Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Helpcom up to 9.x hard-coded key [CVE-2020-7846]

A vulnerability was found in Helpcom up to 9.x. It has been rated as problematic. This issue affects an unknown part. Upgrading to version 10.0 eliminates this vulnerability.
Auteur: VulDB

Voiceye WSActiveBridgeES prior 2.1.0.3 checking stack-based overflow

A vulnerability was found in Voiceye WSActiveBridgeES. It has been declared as critical. This vulnerability affects some unknown functionality. Upgrading to version 2.1.0.3 eliminates this vulnerability.
Auteur: VulDB

IBM MQ 9.1 CD AMQP/9.1 LTS/9.2 LTS Message denial of service

A vulnerability was found in IBM MQ 9.1 LTS/9.1 CD AMQP/9.2 LTS. It has been classified as problematic. This affects an unknown functionality of the component Message Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Openscad 2020.12-RC2 STL File import_stl.cc import_stl stack-based overflow

A vulnerability was found in Openscad 2020.12-RC2 and classified as critical. Affected by this issue is the function import_stl of the file import_stl.cc of the component STL File Handler. There is no information about possible countermeasures...
Auteur: VulDB

Eclipse Theia up to 1.2.0 Markdown cross site scripting

A vulnerability has been found in Eclipse Theia up to 1.2.0 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Markdown Handler. There is no information about possible countermeasures known....
Auteur: VulDB

CoolKit eWeLink on Android/iOS Quick Pairing Mode inadequate encryption

A vulnerability, which was classified as problematic, was found in CoolKit eWeLink on Android/iOS (version unknown). Affected is an unknown code block of the component Quick Pairing Mode. There is no information about possible countermeasures...
Auteur: VulDB

Apache XmlGraphics Commons 2.4 XMPParser server-side request forgery

A vulnerability, which was classified as critical, has been found in Apache XmlGraphics Commons 2.4. This issue affects an unknown code of the component XMPParser. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Apache Batik 1.13 NodePickerPanel server-side request forgery

A vulnerability classified as critical was found in Apache Batik 1.13. This vulnerability affects an unknown part of the component NodePickerPanel. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 improper authentication

A vulnerability classified as critical has been found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. This affects some unknown functionality. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 pathname traversal

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been rated as critical. Affected by this issue is an unknown functionality. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 cross site scripting

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 PHP Script unrestricted upload

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been classified as critical. Affected is some unknown processing of the component PHP Script Handler. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 Web Server os command injection

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4 and classified as critical. This issue affects an unknown code block of the component Web Server. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 access control

A vulnerability has been found in Contec SolarView Compact SV-CPT-MC310 up to 6.4 and classified as critical. This vulnerability affects an unknown code. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 information disclosure

A vulnerability, which was classified as problematic, was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. This affects an unknown part. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-145 : Multiples vulnérabilités dans les produits VMWare (24 février 2021)

De multiples vulnérabilités ont été découvertes dans les produits VMWare. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-AVI-144 : Multiples vulnérabilités dans Mozilla Thunderbird (24 février 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-143 : Multiples vulnérabilités dans Mozilla Firefox (24 février 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des...
Auteur: Cert FR

CERTFR-2021-AVI-142 : Multiples vulnérabilités dans les produits Aruba (24 février 2021)

De multiples vulnérabilités ont été découvertes dans les produits Aruba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

CERTFR-2021-AVI-141 : Vulnérabilité dans F5 BIG-IP (24 février 2021)

Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

libcaca 0.99.beta19 libcaca/caca/canvas.c caca_resize buffer overflow

A vulnerability, which was classified as critical, has been found in libcaca 0.99.beta19. Affected by this issue is the function caca_resize of the file libcaca/caca/canvas.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Artifex MuPDF 1.18.0 memory corruption [CVE-2021-3407]

A vulnerability classified as critical was found in Artifex MuPDF 1.18.0 (Document Reader Software). Affected by this vulnerability is an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

libEBML up to 1.4.1 ReadData heap-based overflow

A vulnerability classified as critical has been found in libEBML up to 1.4.1. Affected is the function EbmlString::ReadData/EbmlUnicodeString::ReadData. Upgrading to version 1.4.2 eliminates this vulnerability.
Auteur: VulDB

Directus up to 8.8.1 Password Reset information disclosure

A vulnerability was found in Directus up to 8.8.1. It has been rated as problematic. This issue affects some unknown processing of the component Password Reset Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Jasper up to 2.0.24 jp2_dec.c jp2_decode null pointer dereference

A vulnerability was found in Jasper up to 2.0.24 (Programming Tool Software). It has been declared as problematic. This vulnerability affects the function jp2_decode of the file jp2_dec.c. Upgrading to version 2.0.25 eliminates this...
Auteur: VulDB
First6789101112131415Last

Événements SSI