Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Wazuh 4.0.0/4.0.1/4.0.2/4.0.3 API /manager/files input validation

A vulnerability was found in Wazuh 4.0.0/4.0.1/4.0.2/4.0.3. It has been declared as critical. This vulnerability affects an unknown code of the file /manager/files of the component API. Upgrading to version 4.0.4 eliminates this vulnerability....
Auteur: VulDB

newlib up to 3.x heap-based overflow [CVE-2021-3420]

A vulnerability was found in newlib up to 3.x. It has been classified as critical. This affects the function mEMALIGn/pvALLOc/nano_memalign/nano_valloc/nano_pvalloc. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

ansi_up up to 4.x on npm ANSI Escape Code cross site scripting

A vulnerability was found in ansi_up up to 4.x on npm (NPM Package) and classified as problematic. Affected by this issue is some unknown functionality of the component ANSI Escape Code Handler. Upgrading to version 5.0.0 eliminates this...
Auteur: VulDB

Deutsche Post Mailoptimizer up to 4.2 ZIP Archive path traversal

A vulnerability has been found in Deutsche Post Mailoptimizer up to 4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ZIP Archive Handler. Upgrading to version 4.3 eliminates this...
Auteur: VulDB

OpenSSH up to 8.4 ssh-agent double free

A vulnerability, which was classified as critical, was found in OpenSSH up to 8.4 (Connectivity Software). Affected is an unknown function of the component ssh-agent. Upgrading to version 8.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

OSSEC 3.6.0 XML Tag os_xml.c _ReadElem recursion

A vulnerability, which was classified as problematic, has been found in OSSEC 3.6.0. This issue affects the function _ReadElem of the file os_xml.c of the component XML Tag Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Xen Dom0/Driver Domain denial of service [CVE-2021-28039]

A vulnerability classified as problematic was found in Xen (Virtualization Software) (the affected version is unknown). This vulnerability affects an unknown code block of the component Dom0/Driver Domain. There is no information about possible...
Auteur: VulDB

Xen Netback Driver denial of service [CVE-2021-28038]

A vulnerability classified as problematic has been found in Xen (Virtualization Software) (the affected version unknown). This affects an unknown code of the component Netback Driver. There is no information about possible countermeasures known....
Auteur: VulDB

jpeg-xl 0.3.2 JXL File /lib/jxl/coeff_order.cc ReadPermutation heap-based overflow

A vulnerability was found in jpeg-xl 0.3.2. It has been rated as critical. Affected by this issue is the function ReadPermutation in the library /lib/jxl/coeff_order.cc of the component JXL File Handler. There is no information about possible...
Auteur: VulDB

Kentico CMS 5.5 R2 Build 5.5.3996 Blog Module tagname sql injection

A vulnerability was found in Kentico CMS 5.5 R2 Build 5.5.3996 (Content Management System). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Blog Module. There is no information about...
Auteur: VulDB

Netgear R7800 1.0.2.76 FTP certificate validation

A vulnerability was found in Netgear R7800 1.0.2.76 (Wireless LAN Software). It has been classified as critical. Affected is an unknown functionality of the component FTP Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Netgear R7800 1.0.2.76 apply_save.cgi rc_service improper authentication

A vulnerability was found in Netgear R7800 1.0.2.76 (Wireless LAN Software) and classified as critical. This issue affects an unknown function of the file apply_save.cgi. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Netgear R7800 1.0.2.76 Endpoint refresh_status.aspx missing authentication

A vulnerability has been found in Netgear R7800 1.0.2.76 (Wireless LAN Software) and classified as critical. This vulnerability affects some unknown processing of the file refresh_status.aspx of the component Endpoint. There is no information...
Auteur: VulDB

Netgear R7800 Endpoint apply_save.cgi hard-coded key

A vulnerability, which was classified as critical, was found in Netgear R7800 (Wireless LAN Software) (the affected version unknown). This affects an unknown code block of the file apply_save.cgi of the component Endpoint. There is no information...
Auteur: VulDB

SPIFFE SPIRE up to 0.8.4/0.9.3/0.10.1/0.11.2/0.12.0 Node Attestor unknown vulnerability

A vulnerability, which was classified as problematic, has been found in SPIFFE SPIRE up to 0.8.4/0.9.3/0.10.1/0.11.2/0.12.0. Affected by this issue is an unknown code of the component Node Attestor. Upgrading to version 0.11.3 or 0.12.1...
Auteur: VulDB

SPIFFE SPIRE up to 0.8.4/0.9.3/0.10.1/0.11.2/0.12.0 FetchX509SVID RPC certificate validation

A vulnerability classified as critical was found in SPIFFE SPIRE up to 0.8.4/0.9.3/0.10.1/0.11.2/0.12.0. Affected by this vulnerability is an unknown part of the component FetchX509SVID RPC. Upgrading to version 0.8.5, 0.9.4, 0.10.2, 0.11.3 or...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface os command injection

A vulnerability classified as critical has been found in Aruba AirWave Management Platform. Affected is some unknown functionality of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface os command injection

A vulnerability was found in Aruba AirWave Management Platform. It has been rated as critical. This issue affects an unknown functionality of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this...
Auteur: VulDB

Aruba AirWave Management Platform up to 8.2.11.x Web-based Management Interface xml entity expansion

A vulnerability was found in Aruba AirWave Management Platform up to 8.2.11.x. It has been declared as problematic. This vulnerability affects an unknown function of the component Web-based Management Interface. Upgrading to version 8.2.12.0...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface cross site scripting

A vulnerability was found in Aruba AirWave Management Platform. It has been classified as problematic. This affects some unknown processing of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface cross site scripting

A vulnerability was found in Aruba AirWave Management Platform and classified as problematic. Affected by this issue is an unknown code block of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 API sql injection

A vulnerability has been found in Aruba AirWave Management Platform and classified as critical. Affected by this vulnerability is an unknown code of the component API. Upgrading to version 8.2.12.0 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 sql injection

A vulnerability, which was classified as critical, was found in Aruba AirWave Management Platform. Affected is an unknown part. Upgrading to version 8.2.12.0 eliminates this vulnerability.
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 Web-based Management Interface improper authentication

A vulnerability, which was classified as critical, has been found in Aruba AirWave Management Platform. This issue affects some unknown functionality of the component Web-based Management Interface. Upgrading to version 8.2.12.0 eliminates this...
Auteur: VulDB

Aruba AirWave Management Platform prior 8.2.12.0 CLI Remote Privilege Escalation

A vulnerability classified as very critical was found in Aruba AirWave Management Platform. This vulnerability affects an unknown functionality of the component CLI. Upgrading to version 8.2.12.0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI