Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

RESTEasy up to 4.6.0.Final URL Encoding cross site scripting

A vulnerability was found in RESTEasy up to 4.6.0.Final and classified as problematic. This issue affects an unknown code block of the component URL Encoding Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus up to 11204 Disallowed Input List Remote Privilege Escalation

A vulnerability has been found in Zoho ManageEngine ServiceDesk Plus up to 11204 and classified as very critical. This vulnerability affects an unknown code of the component Disallowed Input List Handler. Upgrading to version 11205 eliminates...
Auteur: VulDB

Palo Alto Cortex XDR Agent up to 5.0.10/6.1.7/7.2.2 on Windows uncontrolled search path

A vulnerability, which was classified as critical, was found in Palo Alto Cortex XDR Agent up to 5.0.10/6.1.7/7.2.2 on Windows. This affects an unknown part. Upgrading to version 5.0.11, 6.1.8 or 7.2.3 eliminates this vulnerability.
Auteur: VulDB

CubeCoders AMP up to 2.1.1.7 Java Version Setting unknown vulnerability

A vulnerability, which was classified as problematic, has been found in CubeCoders AMP up to 2.1.1.7. Affected by this issue is some unknown functionality of the component Java Version Setting Handler. Upgrading to version 2.1.1.8 eliminates this...
Auteur: VulDB

Palo Alto Prisma Cloud Compute prior 21.04.412 Console debug log file

A vulnerability classified as problematic was found in Palo Alto Prisma Cloud Compute (Cloud Software). Affected by this vulnerability is an unknown functionality of the component Console. Upgrading to version 21.04.412 eliminates this...
Auteur: VulDB

set-getter 0.1.0 Prototype code injection

A vulnerability classified as critical has been found in set-getter 0.1.0. Affected is an unknown function of the component Prototype Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

expand-hash up to 1.0.1 Prototype code injection

A vulnerability was found in expand-hash up to 1.0.1. It has been rated as critical. This issue affects some unknown processing of the component Prototype Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

F5 BIG-IQ Centralized Management up to 8.0.0.0 Configuration Utility Remote Privilege Escalation

A vulnerability was found in F5 BIG-IQ Centralized Management up to 8.0.0.0. It has been declared as critical. This vulnerability affects an unknown code block of the component Configuration Utility. Upgrading to version 8.0.0.1 eliminates this...
Auteur: VulDB

thefuck up to 3.30 on Python Undo Archive path traversal

A vulnerability was found in thefuck up to 3.30 on Python. It has been classified as critical. This affects an unknown code of the component Undo Archive Handler. Upgrading to version 3.31 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

openSUSE openSUSE Leap/openSUSE Factory 15.2 symlink [CVE-2021-31997]

A vulnerability was found in openSUSE openSUSE Leap and openSUSE Factory 15.2 and classified as critical. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SuSE openSUSE Leap 15.2 symlink [CVE-2021-25322]

A vulnerability has been found in SuSE openSUSE Leap 15.2 and classified as critical. Affected by this vulnerability is some unknown functionality. Upgrading eliminates this vulnerability.
Auteur: VulDB

SuSE Linux Enterprise Server default permission [CVE-2021-31998]

A vulnerability, which was classified as critical, was found in SuSE Linux Enterprise Server, openSUSE Backports and openSUSE Leap (Operating System) (version unknown). Affected is an unknown functionality. Upgrading eliminates this vulnerability.
Auteur: VulDB

BlueZ src/gatt-database.c cli_feat_read_cb offset out-of-bounds read

A vulnerability, which was classified as problematic, has been found in BlueZ (unknown version). This issue affects the function cli_feat_read_cb of the file src/gatt-database.c. There is no information about possible countermeasures known. It...
Auteur: VulDB

Apache HTTP Server up to 2.4.46 on Windows denial of service

A vulnerability classified as problematic was found in Apache HTTP Server up to 2.4.46 on Windows (Web Server). This vulnerability affects some unknown processing. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Apache HTTP Server up to 2.4.46 MergeSlashes Remote Code Execution

A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.46 (Web Server). This affects an unknown code block of the component MergeSlashes Handler. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Apache HTTP Server up to 2.4.46 mod_session heap-based overflow

A vulnerability was found in Apache HTTP Server up to 2.4.46 (Web Server). It has been rated as critical. Affected by this issue is an unknown code of the component mod_session. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Apache HTTP Server up to 2.4.46 mod_session null pointer dereference

A vulnerability was found in Apache HTTP Server up to 2.4.46 (Web Server). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component mod_session. Upgrading to version 2.4.48 eliminates this...
Auteur: VulDB

Apache HTTP Server up to 2.4.46 mod_proxy_http null pointer dereference

A vulnerability was found in Apache HTTP Server up to 2.4.46 (Web Server). It has been classified as problematic. Affected is some unknown functionality of the component mod_proxy_http. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Apache HTTP Server up to 2.4.46 mod_proxy_wstunnel improper authentication

A vulnerability was found in Apache HTTP Server up to 2.4.46 (Web Server) and classified as critical. This issue affects an unknown functionality of the component mod_proxy_wstunnel. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Apache HTTP Server up to 2.4.46 mod_auth_digest stack-based overflow

A vulnerability has been found in Apache HTTP Server up to 2.4.46 (Web Server) and classified as critical. This vulnerability affects an unknown function of the component mod_auth_digest. Upgrading to version 2.4.48 eliminates this vulnerability.
Auteur: VulDB

Bosch IP Camera 7.6x/7.7x Web-based Interface page cross site scripting

A vulnerability, which was classified as problematic, was found in Bosch IP Camera 7.6x/7.7x (Network Camera Software). This affects some unknown processing of the component Web-based Interface. There is no information about possible...
Auteur: VulDB

Bosch IP Camera Web-based Interface cross site scripting [CVE-2021-23848]

A vulnerability, which was classified as problematic, has been found in Bosch IP Camera (Network Camera Software) (affected version not known). Affected by this issue is an unknown code block of the component Web-based Interface. There is no...
Auteur: VulDB

Intel Unite Client prior 4.2.25031 on Windows unquoted search path

A vulnerability classified as critical was found in Intel Unite Client on Windows. Affected by this vulnerability is an unknown code. Upgrading to version 4.2.25031 eliminates this vulnerability.
Auteur: VulDB

Intel Unite Client prior 4.2.25031 on Windows uncontrolled search path

A vulnerability classified as critical has been found in Intel Unite Client on Windows. Affected is an unknown part. Upgrading to version 4.2.25031 eliminates this vulnerability.
Auteur: VulDB

Intel Optane DC Persistent Memory prior 1.00.00.3515/2.00.00.3842 on Windows permission

A vulnerability was found in Intel Optane DC Persistent Memory on Windows. It has been rated as critical. This issue affects some unknown functionality. Upgrading to version 1.00.00.3515 or 2.00.00.3842 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI