Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM WebSphere Application Server 7.0/8.0/8.5/9.0 path traversal

A vulnerability was found in IBM WebSphere Application Server 7.0/8.0/8.5/9.0 (Application Server Software). It has been declared as critical. This vulnerability affects an unknown functionality. There is no information about possible...
Auteur: VulDB

Microsoft Sterling Connect Direct 4.7/4.8/6.0/6.1 on Windows buffer overflow

A vulnerability was found in Microsoft Sterling Connect Direct 4.7/4.8/6.0/6.1 on Windows. It has been classified as critical. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Shibboleth Identify Provider up to 3.4.5 Login Flow denial of service

A vulnerability was found in Shibboleth Identify Provider up to 3.4.5 and classified as problematic. Affected by this issue is some unknown processing of the component Login Flow Handler. Upgrading to version 3.4.6 eliminates this vulnerability.
Auteur: VulDB

osCommerce Phoenix CE up to 1.0.5.3 POST Parameter admin/mail.php os command injection

A vulnerability has been found in osCommerce Phoenix CE up to 1.0.5.3 (E-Commerce Management Software) and classified as critical. Affected by this vulnerability is an unknown code block of the file admin/mail.php of the component POST Parameter...
Auteur: VulDB

osCommerce Phoenix CE up to 1.0.5.3 define_language.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in osCommerce Phoenix CE up to 1.0.5.3 (E-Commerce Management Software). Affected is an unknown code of the file admin/define_language.php. Upgrading to version 1.0.5.4 eliminates...
Auteur: VulDB

NeoPost Mail Accounting Software Pro 5.0.6 FUS_SCM_BlockStart.php code cross site scripting

A vulnerability, which was classified as problematic, has been found in NeoPost Mail Accounting Software Pro 5.0.6 (Accounting Software). This issue affects an unknown part of the file php/Commun/FUS_SCM_BlockStart.php. There is no information...
Auteur: VulDB

Grafana up to 7.0.x Query cross site scripting

A vulnerability classified as problematic was found in Grafana up to 7.0.x. This vulnerability affects some unknown functionality of the component Query Handler. Upgrading to version 7.1.0-beta 1 eliminates this vulnerability.
Auteur: VulDB

Snap7 Server 1.4.1 COTP Protocol denial of service

A vulnerability classified as problematic has been found in Snap7 Server 1.4.1. This affects an unknown functionality of the component COTP Protocol Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Winston 1.5.4 API command injection

A vulnerability was found in Winston 1.5.4. It has been rated as critical. Affected by this issue is an unknown function of the component API. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Red Discord Bot up to 3.4.0 Mod Module access control

A vulnerability was found in Red Discord Bot up to 3.4.0. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Mod Module. Upgrading to version 3.4.1 eliminates this vulnerability. The...
Auteur: VulDB

Pulse Connect Secure up to 9.1R8 User Web Interface cross site scripting

A vulnerability was found in Pulse Connect Secure up to 9.1R8. It has been classified as problematic. Affected is an unknown code block of the component User Web Interface. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure/Pulse Policy Secure up to 9.1R8 User Web Interface cross site scripting

A vulnerability was found in Pulse Connect Secure and Pulse Policy Secure up to 9.1R8 and classified as problematic. This issue affects an unknown code of the component User Web Interface. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure/Pulse Policy Secure up to 9.1R8 Cookie buffer overflow

A vulnerability has been found in Pulse Connect Secure and Pulse Policy Secure up to 9.1R8 and classified as critical. This vulnerability affects an unknown part of the component Cookie Handler. Upgrading to version 9.1R9 eliminates this...
Auteur: VulDB

Pulse Connect Secure up to 9.1R8 Admin Web Interface unrestricted upload

A vulnerability, which was classified as critical, was found in Pulse Connect Secure up to 9.1R8. This affects some unknown functionality of the component Admin Web Interface. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Connect Secure up to 9.1R8 Admin Web Interface input validation

A vulnerability, which was classified as critical, has been found in Pulse Connect Secure up to 9.1R8. Affected by this issue is an unknown functionality of the component Admin Web Interface. Upgrading to version 9.1R9 eliminates this...
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 Dynamic Certificate Trust path traversal

A vulnerability classified as critical was found in Pulse Secure Desktop Client up to 9.1R8. Affected by this vulnerability is an unknown function of the component Dynamic Certificate Trust. Upgrading to version 9.1R9 eliminates this...
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 on Linux access control

A vulnerability classified as critical has been found in Pulse Secure Desktop Client up to 9.1R8 on Linux. Affected is some unknown processing. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 on Linux buffer overflow

A vulnerability was found in Pulse Secure Desktop Client up to 9.1R8 on Linux. It has been rated as critical. This issue affects an unknown code block. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 on Linux access control

A vulnerability was found in Pulse Secure Desktop Client up to 9.1R8 on Linux. It has been declared as critical. This vulnerability affects an unknown code. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 channel accessible [CVE-2020-8241]

A vulnerability was found in Pulse Secure Desktop Client up to 9.1R8. It has been classified as critical. This affects an unknown part. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 Embedded Browser unknown vulnerability

A vulnerability was found in Pulse Secure Desktop Client up to 9.1R8 and classified as problematic. Affected by this issue is some unknown functionality of the component Embedded Browser. Upgrading to version 9.1R9 eliminates this vulnerability.
Auteur: VulDB

Pulse Secure Desktop Client up to 9.1R8 Registry Privileges access control

A vulnerability has been found in Pulse Secure Desktop Client up to 9.1R8 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Registry Privileges Handler. Upgrading to version 9.1R9 eliminates...
Auteur: VulDB

Mozilla Firefox up to 79.x EC Scalar Point Multiplication key management

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 79.x (Web Browser). Affected is an unknown function of the component EC Scalar Point Multiplication. Upgrading to version 80.0 eliminates this vulnerability.
Auteur: VulDB

SonicWALL GLobal VPN Client up to 4.10.4.0314 Library uncontrolled search path

A vulnerability, which was classified as critical, has been found in SonicWALL GLobal VPN Client up to 4.10.4.0314 (Firewall Software). This issue affects some unknown processing of the component Library Handler. There is no information about...
Auteur: VulDB

SonicWALL GLobal VPN Client up to 4.10.4.0314 untrusted search path

A vulnerability classified as critical was found in SonicWALL GLobal VPN Client up to 4.10.4.0314 (Firewall Software). This vulnerability affects an unknown code block.
Auteur: VulDB
12345678910Last

Événements SSI