Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

libcaca 0.99.beta19 libcaca/caca/canvas.c caca_resize buffer overflow

A vulnerability, which was classified as critical, has been found in libcaca 0.99.beta19. Affected by this issue is the function caca_resize of the file libcaca/caca/canvas.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Artifex MuPDF 1.18.0 memory corruption [CVE-2021-3407]

A vulnerability classified as critical was found in Artifex MuPDF 1.18.0 (Document Reader Software). Affected by this vulnerability is an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

libEBML up to 1.4.1 ReadData heap-based overflow

A vulnerability classified as critical has been found in libEBML up to 1.4.1. Affected is the function EbmlString::ReadData/EbmlUnicodeString::ReadData. Upgrading to version 1.4.2 eliminates this vulnerability.
Auteur: VulDB

Directus up to 8.8.1 Password Reset information disclosure

A vulnerability was found in Directus up to 8.8.1. It has been rated as problematic. This issue affects some unknown processing of the component Password Reset Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Jasper up to 2.0.24 jp2_dec.c jp2_decode null pointer dereference

A vulnerability was found in Jasper up to 2.0.24 (Programming Tool Software). It has been declared as problematic. This vulnerability affects the function jp2_decode of the file jp2_dec.c. Upgrading to version 2.0.25 eliminates this...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been classified as critical. This affects an unknown code of the component Web-based Management Interface. Upgrading to...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as critical. Affected by this issue is an unknown part of the component Web-based Management Interface. Upgrading to...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 OnGuard Local Privilege Escalation

A vulnerability has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component OnGuard. Upgrading to...
Auteur: VulDB

Directus up to 8.8.1 api-aa information disclosure

A vulnerability, which was classified as problematic, was found in Directus up to 8.8.1. Affected is an unknown functionality of the component api-aa. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Directus up to 8.8.1 PATCH Method unknown vulnerability [CVE-2021-26594]

A vulnerability, which was classified as problematic, has been found in Directus up to 8.8.1. This issue affects an unknown function of the component PATCH Method Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Directus up to 8.8.1 API /users/{id} information disclosure

A vulnerability classified as problematic was found in Directus up to 8.8.1. This vulnerability affects some unknown processing of the file /users/{id} of the component API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

UniFi Protect up to 1.17.0 Controller denial of service

A vulnerability classified as problematic has been found in UniFi Protect up to 1.17.0. This affects an unknown code block of the component Controller Handler. Upgrading to version 1.17.1 eliminates this vulnerability.
Auteur: VulDB

VMware Spring Security up to 5.2.8/5.3.7/5.4.3 security check for standard

A vulnerability was found in VMware Spring Security up to 5.2.8/5.3.7/5.4.3. It has been rated as problematic. Affected by this issue is an unknown code. Upgrading to version <=5.2.9.RELEASE, 5.3.8.RELEASE or 5.4.4 eliminates this vulnerability.
Auteur: VulDB

Brave Web Browser up to 1.20.103 Proxy information disclosure

A vulnerability was found in Brave Web Browser up to 1.20.103 (Web Browser). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component Proxy Handler. Upgrading to version 1.20.108 eliminates this...
Auteur: VulDB

Red Hat Satellite BMC Interface information disclosure [CVE-2021-20256]

A vulnerability was found in Red Hat Satellite (version unknown). It has been classified as problematic. Affected is some unknown functionality of the component BMC Interface. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Red Hat 3scale API Management Platform Backend resource consumption

A vulnerability was found in Red Hat 3scale API Management Platform (Automation Software) (unknown version) and classified as problematic. This issue affects an unknown functionality of the component Backend. There is no information about...
Auteur: VulDB

mbsync up to 1.3.4/1.4.0 Mailbox Name Validator path traversal

A vulnerability has been found in mbsync up to 1.3.4/1.4.0 and classified as problematic. This vulnerability affects an unknown function of the component Mailbox Name Validator. Upgrading to version 1.3.5 or 1.4.1 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel BPF __cgroup_bpf_run_filter_getsockopt heap-based overflow

A vulnerability, which was classified as critical, was found in Linux Kernel (Operating System) (the affected version unknown). This affects the function __cgroup_bpf_run_filter_getsockopt of the component BPF. The best possible mitigation is...
Auteur: VulDB

Openshift ose-docker-builder file access [CVE-2021-20182]

A vulnerability, which was classified as problematic, has been found in Openshift ose-docker-builder (Virtualization Software) (affected version not known). Affected by this issue is an unknown code block. There is no information about possible...
Auteur: VulDB

Nextcloud Deck up to 1.0.1 resource injection [CVE-2020-8297]

A vulnerability classified as critical was found in Nextcloud Deck up to 1.0.1 (Cloud Software). Affected by this vulnerability is an unknown code. Upgrading to version 1.0.2 eliminates this vulnerability. Applying a patch is able to eliminate...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 OnGuard buffer overflow

A vulnerability classified as critical has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). Affected is an unknown part of the component OnGuard. Upgrading to version 6.7.14-HF1, 6.8.8-HF1 or...
Auteur: VulDB

SoftMaker Office PlanMaker 2021 Revision 1014 Document heap-based overflow

A vulnerability was found in SoftMaker Office PlanMaker 2021 Revision 1014. It has been rated as critical. This issue affects some unknown functionality of the component Document Handler. There is no information about possible countermeasures...
Auteur: VulDB

Undertow 2.0.33.SP2/2.1.5.SP1/2.2.3.SP1 AJP Connector denial of service

A vulnerability was found in Undertow 2.0.33.SP2/2.1.5.SP1/2.2.3.SP1. It has been declared as problematic. This vulnerability affects an unknown functionality of the component AJP Connector. There is no information about possible countermeasures...
Auteur: VulDB

KACO New Energy XP100U up to 2.0 information disclosure [CVE-2021-3252]

A vulnerability was found in KACO New Energy XP100U up to 2.0. It has been classified as problematic. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

MITREid Connect up to 1.3.3 OpenID Connect Server OAuthConfirmationController.java improper authorization

A vulnerability was found in MITREid Connect up to 1.3.3 and classified as critical. Affected by this issue is some unknown processing of the file org/mitre/oauth2/web/OAuthConfirmationController.java of the component OpenID Connect Server...
Auteur: VulDB
First3456789101112Last

Événements SSI