Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Aruba AirWave Management Platform prior 8.2.12.0 CLI Remote Privilege Escalation

A vulnerability classified as critical has been found in Aruba AirWave Management Platform. This affects an unknown function of the component CLI. Upgrading to version 8.2.12.0 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface cross-site request forgery

A vulnerability was found in Aruba AirWave Management Platform. It has been rated as problematic. Affected by this issue is some unknown processing of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface cross-site request forgery

A vulnerability was found in Aruba AirWave Management Platform. It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates...
Auteur: VulDB

SquareBox CatDV Server up to 9.2 RMI getConnections improper authentication

A vulnerability was found in SquareBox CatDV Server up to 9.2. It has been classified as critical. Affected is the function getConnections of the component RMI Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ZTE H196Q 9.1.0C2 Product information disclosure

A vulnerability was found in ZTE H196Q 9.1.0C2 and classified as problematic. This issue affects an unknown part of the component Product Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Zoho ManageEngine ADManager Plus up to 7065 cross site scripting

A vulnerability has been found in Zoho ManageEngine ADManager Plus up to 7065 and classified as problematic. This vulnerability affects some unknown functionality. Upgrading to version 7066 eliminates this vulnerability.
Auteur: VulDB

TOTVS Fluig Lake file path traversal

A vulnerability, which was classified as critical, was found in TOTVS Fluig Lake 1.7.0-210217/1.7.0-210112/1.7.0-201215/1.7.0-201124/ 1.7.0-200915. This affects an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Secomea GateManager prior 9.4.621054022 Firmware improper validation of integrity check value

A vulnerability, which was classified as critical, has been found in Secomea GateManager. Affected by this issue is an unknown function of the component Firmware Handler. Upgrading to version 9.4.621054022 eliminates this vulnerability.
Auteur: VulDB

Secomea GateManager up to 9.3 Web GUI cross-site request forgery

A vulnerability classified as problematic was found in Secomea GateManager up to 9.3. Affected by this vulnerability is some unknown processing of the component Web GUI. Upgrading to version 9.4 eliminates this vulnerability.
Auteur: VulDB

Secomea GateManager up to 9.3 Web GUI cross site scripting

A vulnerability classified as problematic has been found in Secomea GateManager up to 9.3. Affected is an unknown code block of the component Web GUI. Upgrading to version 9.4 eliminates this vulnerability.
Auteur: VulDB

Secomea GateManager up to 9.3 Web GUI cross site scripting

A vulnerability was found in Secomea GateManager up to 9.3. It has been rated as problematic. This issue affects an unknown code of the component Web GUI. Upgrading to version 9.4 eliminates this vulnerability.
Auteur: VulDB

Secomea SiteManager prior 9.4.620527004 Web UI access control

A vulnerability was found in Secomea SiteManager. It has been declared as critical. This vulnerability affects an unknown part of the component Web UI. Upgrading to version 9.4.620527004 eliminates this vulnerability.
Auteur: VulDB

xmlhttprequest/xmlhttprequest-ssl up to 1.6.x XMLHttpRequest injection

A vulnerability was found in xmlhttprequest and xmlhttprequest-ssl up to 1.6.x. It has been classified as critical. This affects some unknown functionality of the component XMLHttpRequest Handler. Upgrading to version 1.7.0 eliminates this...
Auteur: VulDB

Zoho ManageEngine Desktop Central prior 10.0.647 Authentication Secret improper authentication

A vulnerability was found in Zoho ManageEngine Desktop Central (Endpoint Management Software) and classified as critical. Affected by this issue is an unknown functionality of the component Authentication Secret Handler. Upgrading to version...
Auteur: VulDB

Apache Superset up to 0.38.0 Dashboard cross site scripting

A vulnerability has been found in Apache Superset up to 0.38.0 and classified as problematic. Affected by this vulnerability is an unknown function of the component Dashboard. There is no information about possible countermeasures known. It may...
Auteur: VulDB

CERTFR-2021-AVI-172 : Multiples vulnérabilités dans GRUB (05 mars 2021)

GRUB2 est le bootloader le plus couramment utilisé par les distributions Linux pour démarrer le système d'exploitation. De multiples vulnérabilités ont été découvertes dans GRUB2. Elles permettent à un attaquant, ayant la possibilité de passer...
Auteur: Cert FR

internment Crate up to 0.4.1 on Rust memory corruption [CVE-2021-28037]

A vulnerability, which was classified as critical, was found in internment Crate up to 0.4.1 on Rust (Rust Package). Affected is some unknown processing. Upgrading to version 0.4.2 eliminates this vulnerability.
Auteur: VulDB

quinn Crate up to 0.6.x on Rust SocketAddrV6 memory corruption

A vulnerability, which was classified as critical, has been found in quinn Crate up to 0.6.x on Rust (Rust Package). This issue affects the function std::net::SocketAddrV4/std::net::SocketAddrV6. Upgrading to version 0.7.0 eliminates this...
Auteur: VulDB

stack_dst Crate up to 0.6.0 on Rust push_inner uninitialized pointer

A vulnerability classified as problematic was found in stack_dst Crate up to 0.6.0 on Rust (Rust Package). Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

stack_dst Crate up to 0.6.0 on Rust push_inner double free

A vulnerability classified as critical has been found in stack_dst Crate up to 0.6.0 on Rust (Rust Package). This affects the function push_inner. Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

byte_struct Crate up to 0.6.0 on Rust deserialization [CVE-2021-28033]

A vulnerability was found in byte_struct Crate up to 0.6.0 on Rust (Rust Package). It has been rated as critical. Affected by this issue is some unknown functionality. Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

nano_arena Crate up to 0.5.1 on Rust split_at out-of-bounds write

A vulnerability was found in nano_arena Crate up to 0.5.1 on Rust (Rust Package). It has been declared as critical. Affected by this vulnerability is the function split_at. Upgrading to version 0.5.2 eliminates this vulnerability.
Auteur: VulDB

scratchpad Crate up to 1.3.0 on Rust move_elements double free

A vulnerability was found in scratchpad Crate up to 1.3.0 on Rust (Rust Package). It has been classified as critical. Affected is the function move_elements. Upgrading to version 1.3.1 eliminates this vulnerability.
Auteur: VulDB

truetype Crate up to 0.30.0 on Rust Tape::take_bytes uninitialized pointer

A vulnerability was found in truetype Crate up to 0.30.0 on Rust (Rust Package) and classified as problematic. This issue affects the function Tape::take_bytes. Upgrading to version 0.30.1 eliminates this vulnerability.
Auteur: VulDB

toodee Crate up to 0.2.x on Rust Row Insert uninitialized pointer

A vulnerability has been found in toodee Crate up to 0.2.x on Rust (Rust Package) and classified as problematic. This vulnerability affects an unknown code block of the component Row Insert Handler. Upgrading to version 0.3.0 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI