Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

RockOA 1.9.8 mode_emailmAction.php cross site scripting

A vulnerability classified as problematic has been found in RockOA 1.9.8. Affected is an unknown code block of the file webmain/flow/input/mode_emailmAction.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Feehi CMS 2.0.8 User Name cross site scripting

A vulnerability was found in Feehi CMS 2.0.8 (Content Management System). It has been rated as problematic. This issue affects an unknown code of the component User Name Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Caret Editor up to 4.0.0-rc21 Markdown Document Remote Code Execution

A vulnerability was found in Caret Editor up to 4.0.0-rc21. It has been declared as critical. This vulnerability affects an unknown part of the component Markdown Document Handler. Upgrading to version 4.0.0-rc22 eliminates this vulnerability....
Auteur: VulDB

Apache Traffic Control up to 3.1.0/4.1.0 Config File ip_allow.config permission

A vulnerability was found in Apache Traffic Control up to 3.1.0/4.1.0. It has been classified as critical. This affects some unknown functionality of the file ip_allow.config of the component Config File Handler. There is no information about...
Auteur: VulDB

Panasonic FPWIN Pro Project File out-of-bounds read [CVE-2020-16236]

A vulnerability was found in Panasonic FPWIN Pro (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the component Project File Handler. There is no information about possible...
Auteur: VulDB

Google Android 10.0 A2DP_GetCodecType out-of-bounds read

A vulnerability has been found in Google Android 10.0 (Smartphone Operating System) and classified as problematic. Affected by this vulnerability is the function A2DP_GetCodecType. Applying a patch is able to eliminate this problem.
Auteur: VulDB

OpenWrt 18.06.0/18.06.1/18.06.2/18.06.3/18.06.4 LuCI SSID cross site scripting

A vulnerability, which was classified as problematic, was found in OpenWrt 18.06.0/18.06.1/18.06.2/18.06.3/18.06.4. Affected is some unknown processing of the component LuCI. Applying a patch is able to eliminate this problem. The bugfix is ready...
Auteur: VulDB

Report Extension on MediaWiki Special:Report cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Report Extension on MediaWiki (Reporting Software) (unknown version). This issue affects an unknown code block of the file Special:Report. Applying a patch is able to...
Auteur: VulDB

ORAS up to 0.8.x ZIP path traversal

A vulnerability classified as critical was found in ORAS up to 0.8.x. This vulnerability affects an unknown code of the component ZIP Handler. Upgrading to version 9.0.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Backdoor.Win32.Wollf.c Service Port 7754 sysocm.exe hard-coded credentials

A vulnerability classified as very critical has been found in Backdoor.Win32.Wollf.c (Remote Access Software) (the affected version unknown). This affects an unknown part of the file sysocm.exe of the component Service Port 7754. There is no...
Auteur: VulDB

Backdoor.Win32.DarkKomet.bhfh ÚÈÏÇáÑÍãä.exe permission

A vulnerability was found in Backdoor.Win32.DarkKomet.bhfh (Remote Access Software) (affected version not known). It has been rated as critical. Affected by this issue is some unknown functionality of the file C:\System\ÚÈÏÇáÑÍãä.exe....
Auteur: VulDB

Apache Nutch up to 1.17 xml external entity reference [CVE-2021-23901]

A vulnerability was found in Apache Nutch up to 1.17. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Upgrading to version 1.18 eliminates this vulnerability.
Auteur: VulDB

Apache ServiceComb-Java-Chassis up to 2.1.4 handler-router injection

A vulnerability was found in Apache ServiceComb-Java-Chassis up to 2.1.4 (Programming Language Software). It has been classified as critical. Affected is an unknown function of the component handler-router. Upgrading to version 2.1.5 eliminates...
Auteur: VulDB

Trojan.Win32.Xocry.ff c:\ProgData permission

A vulnerability was found in Trojan.Win32.Xocry.ff (unknown version) and classified as critical. This issue affects some unknown processing of the file c:\ProgData. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Octopus Deploy Server/Tentacle Agent up to 4.0.977 OctopusDSC cleartext transmission

A vulnerability has been found in Octopus Deploy Server and Tentacle Agent up to 4.0.977 and classified as problematic. This vulnerability affects an unknown code block of the component OctopusDSC. Upgrading to version 4.0.1002 eliminates this...
Auteur: VulDB

BigProf Online Invoicing System 4.0 app/items_view.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in BigProf Online Invoicing System 4.0. This affects an unknown code of the file app/items_view.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

HedgeDoc up to 1.7.1 Note cross site scripting

A vulnerability, which was classified as problematic, has been found in HedgeDoc up to 1.7.1. Affected by this issue is an unknown part of the component Note Handler. Upgrading to version 1.7.2 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

IBM MQ Internet Pass-Thru 2.1/9.2 MQ Data denial of service

A vulnerability classified as problematic was found in IBM MQ Internet Pass-Thru 2.1/9.2. Affected by this vulnerability is some unknown functionality of the component MQ Data Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

vis-timeline up to 7.4.3 Timeline Element cross site scripting

A vulnerability classified as problematic has been found in vis-timeline up to 7.4.3. Affected is an unknown functionality of the component Timeline Element Handler. Upgrading to version 7.4.4 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

M&M fdtCONTAINER Project Storage deserialization [CVE-2020-12525]

A vulnerability was found in M&M fdtCONTAINER (Virtualization Software) (unknown version). It has been rated as critical. This issue affects an unknown function of the component Project Storage Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 discoveryd null pointer dereference

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software). It has been declared as problematic. This vulnerability affects some unknown processing of the component discoveryd. Upgrading...
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 os command injection

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software). It has been classified as critical. This affects an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 HTTP POST cross site scripting

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software) and classified as problematic. Affected by this issue is an unknown code of the component HTTP POST Handler. Upgrading eliminates...
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 Web Interface cross-site request forgery

A vulnerability has been found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software) and classified as problematic. Affected by this vulnerability is an unknown part of the component Web Interface. Upgrading...
Auteur: VulDB

jquery-ui Dialog injection [CVE-2020-28488]

A vulnerability, which was classified as critical, was found in jquery-ui (JavaScript Library) (version unknown). Affected is some unknown functionality of the component Dialog Handler. There is no information about possible countermeasures...
Auteur: VulDB
12345678910Last

Événements SSI