Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GraphHopper up to 2.3/3.0 Regular Expression resource consumption

A vulnerability, which was classified as problematic, has been found in GraphHopper up to 2.3/3.0. Affected by this issue is an unknown part of the component Regular Expression Handler. Upgrading to version 2.4 or 3.0 eliminates this...
Auteur: VulDB

Kibana up to 7.12.0 Webhook Action resource consumption

A vulnerability classified as problematic was found in Kibana up to 7.12.0. Affected by this vulnerability is some unknown functionality of the component Webhook Action Handler. Upgrading to version 7.12.1 eliminates this vulnerability.
Auteur: VulDB

Elasticsearch up to 6.8.14/7.11.1 Field Level Security information disclosure

A vulnerability classified as problematic has been found in Elasticsearch up to 6.8.14/7.11.1. Affected is an unknown functionality of the component Field Level Security. Upgrading to version 6.8.15 or 7.11.2 eliminates this vulnerability.
Auteur: VulDB

Kibana up to 6.8.14/7.11.x Session Timeout session expiration

A vulnerability was found in Kibana up to 6.8.14/7.11.x. It has been rated as problematic. This issue affects an unknown function of the component Session Timeout Handler. Upgrading to version 6.8.15 or 7.12.0 eliminates this vulnerability.
Auteur: VulDB

Elasticsearch up to 6.8.14/7.11.1 Suggester/Profile API information disclosure

A vulnerability was found in Elasticsearch up to 6.8.14/7.11.1. It has been declared as problematic. This vulnerability affects some unknown processing of the component Suggester/Profile API. Upgrading to version 6.8.15 or 7.11.2 eliminates this...
Auteur: VulDB

ILIAS up to 5.3.18/5.4.11 Workspace Upload information disclosure

A vulnerability was found in ILIAS up to 5.3.18/5.4.11. It has been classified as problematic. This affects an unknown code block of the component Workspace Upload Handler. Upgrading to version 5.3.19, 5.4.12 or 6.0 eliminates this vulnerability....
Auteur: VulDB

Prosody up to 0.11.8 Server-to-Server Authentication dialback_without_dialback certificate validation

A vulnerability was found in Prosody up to 0.11.8 and classified as critical. Affected by this issue is the function dialback_without_dialback of the component Server-to-Server Authentication. Upgrading to version 0.11.9 eliminates this...
Auteur: VulDB

Prosody up to 0.11.8 Lua resource consumption

A vulnerability has been found in Prosody up to 0.11.8 and classified as problematic. Affected by this vulnerability is an unknown part of the component Lua. Upgrading to version 0.11.9 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 HERMES 2.1 RemoteDiagnosisApp out-of-bounds read

A vulnerability, which was classified as problematic, was found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). Affected is the function RemoteDiagnosisApp of the component HERMES 2.1. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 HERMES 2.1 Local Privilege Escalation

A vulnerability, which was classified as critical, has been found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This issue affects an unknown functionality of the component HERMES 2.1. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 Headunit NTG6 MultiSvSetAttributes type confusion

A vulnerability classified as problematic was found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This vulnerability affects the function MultiSvSetAttributes of the component Headunit NTG6. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 Headunit NTG6 MultiSvGet/GetAttributes/MultiSvSet Local Privilege Escalation

A vulnerability classified as problematic has been found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This affects the function MultiSvGet/GetAttributes/MultiSvSet of the component Headunit NTG6. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 on Mercedes Headunit NTG6 Local Privilege Escalation

A vulnerability was found in Daimler Mercedes MBUX up to 2021 on Mercedes (Vehicle Software). It has been rated as problematic. Affected by this issue is an unknown code block of the component Headunit NTG6. Upgrading eliminates this...
Auteur: VulDB

Pydantic up to 1.6.1/1.7.3/1.8.1 infinite loop [CVE-2021-29510]

A vulnerability was found in Pydantic up to 1.6.1/1.7.3/1.8.1. It has been declared as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 1.6.2, 1.7.4 or 1.8.2 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

Flask-Caching Extension up to 1.10.1 on Flask Pickle cross site scripting

A vulnerability was found in Flask-Caching Extension up to 1.10.1 on Flask. It has been classified as problematic. Affected is an unknown part of the component Pickle. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

IBM Jazz Reporting Service 6.0.6.1/7.0/7.0.1/7.0.2 server-side request forgery

A vulnerability was found in IBM Jazz Reporting Service 6.0.6.1/7.0/7.0.1/7.0.2 (Reporting Software) and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Piwigo 11.4.0 user_list_backend.php order[0][dir] sql injection

A vulnerability has been found in Piwigo 11.4.0 (Photo Gallery Software) and classified as critical. This vulnerability affects an unknown functionality of the file admin/user_list_backend.php. Applying a patch is able to eliminate this problem....
Auteur: VulDB

Chamilo 1.11.14 XML Data admin/user_import.php xml external entity reference

A vulnerability, which was classified as problematic, was found in Chamilo 1.11.14 (Content Management System). This affects an unknown function of the file admin/user_import.php of the component XML Data Handler. Applying a patch is able to...
Auteur: VulDB

Symfony 3.4 Switch User information exposure

A vulnerability, which was classified as critical, has been found in Symfony 3.4. Affected by this issue is some unknown processing of the component Switch User Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

ArticleCMS unrestricted upload [CVE-2020-28063]

A vulnerability classified as critical was found in ArticleCMS (affected version unknown). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Teradici PCoIP Graphics Agent up to 21.2 on Windows Redirect Pixel NVENC.dll Remote Privilege Escalation

A vulnerability classified as problematic has been found in Teradici PCoIP Graphics Agent up to 21.2 on Windows. Affected is an unknown code in the library NVENC.dll of the component Redirect Pixel Handler. Upgrading to version 21.03 eliminates...
Auteur: VulDB

Teradici PCoIP Agent denial of service [CVE-2021-25693]

A vulnerability was found in Teradici PCoIP Agent (unknown version). It has been rated as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

BlackBerry UEM up to 12.12.1a QF6/12.13.1 QF2 Management Console denial of service

A vulnerability was found in BlackBerry UEM up to 12.12.1a QF6/12.13.1 QF2. It has been declared as problematic. This vulnerability affects some unknown functionality of the component Management Console. There is no information about possible...
Auteur: VulDB

WAGO Managed Switch missing authentication [CVE-2021-20998]

A vulnerability was found in WAGO Managed Switch (the affected version unknown). It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

WAGO Managed Switch Web-based Management insufficiently protected credentials

A vulnerability was found in WAGO Managed Switch (affected version not known) and classified as problematic. Affected by this issue is an unknown function of the component Web-based Management. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI