Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Directus up to 8.8.1 PATCH Method unknown vulnerability [CVE-2021-26594]

A vulnerability, which was classified as problematic, has been found in Directus up to 8.8.1. This issue affects an unknown function of the component PATCH Method Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Directus up to 8.8.1 API /users/{id} information disclosure

A vulnerability classified as problematic was found in Directus up to 8.8.1. This vulnerability affects some unknown processing of the file /users/{id} of the component API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

UniFi Protect up to 1.17.0 Controller denial of service

A vulnerability classified as problematic has been found in UniFi Protect up to 1.17.0. This affects an unknown code block of the component Controller Handler. Upgrading to version 1.17.1 eliminates this vulnerability.
Auteur: VulDB

VMware Spring Security up to 5.2.8/5.3.7/5.4.3 security check for standard

A vulnerability was found in VMware Spring Security up to 5.2.8/5.3.7/5.4.3. It has been rated as problematic. Affected by this issue is an unknown code. Upgrading to version <=5.2.9.RELEASE, 5.3.8.RELEASE or 5.4.4 eliminates this vulnerability.
Auteur: VulDB

Brave Web Browser up to 1.20.103 Proxy information disclosure

A vulnerability was found in Brave Web Browser up to 1.20.103 (Web Browser). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component Proxy Handler. Upgrading to version 1.20.108 eliminates this...
Auteur: VulDB

Red Hat Satellite BMC Interface information disclosure [CVE-2021-20256]

A vulnerability was found in Red Hat Satellite (version unknown). It has been classified as problematic. Affected is some unknown functionality of the component BMC Interface. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Red Hat 3scale API Management Platform Backend resource consumption

A vulnerability was found in Red Hat 3scale API Management Platform (Automation Software) (unknown version) and classified as problematic. This issue affects an unknown functionality of the component Backend. There is no information about...
Auteur: VulDB

mbsync up to 1.3.4/1.4.0 Mailbox Name Validator path traversal

A vulnerability has been found in mbsync up to 1.3.4/1.4.0 and classified as problematic. This vulnerability affects an unknown function of the component Mailbox Name Validator. Upgrading to version 1.3.5 or 1.4.1 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel BPF __cgroup_bpf_run_filter_getsockopt heap-based overflow

A vulnerability, which was classified as critical, was found in Linux Kernel (Operating System) (the affected version unknown). This affects the function __cgroup_bpf_run_filter_getsockopt of the component BPF. The best possible mitigation is...
Auteur: VulDB

Openshift ose-docker-builder file access [CVE-2021-20182]

A vulnerability, which was classified as problematic, has been found in Openshift ose-docker-builder (Virtualization Software) (affected version not known). Affected by this issue is an unknown code block. There is no information about possible...
Auteur: VulDB

Nextcloud Deck up to 1.0.1 resource injection [CVE-2020-8297]

A vulnerability classified as critical was found in Nextcloud Deck up to 1.0.1 (Cloud Software). Affected by this vulnerability is an unknown code. Upgrading to version 1.0.2 eliminates this vulnerability. Applying a patch is able to eliminate...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 OnGuard buffer overflow

A vulnerability classified as critical has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). Affected is an unknown part of the component OnGuard. Upgrading to version 6.7.14-HF1, 6.8.8-HF1 or...
Auteur: VulDB

SoftMaker Office PlanMaker 2021 Revision 1014 Document heap-based overflow

A vulnerability was found in SoftMaker Office PlanMaker 2021 Revision 1014. It has been rated as critical. This issue affects some unknown functionality of the component Document Handler. There is no information about possible countermeasures...
Auteur: VulDB

Undertow 2.0.33.SP2/2.1.5.SP1/2.2.3.SP1 AJP Connector denial of service

A vulnerability was found in Undertow 2.0.33.SP2/2.1.5.SP1/2.2.3.SP1. It has been declared as problematic. This vulnerability affects an unknown functionality of the component AJP Connector. There is no information about possible countermeasures...
Auteur: VulDB

KACO New Energy XP100U up to 2.0 information disclosure [CVE-2021-3252]

A vulnerability was found in KACO New Energy XP100U up to 2.0. It has been classified as problematic. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

MITREid Connect up to 1.3.3 OpenID Connect Server OAuthConfirmationController.java improper authorization

A vulnerability was found in MITREid Connect up to 1.3.3 and classified as critical. Affected by this issue is some unknown processing of the file org/mitre/oauth2/web/OAuthConfirmationController.java of the component OpenID Connect Server...
Auteur: VulDB

Snow Inventory Agent up to 6.7.0 on Windows Configuration unknown vulnerability

A vulnerability has been found in Snow Inventory Agent up to 6.7.0 on Windows and classified as critical. Affected by this vulnerability is an unknown code block of the component Configuration Handler. There is no information about possible...
Auteur: VulDB

Polaris Office 9.102.66 PDF File PolarisOffice.exe divide by zero

A vulnerability, which was classified as problematic, was found in Polaris Office 9.102.66. Affected is an unknown code in the library EngineDLL.dll of the file PolarisOffice.exe of the component PDF File Handler. There is no information about...
Auteur: VulDB

Jasper up to 2.0.24 jp2_decode out-of-bounds read

A vulnerability, which was classified as problematic, has been found in Jasper up to 2.0.24 (Programming Tool Software). This issue affects the function jp2_decode. Upgrading to version 2.0.25 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface sql injection

A vulnerability classified as critical was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). This vulnerability affects some unknown functionality of the component Web-based Management Interface....
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface sql injection

A vulnerability classified as critical has been found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). This affects an unknown functionality of the component Web-based Management Interface. Upgrading to...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been rated as critical. Affected by this issue is an unknown function of the component Web-based Management Interface....
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 Web-based Management Interface command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Web-based Management...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 cross site scripting

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software). It has been classified as problematic. Affected is an unknown code block. Upgrading to version 6.7.14-HF1, 6.8.8-HF1 or 6.9.5...
Auteur: VulDB

Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 command injection

A vulnerability was found in Aruba ClearPass Policy Manager up to 6.7.14/6.8.8/6.9.4 (Policy Management Software) and classified as critical. This issue affects an unknown code. Upgrading to version 6.7.14-HF1, 6.8.8-HF1 or 6.9.5 eliminates this...
Auteur: VulDB
First45678910111213Last

Événements SSI