Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ngx_http_lua_module up to 0.10.15 API an unknown vulnerability

A vulnerability, which was classified as problematic, has been found in ngx_http_lua_module up to 0.10.15. This issue affects an unknown code block of the component API. Upgrading to version 0.10.16 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

OpenIAM up to 4.2.0.2 /webconsole/rest/api/ permission

A vulnerability classified as critical was found in OpenIAM up to 4.2.0.2. This vulnerability affects an unknown code of the file /webconsole/rest/api/. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 access control [CVE-2020-13421]

A vulnerability classified as critical has been found in OpenIAM up to 4.2.0.2. This affects an unknown part. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Groovy Script Remote Privilege Escalation

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Groovy Script Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Batch pathname traversal

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Batch Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Add New User cross site scripting

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been classified as problematic. Affected is an unknown function of the component Add New User Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

Seafile 7.0.5 Share of Library cross site scripting

A vulnerability was found in Seafile 7.0.5 and classified as problematic. This issue affects some unknown processing of the component Share of Library. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

LiquidFiles up to 3.4.15 Send Email cross site scripting

A vulnerability has been found in LiquidFiles up to 3.4.15 and classified as problematic. This vulnerability affects an unknown code block of the component Send Email Handler. Upgrading to version 3.5 eliminates this vulnerability.
Auteur: VulDB

phpseclib up to 2.0.30/3.0.6 RSA PKCS#1 v1.5 Signature Verification signature verification

A vulnerability, which was classified as problematic, was found in phpseclib up to 2.0.30/3.0.6. This affects an unknown code of the component RSA PKCS#1 v1.5 Signature Verification Handler. Upgrading to version 2.0.31 or 3.0.7 eliminates this...
Auteur: VulDB

VIGRA Computer Vision Library 1-11-1 File impex.hxx read_image_band denial of service

A vulnerability, which was classified as problematic, has been found in VIGRA Computer Vision Library 1-11-1 (Software Library). Affected by this issue is the function read_image_band of the file impex.hxx of the component File Handler. There is...
Auteur: VulDB

SerenityOS 2021-03-27 read buffer overflow

A vulnerability classified as critical was found in SerenityOS 2021-03-27. Affected by this vulnerability is the function EndOfCentralDirectory::read. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

Net::Netmask prior 2.0000 on Perl Zero access control

A vulnerability classified as critical has been found in Net::Netmask on Perl. Affected is an unknown functionality of the component Zero Handler. Upgrading to version 2.0000 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Open Container Initiative umoci up to 0.4.6 Image symlink

A vulnerability was found in Open Container Initiative umoci up to 0.4.6 (Virtualization Software). It has been rated as critical. This issue affects an unknown function of the component Image Handler. Upgrading to version 0.4.7 eliminates this...
Auteur: VulDB

SerenityOS LibTextCode buffer overflow [CVE-2021-28874]

A vulnerability was found in SerenityOS (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown processing of the component LibTextCode. Applying the patch...
Auteur: VulDB

Django up to 2.2.19/3.0.13/3.1.7 MultiPartParser pathname traversal

A vulnerability was found in Django up to 2.2.19/3.0.13/3.1.7 (Content Management System). It has been classified as critical. This affects an unknown code block of the component MultiPartParser. Upgrading to version 2.2.20, 3.0.14 or 3.1.8...
Auteur: VulDB

Vangene deltaFlow E-Platform unrestricted upload [CVE-2021-28173]

A vulnerability was found in Vangene deltaFlow E-Platform (affected version not known) and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Vangene deltaFlow E-Platform File Download path traversal [CVE-2021-28172]

A vulnerability has been found in Vangene deltaFlow E-Platform (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part of the component File Download Handler. There is no information about possible...
Auteur: VulDB

Vangene deltaFlow E-Platform Cookie insufficiently protected credentials

A vulnerability, which was classified as critical, was found in Vangene deltaFlow E-Platform (version unknown). Affected is some unknown functionality of the component Cookie Handler. There is no information about possible countermeasures known....
Auteur: VulDB

CITSmart prior 9.1.2.28 Filtro de Autocomplete unknown vulnerability

A vulnerability, which was classified as problematic, has been found in CITSmart. This issue affects an unknown functionality of the component Filtro de Autocomplete. Upgrading to version 9.1.2.28 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

iKuaiOS 3.4.8 Build 202012291059 information disclosure [CVE-2021-28075]

A vulnerability classified as problematic was found in iKuaiOS 3.4.8 Build 202012291059. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_control_messages.c _parse_options buffer overflow

A vulnerability classified as critical has been found in RIOT-OS up to 2021.01. This affects the function _parse_options of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible countermeasures...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_validation.c gnrc_rpl_validation_options buffer overflow

A vulnerability was found in RIOT-OS up to 2021.01. It has been rated as critical. Affected by this issue is the function gnrc_rpl_validation_options of the file sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c. There is no information about...
Auteur: VulDB

RIOT-OS 2020.01 gnrc_rpl_control_messages.c buffer overflow

A vulnerability was found in RIOT-OS 2020.01. It has been declared as critical. Affected by this vulnerability is an unknown code of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible...
Auteur: VulDB

SerenityOS ASN.1 DER.h der_decode_sequence buffer overflow

A vulnerability was found in SerenityOS (version unknown). It has been classified as problematic. Affected is the function Crypto::der_decode_sequence in the library /Userland/Libraries/LibCrypto/ASN1/DER.h of the component ASN.1 Handler....
Auteur: VulDB

TimelyBills on iOS/Android JWT Token Storage cleartext storage

A vulnerability was found in TimelyBills on iOS/Android (unknown version) and classified as problematic. This issue affects some unknown functionality of the component JWT Token Storage. There is no information about possible countermeasures...
Auteur: VulDB
First3456789101112Last

Événements SSI