Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Octopus Deploy Server/Tentacle Agent up to 4.0.977 OctopusDSC cleartext transmission

A vulnerability has been found in Octopus Deploy Server and Tentacle Agent up to 4.0.977 and classified as problematic. This vulnerability affects an unknown code block of the component OctopusDSC. Upgrading to version 4.0.1002 eliminates this...
Auteur: VulDB

BigProf Online Invoicing System 4.0 app/items_view.php cross-site request forgery

A vulnerability, which was classified as problematic, was found in BigProf Online Invoicing System 4.0. This affects an unknown code of the file app/items_view.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

HedgeDoc up to 1.7.1 Note cross site scripting

A vulnerability, which was classified as problematic, has been found in HedgeDoc up to 1.7.1. Affected by this issue is an unknown part of the component Note Handler. Upgrading to version 1.7.2 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

IBM MQ Internet Pass-Thru 2.1/9.2 MQ Data denial of service

A vulnerability classified as problematic was found in IBM MQ Internet Pass-Thru 2.1/9.2. Affected by this vulnerability is some unknown functionality of the component MQ Data Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

vis-timeline up to 7.4.3 Timeline Element cross site scripting

A vulnerability classified as problematic has been found in vis-timeline up to 7.4.3. Affected is an unknown functionality of the component Timeline Element Handler. Upgrading to version 7.4.4 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

M&M fdtCONTAINER Project Storage deserialization [CVE-2020-12525]

A vulnerability was found in M&M fdtCONTAINER (Virtualization Software) (unknown version). It has been rated as critical. This issue affects an unknown function of the component Project Storage Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 discoveryd null pointer dereference

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software). It has been declared as problematic. This vulnerability affects some unknown processing of the component discoveryd. Upgrading...
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 os command injection

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software). It has been classified as critical. This affects an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 HTTP POST cross site scripting

A vulnerability was found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software) and classified as problematic. Affected by this issue is an unknown code of the component HTTP POST Handler. Upgrading eliminates...
Auteur: VulDB

Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 Web Interface cross-site request forgery

A vulnerability has been found in Pepperl+Fuchs P+F Comtrol IO-Link Master up to 1.5.48 (Programming Language Software) and classified as problematic. Affected by this vulnerability is an unknown part of the component Web Interface. Upgrading...
Auteur: VulDB

jquery-ui Dialog injection [CVE-2020-28488]

A vulnerability, which was classified as critical, was found in jquery-ui (JavaScript Library) (version unknown). Affected is some unknown functionality of the component Dialog Handler. There is no information about possible countermeasures...
Auteur: VulDB

Hyweb HyCMS-J1 Backend Edit cross site scripting [CVE-2021-22849]

A vulnerability, which was classified as problematic, has been found in Hyweb HyCMS-J1 (unknown version). This issue affects an unknown functionality of the component Backend Edit Handler. There is no information about possible countermeasures...
Auteur: VulDB

Hyweb HyCMS-J1 API request injection

A vulnerability classified as critical was found in Hyweb HyCMS-J1 (the affected version is unknown). This vulnerability affects an unknown function of the component API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2021-ACT-004 : Bulletin d’actualité CERTFR-2021-ACT-004 (22 janvier 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-AVI-055 : Multiples vulnérabilités dans VLC media player (22 janvier 2021)

De multiples vulnérabilités ont été découvertes dans VLC. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2021-AVI-054 : Multiples vulnérabilités dans Microsoft Edge (22 janvier 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-053 : Vulnérabilité dans Xen (22 janvier 2021)

De multiples vulnérabilités ont été découvertes dans Xen . Elles permettent à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CSI snapshot-controller up to 2.1.2/3.0.1 on Kubernetes Volume Snapshot null pointer dereference

A vulnerability classified as problematic has been found in CSI snapshot-controller up to 2.1.2/3.0.1 on Kubernetes. This affects some unknown processing of the component Volume Snapshot Handler. Upgrading to version 2.1.3 or 3.0.2 eliminates...
Auteur: VulDB

Secrets Store CSI Driver 0.0.15/0.0.16 var/lib/kubelet/pods path traversal

A vulnerability was found in Secrets Store CSI Driver 0.0.15/0.0.16 on https:/github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384 (Hardware Driver Software). It has been rated as problematic. Affected by this issue is an unknown code...
Auteur: VulDB

Secrets Store CSI Driver Vault Plugin on Kubernetes /var/lib/kubelet/pods path traversal

A vulnerability was found in Secrets Store CSI Driver Vault Plugin, Azure Plugin and GCP Plugin on Kubernetes (Hardware Driver Software) (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown...
Auteur: VulDB

Kubernetes API Server permission [CVE-2020-8554]

A vulnerability was found in Kubernetes (Virtualization Software) (version unknown). It has been classified as problematic. Affected is an unknown part of the component API Server. There is no information about possible countermeasures known. It...
Auteur: VulDB

Backdoor.Win32.Hupigon.adef HTTP POST Request user32.dll buffer overflow

A vulnerability was found in Backdoor.Win32.Hupigon.adef (Remote Access Software) (unknown version) and classified as critical. This issue affects some unknown functionality in the library user32.dll of the component HTTP POST Request Handler....
Auteur: VulDB

OnlineVotingSystem up to 1.1.1 Password Hash hash without salt

A vulnerability has been found in OnlineVotingSystem up to 1.1.1 and classified as problematic. This vulnerability affects an unknown functionality of the component Password Hash Handler. Upgrading to version 1.1.2 eliminates this vulnerability....
Auteur: VulDB

PySAML2 up to 6.4.x CryptoBackendXmlSec1 Backend xmlsec1 signature verification

A vulnerability, which was classified as problematic, was found in PySAML2 up to 6.4.x. This affects an unknown function of the file xmlsec1 of the component CryptoBackendXmlSec1 Backend. Upgrading to version 6.5.0 eliminates this vulnerability....
Auteur: VulDB

PySAML2 up to 6.4.x XML Signature signature verification

A vulnerability, which was classified as critical, has been found in PySAML2 up to 6.4.x. Affected by this issue is some unknown processing of the component XML Signature Handler. Upgrading to version 6.5.0 eliminates this vulnerability. The...
Auteur: VulDB
12345678910Last

Événements SSI