Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 information disclosure

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 6.7.14-HF1, 6.8.9...
Auteur: VulDB

Aruba AirWave Management Platform up to 8.2.12.0 redirect [CVE-2021-29137]

A vulnerability was found in Aruba AirWave Management Platform up to 8.2.12.0. It has been classified as problematic. Affected is some unknown processing. Upgrading to version 8.2.12.1 eliminates this vulnerability.
Auteur: VulDB

Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface information disclosure

A vulnerability was found in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 (unknown version) and classified as problematic. This issue affects an unknown code block of the component Web Interface. There is no information about possible countermeasures...
Auteur: VulDB

Inim Electronics SmartLiving SmartLAN up to 6.x testemail Module web.cgi system par format string

A vulnerability has been found in Inim Electronics SmartLiving SmartLAN up to 6.x and classified as very critical. This vulnerability affects the function system of the file web.cgi of the component testemail Module. There is no information about...
Auteur: VulDB

发货100-设计素材下载系统 1.1 HTTP Header conn/function.php getip X-Forwarded-For sql injection

A vulnerability, which was classified as critical, was found in 发货100-设计素材下载系统 1.1. This affects the function getip of the file conn/function.php of the component HTTP Header Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Uniview ISC2500-S EC.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Uniview ISC2500-S (affected version not known). Affected by this issue is some unknown functionality of the file /Interface/DevManage/EC.php?cmd=upload. There is no information...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 server-side request forgery

A vulnerability classified as critical was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). Affected by this vulnerability is an unknown functionality. Upgrading to version 6.7.14-HF1, 6.8.9 or 6.9.5...
Auteur: VulDB

Buffalo WSR-2533DHPL2/WSR-2533DHP3 path traversal [CVE-2021-20090]

A vulnerability classified as critical has been found in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 (version unknown). Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Emmanuel MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 information disclosure

A vulnerability was found in Emmanuel MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 (Automation Software). It has been rated as problematic. This issue affects some unknown processing. There is no information about possible countermeasures...
Auteur: VulDB

Buffalo WSR-2533DHPL2/WSR-2533DHP3 Web Interface Remote Privilege Escalation

A vulnerability was found in Buffalo WSR-2533DHPL2 and WSR-2533DHP3 (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block of the component Web Interface. There is no information...
Auteur: VulDB

PHPFusion 9.03.110 search.php cross site scripting

A vulnerability was found in PHPFusion 9.03.110. It has been classified as problematic. This affects an unknown code of the file search.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Aruba AirWave Management Platform up to 8.2.12.0 improper authorization

A vulnerability was found in Aruba AirWave Management Platform up to 8.2.12.0 and classified as critical. Affected by this issue is an unknown part. Upgrading to version 8.2.12.1 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform up to 8.2.12.0 improper authorization

A vulnerability has been found in Aruba AirWave Management Platform up to 8.2.12.0 and classified as critical. Affected by this vulnerability is some unknown functionality. Upgrading to version 8.2.12.1 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform up to 8.2.12.0 XML Data xml external entity reference

A vulnerability, which was classified as critical, was found in Aruba AirWave Management Platform up to 8.2.12.0. Affected is an unknown functionality of the component XML Data Handler. Upgrading to version 8.2.12.1 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-328 : Vulnérabilité dans Samba (29 avril 2021)

Une vulnérabilité a été découverte dans Samba. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

GNU wget up to 1.21.1 HTTP Header Authorization information disclosure

A vulnerability, which was classified as problematic, has been found in GNU wget up to 1.21.1 (Automation Software). This issue affects an unknown function of the component HTTP Header Handler. There is no information about possible...
Auteur: VulDB

CERTFR-2021-AVI-327 : Multiples vulnérabilités dans F5 BIG-IP (29 avril 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2021-AVI-326 : Multiples vulnérabilités dans Cisco ASA et FTD (29 avril 2021)

De multiples vulnérabilités ont été découvertes dans Cisco ASA et FTD. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2021-AVI-325 : Multiples vulnérabilités dans BIND (29 avril 2021)

De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

Cesanta MongooseOS mJS 1.25 JSON String mjs_json.c mjs_json_parse heap-based overflow

A vulnerability classified as critical was found in Cesanta MongooseOS mJS 1.25. This vulnerability affects the function mjs_json_parse of the file mjs_json.c of the component JSON String Handler. Upgrading to version 1.26 eliminates this...
Auteur: VulDB

ISC BIND up to 9.11.29/9.16.13/9.17.11 Query denial of service

A vulnerability classified as problematic has been found in ISC BIND up to 9.11.29/9.16.13/9.17.11 (Domain Name Software). This affects an unknown code block of the component Query Handler. Upgrading to version 9.11.31, 9.16.15 or 9.17.12...
Auteur: VulDB

ISC BIND up to 9.8.8/9.11.29/9.16.13/9.17.11 IXFR denial of service

A vulnerability was found in ISC BIND up to 9.8.8/9.11.29/9.16.13/9.17.11 (Domain Name Software). It has been rated as problematic. Affected by this issue is an unknown code of the component IXFR Handler. Upgrading to version 9.11.31, 9.16.15 or...
Auteur: VulDB

Aviatrix VPN Client up to 2.14.13 on Windows unquoted search path

A vulnerability was found in Aviatrix VPN Client up to 2.14.13 on Windows (Network Encryption Software). It has been declared as critical. Affected by this vulnerability is an unknown part. Upgrading to version 2.14.14 eliminates this...
Auteur: VulDB

Bundler up to 2.2.9/2.2.16 gem injection

A vulnerability was found in Bundler up to 2.2.9/2.2.16. It has been classified as problematic. Affected is some unknown functionality of the component gem Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

CKEditor up to 26.0.0 Regular Expression denial of service

A vulnerability was found in CKEditor up to 26.0.0 and classified as problematic. This issue affects an unknown functionality of the component Regular Expression Handler. Upgrading to version 27.0.0 eliminates this vulnerability.
Auteur: VulDB
First45678910111213Last

Événements SSI