Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Nagios Log Server up to 2.1.6 Notification Methods Stored cross site scripting

A vulnerability has been found in Nagios Log Server up to 2.1.6 (Log Management Software) and classified as problematic. This vulnerability affects some unknown processing of the component Notification Methods Handler. Upgrading to version 2.1.7...
Auteur: VulDB

DP3T-Backend-SDK up to 1.1.0 JWT alg DP3T privilege escalation

A vulnerability, which was classified as problematic, was found in DP3T-Backend-SDK up to 1.1.0. This affects an unknown code block of the component JWT Handler. Upgrading to version 1.1.1 eliminates this vulnerability. A possible mitigation has...
Auteur: VulDB

Hashicorp Terraform Enterprise up to 202006-1 Signup Page privilege escalation

A vulnerability, which was classified as critical, has been found in Hashicorp Terraform Enterprise up to 202006-1. Affected by this issue is an unknown code of the component Signup Page. Upgrading to version 202007-1 eliminates this...
Auteur: VulDB

slp-validate up to 1.2.1 on npm NFT1 Child Genesis Transaction Incorrect Comparison

A vulnerability classified as problematic was found in slp-validate up to 1.2.1 on npm. Affected by this vulnerability is an unknown part of the component NFT1 Child Genesis Transaction Handler. Upgrading to version 1.2.2 eliminates this...
Auteur: VulDB

slpjs Package up to 0.27.3 on npm NFT1 Child Genesis Transaction Incorrect Comparison

A vulnerability classified as problematic has been found in slpjs Package up to 0.27.3 on npm. Affected is some unknown functionality of the component NFT1 Child Genesis Transaction Handler. Upgrading to version 0.27.4 eliminates this...
Auteur: VulDB

Traefik up to 1.7.25/2.2.7/2.3.0-rc2 API Dashboard X-Forwarded-Prefix Redirect information disclosure

A vulnerability was found in Traefik up to 1.7.25/2.2.7/2.3.0-rc2. It has been rated as problematic. This issue affects an unknown functionality of the component API Dashboard. Upgrading to version 1.7.26, 2.2.8 or 2.3.0-rc3 eliminates this...
Auteur: VulDB

Pi-Hole up to 5.0 sudo Shell Metacharacter privilege escalation

A vulnerability was found in Pi-Hole up to 5.0. It has been declared as critical. This vulnerability affects an unknown function of the component sudo Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ABUS Secvest FUMO50110 RF Packet weak authentication

A vulnerability was found in ABUS Secvest FUMO50110 (the affected version unknown). It has been classified as critical. This affects some unknown processing of the component RF Handler. There is no information about possible countermeasures...
Auteur: VulDB

Pi-Hole up to 4.4 dns-servers.conf Shell Metacharacter command injection

A vulnerability was found in Pi-Hole up to 4.4 and classified as critical. Affected by this issue is an unknown code block of the file /etc/pihole/dns-servers.conf. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Citrix ICA URL cross site scripting

A vulnerability was found in Pulse Connect Secure up to 9.1R7. It has been rated as problematic. Affected by this issue is some unknown processing of the component Citrix ICA URL Handler. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Invalidation du « Privacy shield » : les premières questions-réponses du CEPD

Suite à l’arrêt de la Cour de justice de l’Union européenne invalidant le Privacy Shield (affaire « Schrems II »), le CEPD offre de premiers éléments de réponse aux questions les plus fréquemment posées, en attendant les futures analyses...
Auteur: Cnil

Pulse Connect Secure up to 9.1R7 Administrator Web Interface directory traversal

A vulnerability has been found in Pulse Connect Secure up to 9.1R7 and classified as critical. Affected by this vulnerability is an unknown code of the component Administrator Web Interface. Upgrading to version 9.1R8 eliminates this...
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Administrator Web Interface directory traversal

A vulnerability, which was classified as critical, was found in Pulse Connect Secure up to 9.1R7. Affected is an unknown part of the component Administrator Web Interface. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 command injection [CVE-2020-8220]

A vulnerability, which was classified as critical, has been found in Pulse Connect Secure up to 9.1R7. This issue affects some unknown functionality. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Permission Check Password privilege escalation

A vulnerability classified as critical was found in Pulse Connect Secure up to 9.1R7. This vulnerability affects an unknown functionality of the component Permission Check. Upgrading to version 9.1R8 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Admin Web Interface Code Execution

A vulnerability classified as critical has been found in Pulse Connect Secure up to 9.1R7. This affects an unknown function of the component Admin Web Interface. Upgrading to version 9.1RB eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R7 Meeting Detail information disclosure

A vulnerability was found in Pulse Connect Secure up to 9.1R7. It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component Meeting Detail Handler. Upgrading to version 9.1R8 eliminates this...
Auteur: VulDB

UniFi Protect up to 1.13.3 Web Application HTTP Response information disclosure

A vulnerability was found in UniFi Protect up to 1.13.3. It has been classified as problematic. Affected is an unknown code of the component Web Application. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Pulse Connect Secure prior 9.1RB Google TOTP weak authentication

A vulnerability was found in Pulse Connect Secure and classified as critical. This issue affects an unknown part of the component Google TOTP. Upgrading to version 9.1RB eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R4 PSAL Page cross site scripting

A vulnerability has been found in Pulse Connect Secure up to 9.1R4 and classified as problematic. This vulnerability affects some unknown functionality of the component PSAL Page. Upgrading to version 9.1R5 eliminates this vulnerability.
Auteur: VulDB

NextCloud Preferred Providers App 1.6.0 Long Password denial of service

A vulnerability, which was classified as problematic, was found in NextCloud Preferred Providers App 1.6.0 (Cloud Software). This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Fastify 2.14.1/3.0.0-rc.4 Resource Exhaustion denial of service

A vulnerability, which was classified as problematic, has been found in Fastify 2.14.1/3.0.0-rc.4. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Security Guardium 10.5/10.6/11.1 Login Page information disclosure

A vulnerability classified as problematic was found in IBM Security Guardium 10.5/10.6/11.1 (Policy Management Software). Affected by this vulnerability is some unknown processing of the component Login Page. There is no information about...
Auteur: VulDB

IBM Security Guardium 10.5/10.6/11.1 weak encryption [CVE-2020-4185]

A vulnerability classified as problematic has been found in IBM Security Guardium 10.5/10.6/11.1 (Policy Management Software). Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Qualcomm Snapdragon Mobile Saipan/SM8250/SXR2130 camx Driver Notification Use-After-Free memory corruption

A vulnerability was found in Qualcomm Snapdragon Mobile Saipan/SM8250/SXR2130. It has been rated as critical. This issue affects an unknown code of the component camx Driver. Upgrading eliminates this vulnerability.
Auteur: VulDB
First45678910111213Last

Événements SSI