2 Reflected cross site scripting

A vulnerability was found in SOY CMS up to 3.0.2. It has been declared as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

SOY CMS up to 2.0.0.3 SOY Inquiry Request Remote Code Execution

A vulnerability was found in SOY CMS up to 2.0.0.3. It has been classified as critical. This affects an unknown function of the component SOY Inquiry. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Xerces JBoss up to 2.12.0.0SP2 JAXP XMLSchemaValidator XML File privilege escalation

A vulnerability was found in Xerces JBoss up to 2.12.0.0SP2 and classified as critical. Affected by this issue is the function XMLSchemaValidator of the component JAXP. Applying the patch 2.12.0.0SP3 is able to eliminate this problem.
Auteur: VulDB

Apache Superset up to 0.37.0 Python Code Injection privilege escalation

A vulnerability has been found in Apache Superset up to 0.37.0 and classified as critical. Affected by this vulnerability is an unknown code block of the component Python Handler. Upgrading to version 0.37.1 eliminates this vulnerability.
Auteur: VulDB

Apache Airflow up to 1.10.11 Endpoint /trigger origin cross site scripting

A vulnerability, which was classified as problematic, was found in Apache Airflow up to 1.10.11. Affected is an unknown code of the file /trigger of the component Endpoint. Upgrading to version 1.10.12 eliminates this vulnerability.
Auteur: VulDB

RAD SecFlow-1v up to 2020-05-21 Web-based Management Interface Javascript File Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in RAD SecFlow-1v up to 2020-05-21. This issue affects an unknown part of the component Web-based Management Interface. There is no information about possible countermeasures...
Auteur: VulDB

Solarwinds Orion Platform prior 2020.2.1 Administrator Account Stored cross site scripting

A vulnerability classified as problematic was found in Solarwinds Orion Platform. This vulnerability affects some unknown functionality of the component Administrator Account. Upgrading to version 2020.2.1 eliminates this vulnerability.
Auteur: VulDB

TitanHQ SpamTitan 7.07 mailqueue.php quid Code Injection privilege escalation

A vulnerability classified as critical has been found in TitanHQ SpamTitan 7.07 (Anti-Spam Software). This affects an unknown functionality of the file mailqueue.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

TitanHQ SpamTitan 7.07 mailqueue.php eval() jaction PHP Code Execution privilege escalation

A vulnerability was found in TitanHQ SpamTitan 7.07. It has been rated as critical. Affected by this issue is the function eval() of the file mailqueue.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB
First234567891011Last

Événements SSI