Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Daimler Mercedes MBUX up to 2021 on Mercedes Headunit NTG6 Local Privilege Escalation

A vulnerability was found in Daimler Mercedes MBUX up to 2021 on Mercedes (Vehicle Software). It has been rated as problematic. Affected by this issue is an unknown code block of the component Headunit NTG6. Upgrading eliminates this...
Auteur: VulDB

Pydantic up to 1.6.1/1.7.3/1.8.1 infinite loop [CVE-2021-29510]

A vulnerability was found in Pydantic up to 1.6.1/1.7.3/1.8.1. It has been declared as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 1.6.2, 1.7.4 or 1.8.2 eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

Flask-Caching Extension up to 1.10.1 on Flask Pickle cross site scripting

A vulnerability was found in Flask-Caching Extension up to 1.10.1 on Flask. It has been classified as problematic. Affected is an unknown part of the component Pickle. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

IBM Jazz Reporting Service 6.0.6.1/7.0/7.0.1/7.0.2 server-side request forgery

A vulnerability was found in IBM Jazz Reporting Service 6.0.6.1/7.0/7.0.1/7.0.2 (Reporting Software) and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Piwigo 11.4.0 user_list_backend.php order[0][dir] sql injection

A vulnerability has been found in Piwigo 11.4.0 (Photo Gallery Software) and classified as critical. This vulnerability affects an unknown functionality of the file admin/user_list_backend.php. Applying a patch is able to eliminate this problem....
Auteur: VulDB

Chamilo 1.11.14 XML Data admin/user_import.php xml external entity reference

A vulnerability, which was classified as problematic, was found in Chamilo 1.11.14 (Content Management System). This affects an unknown function of the file admin/user_import.php of the component XML Data Handler. Applying a patch is able to...
Auteur: VulDB

Symfony 3.4 Switch User information exposure

A vulnerability, which was classified as critical, has been found in Symfony 3.4. Affected by this issue is some unknown processing of the component Switch User Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

ArticleCMS unrestricted upload [CVE-2020-28063]

A vulnerability classified as critical was found in ArticleCMS (affected version unknown). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Teradici PCoIP Graphics Agent up to 21.2 on Windows Redirect Pixel NVENC.dll Remote Privilege Escalation

A vulnerability classified as problematic has been found in Teradici PCoIP Graphics Agent up to 21.2 on Windows. Affected is an unknown code in the library NVENC.dll of the component Redirect Pixel Handler. Upgrading to version 21.03 eliminates...
Auteur: VulDB

Teradici PCoIP Agent denial of service [CVE-2021-25693]

A vulnerability was found in Teradici PCoIP Agent (unknown version). It has been rated as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

BlackBerry UEM up to 12.12.1a QF6/12.13.1 QF2 Management Console denial of service

A vulnerability was found in BlackBerry UEM up to 12.12.1a QF6/12.13.1 QF2. It has been declared as problematic. This vulnerability affects some unknown functionality of the component Management Console. There is no information about possible...
Auteur: VulDB

WAGO Managed Switch missing authentication [CVE-2021-20998]

A vulnerability was found in WAGO Managed Switch (the affected version unknown). It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

WAGO Managed Switch Web-based Management insufficiently protected credentials

A vulnerability was found in WAGO Managed Switch (affected version not known) and classified as problematic. Affected by this issue is an unknown function of the component Web-based Management. There is no information about possible...
Auteur: VulDB

WAGO Managed Switch Cookie information disclosure [CVE-2021-20996]

A vulnerability has been found in WAGO Managed Switch (affected version unknown) and classified as problematic. Affected by this vulnerability is some unknown processing of the component Cookie Handler. There is no information about possible...
Auteur: VulDB

WAGO Managed Switch Web-based UI cleartext storage [CVE-2021-20995]

A vulnerability, which was classified as problematic, was found in WAGO Managed Switch (version unknown). Affected is an unknown code block of the component Web-based UI. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

WAGO Managed Switch Web-based Management injection [CVE-2021-20994]

A vulnerability, which was classified as critical, has been found in WAGO Managed Switch (unknown version). This issue affects an unknown code of the component Web-based Management. There is no information about possible countermeasures known. It...
Auteur: VulDB

Hilscher rcX RTOS up to 2.1.14.0 UDP Packet Length denial of service

A vulnerability classified as problematic was found in Hilscher rcX RTOS up to 2.1.14.0. This vulnerability affects an unknown part of the component UDP Packet Length Handler. Upgrading to version 2.1.14.1 eliminates this vulnerability.
Auteur: VulDB

MongoDB C# Driver 2.12.0 information disclosure [CVE-2021-20331]

A vulnerability classified as problematic has been found in MongoDB C# Driver 2.12.0 (Database Software). This affects some unknown functionality. Upgrading to version 2.12.1 eliminates this vulnerability.
Auteur: VulDB

OpenJPEG Encoding opj_dwt_calc_explicit_stepsizes buffer overflow

A vulnerability was found in OpenJPEG (Image Processing Software) (affected version not known). It has been rated as critical. Affected by this issue is the function opj_dwt_calc_explicit_stepsizes of the component Encoding Handler. There is no...
Auteur: VulDB

OpenJPEG Encoding out-of-bounds write [CVE-2020-27823]

A vulnerability was found in OpenJPEG (Image Processing Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown function of the component Encoding Handler. There is no information about...
Auteur: VulDB

Raptor RDF Syntax Library raptor_xml_writer_start_element_common out-of-bounds read

A vulnerability was found in Raptor RDF Syntax Library (Software Library) (version unknown). It has been classified as problematic. Affected is the function raptor_xml_writer_start_element_common. There is no information about possible...
Auteur: VulDB

c-ares up to 1.15.x lib ares_destroy use after free

A vulnerability was found in c-ares up to 1.15.x and classified as problematic. This issue affects the function ares_destroy in the library lib. Upgrading to version 1.16.0 eliminates this vulnerability. Applying a patch is able to eliminate this...
Auteur: VulDB

Beckhoff TwinCAT OPC UA Server/IPC Diagnostics UA Server up to 3.1.0.1 denial of service

A vulnerability has been found in Beckhoff TwinCAT OPC UA Server and IPC Diagnostics UA Server up to 3.1.0.1 and classified as problematic. This vulnerability affects an unknown code. There is no information about possible countermeasures known....
Auteur: VulDB

noobaa-operator up to 5.6.x RPC AuthTokens log file

A vulnerability, which was classified as problematic, was found in noobaa-operator up to 5.6.x. This affects an unknown part of the component RPC AuthTokens Handler. Upgrading to version 5.7.0 eliminates this vulnerability.
Auteur: VulDB

AMD CPU SEV/SEV-ES unknown vulnerability [CVE-2021-26311]

A vulnerability, which was classified as critical, has been found in AMD CPU (Chip Software) (affected version not known). Affected by this issue is some unknown functionality of the component SEV/SEV-ES. There is no information about possible...
Auteur: VulDB
First45678910111213Last

Événements SSI