Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Eclipse Theia up to 1.2.0 Markdown cross site scripting

A vulnerability has been found in Eclipse Theia up to 1.2.0 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Markdown Handler. There is no information about possible countermeasures known....
Auteur: VulDB

CoolKit eWeLink on Android/iOS Quick Pairing Mode inadequate encryption

A vulnerability, which was classified as problematic, was found in CoolKit eWeLink on Android/iOS (version unknown). Affected is an unknown code block of the component Quick Pairing Mode. There is no information about possible countermeasures...
Auteur: VulDB

Apache XmlGraphics Commons 2.4 XMPParser server-side request forgery

A vulnerability, which was classified as critical, has been found in Apache XmlGraphics Commons 2.4. This issue affects an unknown code of the component XMPParser. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Apache Batik 1.13 NodePickerPanel server-side request forgery

A vulnerability classified as critical was found in Apache Batik 1.13. This vulnerability affects an unknown part of the component NodePickerPanel. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 improper authentication

A vulnerability classified as critical has been found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. This affects some unknown functionality. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 pathname traversal

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been rated as critical. Affected by this issue is an unknown functionality. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 cross site scripting

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 PHP Script unrestricted upload

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. It has been classified as critical. Affected is some unknown processing of the component PHP Script Handler. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 Web Server os command injection

A vulnerability was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4 and classified as critical. This issue affects an unknown code block of the component Web Server. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 access control

A vulnerability has been found in Contec SolarView Compact SV-CPT-MC310 up to 6.4 and classified as critical. This vulnerability affects an unknown code. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

Contec SolarView Compact SV-CPT-MC310 up to 6.4 information disclosure

A vulnerability, which was classified as problematic, was found in Contec SolarView Compact SV-CPT-MC310 up to 6.4. This affects an unknown part. Upgrading to version 6.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-145 : Multiples vulnérabilités dans les produits VMWare (24 février 2021)

De multiples vulnérabilités ont été découvertes dans les produits VMWare. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-AVI-144 : Multiples vulnérabilités dans Mozilla Thunderbird (24 février 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-143 : Multiples vulnérabilités dans Mozilla Firefox (24 février 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des...
Auteur: Cert FR

CERTFR-2021-AVI-142 : Multiples vulnérabilités dans les produits Aruba (24 février 2021)

De multiples vulnérabilités ont été découvertes dans les produits Aruba. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

CERTFR-2021-AVI-141 : Vulnérabilité dans F5 BIG-IP (24 février 2021)

Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

libcaca 0.99.beta19 libcaca/caca/canvas.c caca_resize buffer overflow

A vulnerability, which was classified as critical, has been found in libcaca 0.99.beta19. Affected by this issue is the function caca_resize of the file libcaca/caca/canvas.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Artifex MuPDF 1.18.0 memory corruption [CVE-2021-3407]

A vulnerability classified as critical was found in Artifex MuPDF 1.18.0 (Document Reader Software). Affected by this vulnerability is an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

libEBML up to 1.4.1 ReadData heap-based overflow

A vulnerability classified as critical has been found in libEBML up to 1.4.1. Affected is the function EbmlString::ReadData/EbmlUnicodeString::ReadData. Upgrading to version 1.4.2 eliminates this vulnerability.
Auteur: VulDB

Directus up to 8.8.1 Password Reset information disclosure

A vulnerability was found in Directus up to 8.8.1. It has been rated as problematic. This issue affects some unknown processing of the component Password Reset Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Jasper up to 2.0.24 jp2_dec.c jp2_decode null pointer dereference

A vulnerability was found in Jasper up to 2.0.24 (Programming Tool Software). It has been declared as problematic. This vulnerability affects the function jp2_decode of the file jp2_dec.c. Upgrading to version 2.0.25 eliminates this...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been classified as critical. This affects an unknown code of the component Web-based Management Interface. Upgrading to...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as critical. Affected by this issue is an unknown part of the component Web-based Management Interface. Upgrading to...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 OnGuard Local Privilege Escalation

A vulnerability has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component OnGuard. Upgrading to...
Auteur: VulDB

Directus up to 8.8.1 api-aa information disclosure

A vulnerability, which was classified as problematic, was found in Directus up to 8.8.1. Affected is an unknown functionality of the component api-aa. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
First3456789101112Last

Événements SSI