Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

GitLab Community Edition/Enterprise Edition up to 7.10 oAuth Access Token information disclosure

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 7.10 (Bug Tracking Software) and classified as problematic. This vulnerability affects an unknown code block of the component oAuth Access Token Handler....
Auteur: VulDB

SilverStripe up to 4.6.0-rc1 Form Field unknown vulnerability

A vulnerability, which was classified as critical, was found in SilverStripe up to 4.6.0-rc1 (Content Management System). This affects an unknown code of the component Form Field Handler. There is no information about possible countermeasures...
Auteur: VulDB

SilverStripe up to 4.6.0-rc1 GraphQL improper authentication

A vulnerability, which was classified as problematic, has been found in SilverStripe up to 4.6.0-rc1 (Content Management System). Affected by this issue is an unknown part of the component GraphQL. There is no information about possible...
Auteur: VulDB

OpenEXR up to 3.0.0 integer overflow [CVE-2021-26945]

A vulnerability classified as problematic was found in OpenEXR up to 3.0.0. Affected by this vulnerability is some unknown functionality. Upgrading to version 3.0.1 eliminates this vulnerability.
Auteur: VulDB

OpenEXR up to 3.0.0 DwaCompressor integer overflow

A vulnerability classified as problematic has been found in OpenEXR up to 3.0.0. Affected is the function DwaCompressor. Upgrading to version 3.0.1 eliminates this vulnerability.
Auteur: VulDB

OpenEXR up to 3.0.0 DwaCompressor integer overflow

A vulnerability was found in OpenEXR up to 3.0.0. It has been rated as problematic. This issue affects the function DwaCompressor. Upgrading to version 3.0.1 eliminates this vulnerability.
Auteur: VulDB

OpenEXR up to 3.0.0 copyIntoFrameBuffer heap-based overflow

A vulnerability was found in OpenEXR up to 3.0.0. It has been declared as critical. This vulnerability affects the function copyIntoFrameBuffer. Upgrading to version 3.0.1 eliminates this vulnerability.
Auteur: VulDB

Intland codeBeamer ALM up to 10.1.SP4 WebDAV cross site scripting

A vulnerability was found in Intland codeBeamer ALM up to 10.1.SP4. It has been classified as problematic. This affects an unknown code block of the component WebDAV. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Nextcloud Client up to 3.16.0 on Android information disclosure

A vulnerability was found in Nextcloud Client up to 3.16.0 on Android (Android App Software) and classified as problematic. Affected by this issue is an unknown code. Upgrading to version 3.16.1 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

GitLab 13.10 Blob Viewer cross site scripting

A vulnerability has been found in GitLab 13.10 (Bug Tracking Software) and classified as problematic. Affected by this vulnerability is an unknown part of the component Blob Viewer. There is no information about possible countermeasures known. It...
Auteur: VulDB

Dell EMC NetWorker 18.x up to 19.4.0.1 log file [CVE-2021-21558]

A vulnerability, which was classified as problematic, was found in Dell EMC NetWorker 18.x up to 19.4.0.1. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Nuvoton NPCT75x 7.4.0.0 TPM access control

A vulnerability, which was classified as critical, has been found in Nuvoton NPCT75x 7.4.0.0. This issue affects an unknown functionality of the component TPM Handler. Upgrading to version 7.4.0.1 eliminates this vulnerability.
Auteur: VulDB

GitLab Community Edition/Enterprise Edition 10.5 Webhook Hacker server-side request forgery

A vulnerability classified as critical was found in GitLab Community Edition and Enterprise Edition 10.5 (Bug Tracking Software). This vulnerability affects an unknown function of the component Webhook Hacker. There is no information about...
Auteur: VulDB

codeBeamer ALM up to 10.1.SP4 cross-site request forgery [CVE-2020-26516]

A vulnerability classified as problematic has been found in codeBeamer ALM up to 10.1.SP4. This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Siemens Mendix SAML Module up to 2.1.1 access control [CVE-2021-33712]

A vulnerability was found in Siemens Mendix SAML Module up to 2.1.1. It has been rated as critical. Affected by this issue is an unknown code block. Upgrading to version 2.1.2 eliminates this vulnerability.
Auteur: VulDB

Django up to 2.2.23/3.1.11/3.2.3 pathname traversal [CVE-2021-33203]

A vulnerability was found in Django up to 2.2.23/3.1.11/3.2.3 (Content Management System). It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 2.2.24, 3.1.12 or 3.2.4 eliminates this...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 13.10.4/13.11.4/13.12.1 Merge Request resource consumption

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.10.4/13.11.4/13.12.1 (Bug Tracking Software). It has been classified as problematic. Affected is an unknown part of the component Merge Request Handler....
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 13.10.4/13.11.4/13.12.1 Merge Request resource consumption

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.10.4/13.11.4/13.12.1 (Bug Tracking Software) and classified as problematic. This issue affects some unknown functionality of the component Merge Request...
Auteur: VulDB

Dell EMC NetWorker 18.x up to 19.4.0.1 certificate validation

A vulnerability has been found in Dell EMC NetWorker 18.x up to 19.4.0.1 and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Night Owl Smart Doorbell 20190505 Push Notification Service cleartext transmission

A vulnerability, which was classified as problematic, was found in Night Owl Smart Doorbell 20190505. This affects an unknown function of the component Push Notification Service. There is no information about possible countermeasures known. It...
Auteur: VulDB

SilverStripe up to 4.6.0-rc1 CSSContentParser xml external entity reference

A vulnerability, which was classified as critical, has been found in SilverStripe up to 4.6.0-rc1 (Content Management System). Affected by this issue is some unknown processing of the component CSSContentParser. There is no information about...
Auteur: VulDB

VerneMQ MQTT Broker up to 1.11.x memory allocation [CVE-2021-33176]

A vulnerability classified as problematic was found in VerneMQ MQTT Broker up to 1.11.x. Affected by this vulnerability is an unknown code block. Upgrading to version 1.12.0 eliminates this vulnerability.
Auteur: VulDB

EMQ X Broker up to 4.2.7 memory allocation [CVE-2021-33175]

A vulnerability classified as problematic has been found in EMQ X Broker up to 4.2.7. Affected is an unknown code. Upgrading to version 4.2.8 eliminates this vulnerability.
Auteur: VulDB

GitLab Community Edition/Enterprise Edition 12.8 x.509 Certificate certificate validation

A vulnerability was found in GitLab Community Edition and Enterprise Edition 12.8 (Bug Tracking Software). It has been rated as problematic. This issue affects an unknown part of the component x.509 Certificate Handler. There is no information...
Auteur: VulDB

GitLab Enterprise Edition 13.11 Project information disclosure

A vulnerability was found in GitLab Enterprise Edition 13.11 (Bug Tracking Software). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Project Handler. There is no information about...
Auteur: VulDB
First234567891011Last

Événements SSI