Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface cross site scripting

A vulnerability has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as problematic. This vulnerability affects an unknown part of the component Web-based Management Interface....
Auteur: VulDB

Collabora Online up to 4.2.12/6.4.2 loolforkit Local Privilege Escalation

A vulnerability, which was classified as critical, was found in Collabora Online up to 4.2.12/6.4.2. This affects some unknown functionality of the component loolforkit. Upgrading to version 4.2.13 or 6.4.3 eliminates this vulnerability.
Auteur: VulDB

Luxion KeyShot up to 10.0 Extraction path traversal

A vulnerability, which was classified as critical, has been found in Luxion KeyShot, KeyShot Viewer, KeyShot Network Rendering and KeyVR up to 10.0. Affected by this issue is an unknown functionality of the component Extraction Handler. Upgrading...
Auteur: VulDB

VMware Spring Cloud Netflix Zuul up to 2.2.6.RELEASE Sensitive Headers unknown vulnerability

A vulnerability classified as problematic was found in VMware Spring Cloud Netflix Zuul up to 2.2.6.RELEASE (Cloud Software). Affected by this vulnerability is an unknown function of the component Sensitive Headers Handler. Upgrading to version...
Auteur: VulDB

stunnel up to 5.56 certificate validation [CVE-2021-20230]

A vulnerability classified as critical has been found in stunnel up to 5.56. Affected is some unknown processing. Upgrading to version 5.57 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

PostgreSQL up to 13.1 Query authorization

A vulnerability was found in PostgreSQL up to 13.1 (Database Software). It has been rated as problematic. This issue affects an unknown code block of the component Query Handler. Upgrading to version 9.5.25, 9.6.21, 10.16, 11.11, 12.6 or 13.2...
Auteur: VulDB

Linux Kernel Object io_uring use after free

A vulnerability was found in Linux Kernel (Operating System) (the affected version is unknown). It has been declared as critical. This vulnerability affects the function io_uring of the component Object Handler. Applying a patch is able to...
Auteur: VulDB

Undertow HTTP Request HTTP/1.x request smuggling

A vulnerability was found in Undertow (the affected version unknown). It has been classified as critical. This affects an unknown part of the file HTTP/1.x of the component HTTP Request Handler. There is no information about possible...
Auteur: VulDB

Openshift Installer prior 0.9.0-master.0.20210125200451-95101da940b0 Kublet missing authentication

A vulnerability was found in Openshift Installer (Virtualization Software) and classified as critical. Affected by this issue is some unknown functionality of the component Kublet. Upgrading to version 0.9.0-master.0.20210125200451-95101da940b0...
Auteur: VulDB

ipTIME NAS-I up to 1.4.35 Bulletin Manage unrestricted upload

A vulnerability has been found in ipTIME NAS-I, NAS-II, NAS-IIe, NAS101, NAS1dual, NAS2dual, NAS3, NAS4 and NAS4dual up to 1.4.35 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Bulletin...
Auteur: VulDB

IBM Planning Analytics 2.0 information disclosure [CVE-2020-4953]

A vulnerability, which was classified as problematic, was found in IBM Planning Analytics 2.0. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

theme-core lib/utils.js command injection [CVE-2020-28432]

A vulnerability, which was classified as critical, has been found in theme-core (unknown version). This issue affects some unknown processing in the library lib/utils.js. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

wc-cmd index.js command injection

A vulnerability classified as critical was found in wc-cmd (the affected version is unknown). This vulnerability affects an unknown code block of the file index.js. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

nuance-gulp-build-common index.js command injection

A vulnerability classified as critical has been found in nuance-gulp-build-common (the affected version unknown). This affects an unknown code of the file index.js. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

geojson2kml index.js command injection

A vulnerability was found in geojson2kml (affected version not known). It has been rated as critical. Affected by this issue is an unknown part of the file index.js. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

fastadmin 1.0.0.20200506_beta cross site scripting [CVE-2020-26609]

A vulnerability was found in fastadmin 1.0.0.20200506_beta. It has been declared as problematic. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Advantech WebAccess/SCADA up to 9.0 WADashboard Remote Privilege Escalation

A vulnerability was found in Advantech WebAccess and SCADA up to 9.0 (SCADA Software). It has been classified as critical. Affected is an unknown functionality of the component WADashboard. Upgrading to version 9.0.1 eliminates this vulnerability.
Auteur: VulDB

WECON LeviStudioU up to 2019-09-21 Project File buffer overflow

A vulnerability was found in WECON LeviStudioU up to 2019-09-21 and classified as critical. This issue affects an unknown function of the component Project File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Keycloak HTTP Header authentication bypass [CVE-2020-14359]

A vulnerability has been found in Keycloak (the affected version is unknown) and classified as critical. This vulnerability affects some unknown processing of the component HTTP Header Handler. There is no information about possible...
Auteur: VulDB

Rendertron up to 2.x Screenshot server-side request forgery

A vulnerability, which was classified as critical, was found in Rendertron up to 2.x. This affects an unknown code block of the component Screenshot Handler. Upgrading to version 3.0.0 eliminates this vulnerability.
Auteur: VulDB

NanoHTTPD up to 2.3.1 HTTP GET RouterNanoHTTPD.java GeneralHandler cross site scripting

A vulnerability, which was classified as problematic, has been found in NanoHTTPD up to 2.3.1 (Web Server). Affected by this issue is the function GeneralHandler of the file RouterNanoHTTPD.java of the component HTTP GET Handler. There is no...
Auteur: VulDB

netplex json-smart-v1/json-smart-v2 unknown vulnerability [CVE-2021-27568]

A vulnerability classified as problematic was found in netplex json-smart-v1 and json-smart-v2 (affected version unknown). There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

CIRA Canadian Shield App prior 4.0.13 on iOS certificate validation

A vulnerability classified as problematic has been found in CIRA Canadian Shield App on iOS (iOS App Software). Affected is some unknown functionality. Upgrading to version 4.0.13 eliminates this vulnerability.
Auteur: VulDB

Nozomi Guardian/CMC up to 20.0.7.3 Web GUI path traversal

A vulnerability was found in Nozomi Guardian and CMC up to 20.0.7.3. It has been rated as critical. This issue affects an unknown functionality of the component Web GUI. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Nozomi Guardian/CMC up to 20.0.7.3 Web GUI os command injection

A vulnerability was found in Nozomi Guardian and CMC up to 20.0.7.3. It has been declared as critical. This vulnerability affects an unknown function of the component Web GUI. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI