Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GROWI 4.2.0/4.2.1/4.2.2 cross site scripting [CVE-2021-20619]

A vulnerability classified as problematic has been found in GROWI 4.2.0/4.2.1/4.2.2. Affected is an unknown function. Upgrading to version 4.2.3 eliminates this vulnerability.
Auteur: VulDB

Atlassian Confluence Server/Data Center up to 7.1.x Avatar Upload denial of service

A vulnerability was found in Atlassian Confluence Server and Data Center up to 7.1.x. It has been rated as problematic. This issue affects some unknown processing of the component Avatar Upload Handler. Upgrading to version 7.2.0 eliminates this...
Auteur: VulDB

McAfee Agent up to 5.7.0 on Windows Update denial of service

A vulnerability was found in McAfee Agent up to 5.7.0 on Windows. It has been declared as problematic. This vulnerability affects an unknown code block of the component Update Handler. Upgrading to version 5.7.1 eliminates this vulnerability.
Auteur: VulDB

Archive_Tar up to 1.4.11 Tar.php pathname traversal

A vulnerability was found in Archive_Tar up to 1.4.11. It has been classified as critical. This affects an unknown code of the file Tar.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Source Integration Plugin up to 2.4.0 on MantisBT Private Project view.php access control

A vulnerability was found in Source Integration Plugin up to 2.4.0 on MantisBT and classified as critical. Affected by this issue is an unknown part of the file view.php of the component Private Project Handler. Upgrading to version 2.4.1...
Auteur: VulDB

Email-Worm.Win32.Agent.gi Microsoft ASPI Manager aspimgr.exe buffer overflow

A vulnerability has been found in Email-Worm.Win32.Agent.gi (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown functionality of the file aspimgr.exe of the component Microsoft ASPI Manager. There...
Auteur: VulDB

Backdoor.Win32.NetBull.11.a Service Port 23444 c:\infected.exe stack-based overflow

A vulnerability, which was classified as critical, was found in Backdoor.Win32.NetBull.11.a (Remote Access Software) (version unknown). Affected is an unknown functionality in the library mfc42.dll of the file c:\infected.exe of the component...
Auteur: VulDB

Constructor.Win32.SMWG.c VBS Script c:\sucke.vbs permission

A vulnerability, which was classified as critical, has been found in Constructor.Win32.SMWG.c (unknown version). This issue affects an unknown function of the file c:\sucke.vbs of the component VBS Script Handler. There is no information about...
Auteur: VulDB

Constructor.Win32.SMWG.a VBS Script c:\sucke.vbs permission

A vulnerability classified as critical was found in Constructor.Win32.SMWG.a (the affected version is unknown). This vulnerability affects some unknown processing of the file c:\sucke.vbs of the component VBS Script Handler. There is no...
Auteur: VulDB

Newfuture Trojan 1.0 Beta 1 Fast_sms Server permission

A vulnerability classified as critical has been found in Newfuture Trojan 1.0 Beta 1. This affects an unknown code block of the file C:\Archivos de Programa\Newfuture Trojan BETA 1\ of the component Fast_sms Server. There is no information about...
Auteur: VulDB

VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning

Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a...
Auteur: US Cert

tornado Package request smuggling [CVE-2020-28476]

A vulnerability was found in tornado Package (affected version not known). It has been rated as problematic. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

bottle Package up to 0.12.18 request smuggling [CVE-2020-28473]

A vulnerability was found in bottle Package up to 0.12.18. It has been declared as problematic. Affected by this vulnerability is an unknown part. Upgrading to version 0.12.19 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-ACT-002 : Bulletin d’actualité CERTFR-2021-ACT-002 (18 janvier 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

OpenCATS up to 0.9.5-3 cross site scripting [CVE-2021-25295]

A vulnerability was found in OpenCATS up to 0.9.5-3. It has been classified as problematic. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

OpenCATS up to 0.9.5-3 guzzlehttp index.php __destruct parametersactivity:ActivityDataGrid deserialization

A vulnerability was found in OpenCATS up to 0.9.5-3 and classified as critical. This issue affects the function __destruct in the library lib/DataGrid.php of the file index.php?m=activity of the component guzzlehttp. There is no information about...
Auteur: VulDB

Open Design Alliance Drawings SDK up to 2021.10 DXF File stack-based overflow

A vulnerability has been found in Open Design Alliance Drawings SDK up to 2021.10 and classified as critical. This vulnerability affects an unknown function of the component DXF File Handler. Upgrading to version 2021.11 eliminates this...
Auteur: VulDB

Open Design Alliance Drawings SDK prior 2021.11 DXF File null pointer dereference

A vulnerability, which was classified as problematic, was found in Open Design Alliance Drawings SDK. This affects some unknown processing of the component DXF File Handler. Upgrading to version 2021.11 eliminates this vulnerability.
Auteur: VulDB

Open Design Alliance Drawings SDK prior 2021.11 DXF File null pointer dereference

A vulnerability, which was classified as problematic, has been found in Open Design Alliance Drawings SDK. Affected by this issue is an unknown code block of the component DXF File Handler. Upgrading to version 2021.11 eliminates this...
Auteur: VulDB

Open Design Alliance Drawings SDK up to 2021.10 DXF File null pointer dereference

A vulnerability classified as problematic was found in Open Design Alliance Drawings SDK up to 2021.10. Affected by this vulnerability is an unknown code of the component DXF File Handler. Upgrading to version 2021.11 eliminates this...
Auteur: VulDB

Open Design Alliance Drawings SDK prior 2021.12 DGN File memory corruption

A vulnerability classified as problematic has been found in Open Design Alliance Drawings SDK. Affected is an unknown part of the component DGN File Handler. Upgrading to version 2021.12 eliminates this vulnerability.
Auteur: VulDB

Open Design Alliance Drawings SDK prior 2021.12 DGN File denial of service

A vulnerability was found in Open Design Alliance Drawings SDK. It has been rated as problematic. This issue affects some unknown functionality of the component DGN File Handler. Upgrading to version 2021.12 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-39 : Vulnérabilité dans Juniper Junos OS (18 janvier 2021)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

Asus DSL-N14U-B1 1.1.2.3_805 Firmware Update Settings_DSL-N14U-B1.trx denial of service

A vulnerability was found in Asus DSL-N14U-B1 1.1.2.3_805. It has been declared as problematic. This vulnerability affects an unknown functionality of the file Settings_DSL-N14U-B1.trx of the component Firmware Update Handler. There is no...
Auteur: VulDB

Atlassian FishEye/Crucible up to 4.8.4 web-inf/ file access

A vulnerability was found in Atlassian FishEye and Crucible up to 4.8.4 (Programming Tool Software). It has been classified as problematic. This affects an unknown function of the file web-inf/. Upgrading to version 4.8.5 eliminates this...
Auteur: VulDB
First45678910111213Last

Événements SSI