Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Config File Provider Plugin up to 3.7.0 on Jenkins cross-site request forgery

A vulnerability was found in Config File Provider Plugin up to 3.7.0 on Jenkins (Jenkins Plugin). It has been declared as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known....
Auteur: VulDB

XWiki up to 12.6.2/12.7 cross site scripting [CVE-2021-29459]

A vulnerability was found in XWiki up to 12.6.2/12.7 (Content Management System). It has been classified as problematic. This affects some unknown processing. Upgrading to version 12.6.3 or 12.8 eliminates this vulnerability.
Auteur: VulDB

CloudBees CD Plugin up to 1.1.21 on Jenkins HTTP Endpoint authorization

A vulnerability was found in CloudBees CD Plugin up to 1.1.21 on Jenkins (Jenkins Plugin) and classified as critical. Affected by this issue is an unknown code block of the component HTTP Endpoint. There is no information about possible...
Auteur: VulDB

Templating Engine Plugin up to 2.1 on Jenkins Script Security Plugin protection mechanism

A vulnerability has been found in Templating Engine Plugin up to 2.1 on Jenkins (Jenkins Plugin) and classified as critical. Affected by this vulnerability is an unknown code of the component Script Security Plugin. There is no information about...
Auteur: VulDB

Config File Provider Plugin up to 3.7.0 on Jenkins HTTP Endpoint authorization

A vulnerability, which was classified as problematic, was found in Config File Provider Plugin up to 3.7.0 on Jenkins. Affected is an unknown part of the component HTTP Endpoint. There is no information about possible countermeasures known. It...
Auteur: VulDB

Config File Provider Plugin up to 3.7.0 on Jenkins HTTP Endpoint authorization

A vulnerability, which was classified as problematic, has been found in Config File Provider Plugin up to 3.7.0 on Jenkins. This issue affects some unknown functionality of the component HTTP Endpoint. There is no information about possible...
Auteur: VulDB

Telegram App 7.6.2 on iOS MtProtoKitFramework denial of service

A vulnerability classified as problematic was found in Telegram App 7.6.2 on iOS (iOS App Software). This vulnerability affects an unknown functionality of the component MtProtoKitFramework. There is no information about possible countermeasures...
Auteur: VulDB

NVIDIA GeForce Experience up to 3.21 GameStream Plugins access control

A vulnerability classified as critical has been found in NVIDIA GeForce Experience up to 3.21. This affects an unknown function of the component GameStream Plugins. Upgrading to version 3.22 eliminates this vulnerability.
Auteur: VulDB

Config File Provider Plugin up to 3.7.0 on Jenkins XML External Entity xml external entity reference

A vulnerability was found in Config File Provider Plugin up to 3.7.0 on Jenkins (Jenkins Plugin). It has been rated as critical. Affected by this issue is some unknown processing of the component XML External Entity Handler. There is no...
Auteur: VulDB

Debian Xscreensaver 5.42+dfsg1-1 Mesa 3D Graphics Library sonar Remote Privilege Escalation

A vulnerability was found in Debian Xscreensaver 5.42+dfsg1-1. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file /usr/libexec/xscreensaver/sonar of the component Mesa 3D Graphics Library. There...
Auteur: VulDB

wrongthink 2.4.0 Fingerprint cross site scriting

A vulnerability was found in wrongthink 2.4.0. It has been classified as problematic. Affected is an unknown code of the component Fingerprint Handler. Upgrading to version 2.4.1 eliminates this vulnerability.
Auteur: VulDB

Authelia up to 4.27.4 Web Portal redirect

A vulnerability was found in Authelia up to 4.27.4 and classified as critical. This issue affects an unknown part of the component Web Portal. Upgrading to version 4.28.0 eliminates this vulnerability.
Auteur: VulDB

Unisys Stealth up to 5.0.047.x/5.1.016.x/6.1.036.x insufficiently protected credentials

A vulnerability has been found in Unisys Stealth up to 5.0.047.x/5.1.016.x/6.1.036.x and classified as problematic. This vulnerability affects some unknown functionality. Upgrading to version 5.0.048.0, 5.1.017.0 or 6.1.037.0 eliminates this...
Auteur: VulDB

Eclipse Openj9 up to 0.25.0 jdk.internal.reflect.ConstantPool API missing initialization of resource

A vulnerability, which was classified as critical, was found in Eclipse Openj9 up to 0.25.0. This affects an unknown functionality of the component jdk.internal.reflect.ConstantPool API. There is no information about possible countermeasures...
Auteur: VulDB

Hashicorp Consul Enterprise up to 1.9.4/1.9.5 HTTP Event unknown vulnerability

A vulnerability, which was classified as problematic, has been found in Hashicorp Consul Enterprise up to 1.9.4/1.9.5. Affected by this issue is an unknown function of the component HTTP Event Handler. Upgrading to version 1.8.10 or 1.9.5...
Auteur: VulDB

Magento LTS up to 19.4.12/20.0.8 sql injection [CVE-2021-21427]

A vulnerability classified as critical was found in Magento LTS up to 19.4.12/20.0.8. Affected by this vulnerability is some unknown processing. Upgrading to version 19.4.13 or 20.0.9 eliminates this vulnerability.
Auteur: VulDB

Magento LTS up to 19.4.12/20.0.8 deserialization [CVE-2021-21426]

A vulnerability classified as very critical has been found in Magento LTS up to 19.4.12/20.0.8. Affected is an unknown code block. Upgrading to version 19.4.13 or 20.0.9 eliminates this vulnerability.
Auteur: VulDB

NVIDIA Windows GPU Display Driver R390 on Windows Installer Remote Privilege Escalation

A vulnerability was found in NVIDIA Windows GPU Display Driver R390 on Windows (Hardware Driver Software). It has been rated as critical. This issue affects an unknown code of the component Installer. There is no information about possible...
Auteur: VulDB

NVIDIA Windows GPU Display Driver on Windows Kernel Driver nvlddmkm.sys null pointer dereference

A vulnerability was found in NVIDIA Windows GPU Display Driver on Windows (Hardware Driver Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part in the library nvlddmkm.sys of...
Auteur: VulDB

NVIDIA Windows GPU Display Driver on Windows Kernel Mode Layer nvlddmkm.sys DxgkDdiEscape Remote Privilege Escalation

A vulnerability was found in NVIDIA Windows GPU Display Driver on Windows (Hardware Driver Software) (the affected version unknown). It has been classified as critical. This affects the function DxgkDdiEscape in the library nvlddmkm.sys of the...
Auteur: VulDB

Wikimedia analytics-quarry-web Content Type app.py cross site scripting

A vulnerability was found in Wikimedia analytics-quarry-web (Content Management System) (affected version not known) and classified as problematic. Affected by this issue is an unknown functionality of the file app.py of the component Content...
Auteur: VulDB

Tobesoft XPlatform prior 9.2.2.280 command injection [CVE-2020-7857]

A vulnerability has been found in Tobesoft XPlatform and classified as critical. Affected by this vulnerability is an unknown function. Upgrading to version 9.2.2.280 eliminates this vulnerability.
Auteur: VulDB

Aviatrix VPN Client up to 2.8.2 VPN Service permission

A vulnerability, which was classified as critical, was found in Aviatrix VPN Client up to 2.8.2 (Network Encryption Software). Affected is some unknown processing of the component VPN Service. There is no information about possible...
Auteur: VulDB

Abus Secvest Wireless Alarm System FUAA50000 3.01.17 HTTPS Interface improper authentication

A vulnerability, which was classified as critical, has been found in Abus Secvest Wireless Alarm System FUAA50000 3.01.17. This issue affects an unknown code block of the component HTTPS Interface Handler. There is no information about possible...
Auteur: VulDB

Hashicorp Consul/Consul Enterprise up to 1.7.13/1.8.9/1.9.4 KV Raw Mode cross site scripting

A vulnerability classified as problematic was found in Hashicorp Consul and Consul Enterprise up to 1.7.13/1.8.9/1.9.4. This vulnerability affects an unknown code of the component KV Raw Mode. Upgrading to version 1.7.14, 1.8.10 or 1.9.5...
Auteur: VulDB
12345678910Last

Événements SSI