Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

MISP 2.4.136 Galaxy Cluster View view.ctp cross site scripting

A vulnerability was found in MISP 2.4.136. It has been classified as problematic. Affected is an unknown part of the file app/View/GalaxyClusters/view.ctp of the component Galaxy Cluster View. Applying a patch is able to eliminate this problem....
Auteur: VulDB

MISP 2.4.136 Password weak password

A vulnerability was found in MISP 2.4.136 and classified as critical. This issue affects some unknown functionality of the component Password Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 xml external entity reference

A vulnerability has been found in Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible...
Auteur: VulDB

IBM Planning Analytics 2.0 TLS Communication certificate validation

A vulnerability, which was classified as problematic, was found in IBM Planning Analytics 2.0. This affects an unknown function of the component TLS Communication Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

IBM Planning Analytics 2.0 unknown vulnerability [CVE-2020-4873]

A vulnerability, which was classified as critical, has been found in IBM Planning Analytics 2.0. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

IBM Planning Analytics 2.0 information disclosure [CVE-2020-4871]

A vulnerability classified as problematic was found in IBM Planning Analytics 2.0. Affected by this vulnerability is an unknown code block.
Auteur: VulDB

Mautic up to 3.2.3 Social Monitoring cross site scripting

A vulnerability classified as problematic has been found in Mautic up to 3.2.3. Affected is an unknown code of the component Social Monitoring. Upgrading to version 3.2.4 eliminates this vulnerability.
Auteur: VulDB

Mautic up to 3.2.3 Javascript File cross site scripting

A vulnerability was found in Mautic up to 3.2.3. It has been rated as problematic. This issue affects an unknown part of the component Javascript File Handler. Upgrading to version 3.2.4 eliminates this vulnerability.
Auteur: VulDB

fastify-csrf Package up to 3.0.0.0 query cookie without 'httponly' flag

A vulnerability was found in fastify-csrf Package up to 3.0.0.0. It has been declared as critical. This vulnerability affects some unknown functionality. Upgrading to version 3.0.0.1 eliminates this vulnerability. Applying a patch is able to...
Auteur: VulDB

socket.io Packet up to 2.3.x CORS unknown vulnerability [CVE-2020-28481]

A vulnerability was found in socket.io Packet up to 2.3.x. It has been classified as critical. This affects an unknown functionality of the component CORS Handler. Upgrading to version 2.4.0 eliminates this vulnerability.
Auteur: VulDB

jointjs Package up to 3.2.x util.setByPath code injection

A vulnerability was found in jointjs Package up to 3.2.x and classified as critical. Affected by this issue is the function util.setByPath. Upgrading to version 3.3.0 eliminates this vulnerability. Applying a patch is able to eliminate this...
Auteur: VulDB

jointjs Package up to 3.2.x unsetByPath denial of service

A vulnerability has been found in jointjs Package up to 3.2.x and classified as problematic. Affected by this vulnerability is the function unsetByPath. Upgrading to version 3.3.0 eliminates this vulnerability. The upgrade is hosted for download...
Auteur: VulDB

Zoho ManageEngine Applications Manager sql injection [CVE-2020-27733]

A vulnerability, which was classified as critical, was found in Zoho ManageEngine Applications Manager (Log Management Software) (version unknown). Affected is an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

Pixelimity 1.0 admin/setting.php Password cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Pixelimity 1.0. This issue affects an unknown code of the file admin/setting.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

CMS 0.12.7 edit.php cross-site request forgery

A vulnerability classified as problematic was found in CMS 0.12.7 (Content Management System). This vulnerability affects an unknown part of the file anchor/views/users/edit.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

Microchip Libraries for Applications 2018-11-26 PKCS information disclosure

A vulnerability classified as problematic has been found in Microchip Libraries for Applications 2018-11-26. This affects some unknown functionality of the component PKCS Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

gsap Package up to 3.5.x denial of service [CVE-2020-28478]

A vulnerability was found in gsap Package up to 3.5.x. It has been rated as problematic. Affected by this issue is an unknown functionality. Upgrading to version 3.6.0 eliminates this vulnerability. Applying a patch is able to eliminate this...
Auteur: VulDB

immer Package denial of service [CVE-2020-28477]

A vulnerability was found in immer Package (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

aws-sdk shared-ini-file-loader INI File Parser injection [CVE-2020-28472]

A vulnerability was found in aws-sdk shared-ini-file-loader (version unknown). It has been classified as critical. Affected is some unknown processing of the component INI File Parser. Upgrading eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

Linux Kernel up to 5.10.8 NFS Export fs/nfsd/nfs3xdr.c no_subtree_check path traversal [Disputed]

A vulnerability was found in Linux Kernel up to 5.10.8 (Operating System) and classified as critical. This issue affects the function no_subtree_check of the file fs/nfsd/nfs3xdr.c of the component NFS Export Handler. Applying a patch is able to...
Auteur: VulDB

Python up to 3.9.1 _ctypes/callproc.c PyCArg_repr c_double.from_param buffer overflow

A vulnerability has been found in Python up to 3.9.1 (Programming Language Software) and classified as critical. This vulnerability affects the function PyCArg_repr of the file _ctypes/callproc.c. Applying a patch is able to eliminate this...
Auteur: VulDB

Hgiga EIP Online Registration sql injection [CVE-2021-22852]

A vulnerability, which was classified as critical, was found in Hgiga EIP (the affected version unknown). This affects an unknown part of the component Online Registration. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Hgiga EIP Document Management Page URL sql injection

A vulnerability, which was classified as critical, has been found in Hgiga EIP (affected version not known). Affected by this issue is some unknown functionality of the component Document Management Page. There is no information about possible...
Auteur: VulDB

HGiga EIP permission assignment [CVE-2021-22850]

A vulnerability classified as critical was found in HGiga EIP (affected version unknown). Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2021-AVI-039 : Vulnérabilité dans Juniper Junos OS (19 janvier 2021)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR
First3456789101112Last

Événements SSI