Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-172 : Multiples vulnérabilités dans GRUB (05 mars 2021)

GRUB2 est le bootloader le plus couramment utilisé par les distributions Linux pour démarrer le système d'exploitation. De multiples vulnérabilités ont été découvertes dans GRUB2. Elles permettent à un attaquant, ayant la possibilité de passer...
Auteur: Cert FR

internment Crate up to 0.4.1 on Rust memory corruption [CVE-2021-28037]

A vulnerability, which was classified as critical, was found in internment Crate up to 0.4.1 on Rust (Rust Package). Affected is some unknown processing. Upgrading to version 0.4.2 eliminates this vulnerability.
Auteur: VulDB

quinn Crate up to 0.6.x on Rust SocketAddrV6 memory corruption

A vulnerability, which was classified as critical, has been found in quinn Crate up to 0.6.x on Rust (Rust Package). This issue affects the function std::net::SocketAddrV4/std::net::SocketAddrV6. Upgrading to version 0.7.0 eliminates this...
Auteur: VulDB

stack_dst Crate up to 0.6.0 on Rust push_inner uninitialized pointer

A vulnerability classified as problematic was found in stack_dst Crate up to 0.6.0 on Rust (Rust Package). Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

stack_dst Crate up to 0.6.0 on Rust push_inner double free

A vulnerability classified as critical has been found in stack_dst Crate up to 0.6.0 on Rust (Rust Package). This affects the function push_inner. Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

byte_struct Crate up to 0.6.0 on Rust deserialization [CVE-2021-28033]

A vulnerability was found in byte_struct Crate up to 0.6.0 on Rust (Rust Package). It has been rated as critical. Affected by this issue is some unknown functionality. Upgrading to version 0.6.1 eliminates this vulnerability.
Auteur: VulDB

nano_arena Crate up to 0.5.1 on Rust split_at out-of-bounds write

A vulnerability was found in nano_arena Crate up to 0.5.1 on Rust (Rust Package). It has been declared as critical. Affected by this vulnerability is the function split_at. Upgrading to version 0.5.2 eliminates this vulnerability.
Auteur: VulDB

scratchpad Crate up to 1.3.0 on Rust move_elements double free

A vulnerability was found in scratchpad Crate up to 1.3.0 on Rust (Rust Package). It has been classified as critical. Affected is the function move_elements. Upgrading to version 1.3.1 eliminates this vulnerability.
Auteur: VulDB

truetype Crate up to 0.30.0 on Rust Tape::take_bytes uninitialized pointer

A vulnerability was found in truetype Crate up to 0.30.0 on Rust (Rust Package) and classified as problematic. This issue affects the function Tape::take_bytes. Upgrading to version 0.30.1 eliminates this vulnerability.
Auteur: VulDB

toodee Crate up to 0.2.x on Rust Row Insert uninitialized pointer

A vulnerability has been found in toodee Crate up to 0.2.x on Rust (Rust Package) and classified as problematic. This vulnerability affects an unknown code block of the component Row Insert Handler. Upgrading to version 0.3.0 eliminates this...
Auteur: VulDB

toodee Crate up to 0.2.x on Rust Row Insert double free

A vulnerability, which was classified as critical, was found in toodee Crate up to 0.2.x on Rust (Rust Package). This affects an unknown code of the component Row Insert Handler. Upgrading to version 0.3.0 eliminates this vulnerability.
Auteur: VulDB

bam Crate up to 0.1.2 on Rust bgzip Block Load out-of-bounds write

A vulnerability, which was classified as critical, has been found in bam Crate up to 0.1.2 on Rust (Rust Package). Affected by this issue is an unknown part of the component bgzip Block Load Handler. Upgrading to version 0.1.3 eliminates this...
Auteur: VulDB

SUSE Rancher up to 2.5.5 cross site scripting [CVE-2021-25313]

A vulnerability classified as problematic was found in SUSE Rancher up to 2.5.5. Affected by this vulnerability is some unknown functionality. Upgrading to version 2.5.6 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Movable Type Add Asset Screen cross site scripting [CVE-2021-20665]

A vulnerability classified as problematic has been found in Movable Type, Movable Type Advanced, Movable Type Premium and Movable Type Premium Advanced (version unknown). Affected is an unknown functionality of the component Add Asset Screen....
Auteur: VulDB

Movable Type Asset Registration Screen cross site scripting [CVE-2021-20664]

A vulnerability was found in Movable Type, Movable Type Advanced, Movable Type Premium and Movable Type Premium Advanced (unknown version). It has been rated as problematic. This issue affects an unknown function of the component Asset...
Auteur: VulDB

Movable Type Role Authority Setting cross site scripting [CVE-2021-20663]

A vulnerability was found in Movable Type, Movable Type Advanced, Movable Type Premium and Movable Type Premium Advanced (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown processing of...
Auteur: VulDB

Zoho ManageEngine Application Control Plus prior 100523 Nginx Configuration Setting access control

A vulnerability was found in Zoho ManageEngine Application Control Plus. It has been classified as critical. This affects an unknown code block of the component Nginx Configuration Setting Handler. Upgrading to version 100523 eliminates this...
Auteur: VulDB

activerecord-session_store up to 1.1.3 on Ruby on Rails timing discrepancy

A vulnerability was found in activerecord-session_store up to 1.1.3 on Ruby on Rails and classified as problematic. Affected by this issue is an unknown code. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

MSI Dragon Center prior 1.1.19.1016/2.0.98.0 IOCTL Request MsIo64.sys buffer overflow

A vulnerability has been found in MSI Dragon Center and classified as critical. Affected by this vulnerability is an unknown part in the library MsIo64.sys of the component IOCTL Request Handler. Upgrading to version 1.1.19.1016 or 2.0.98.0...
Auteur: VulDB

SonLogger up to 6.4.0 POST Request SaveUploadedHotspotLogoFile unrestricted upload

A vulnerability, which was classified as critical, was found in SonLogger up to 6.4.0 (Log Management Software). Affected is some unknown functionality of the file /Config/SaveUploadedHotspotLogoFile of the component POST Request Handler....
Auteur: VulDB

SonLogger up to 6.4.0 POST Request /User/saveUser improper authentication

A vulnerability, which was classified as critical, has been found in SonLogger up to 6.4.0 (Log Management Software). This issue affects an unknown functionality of the file /User/saveUser of the component POST Request Handler. Upgrading to...
Auteur: VulDB

SonicWALL Directory Services Connector up to 4.1.17 SSO Agent improper authentication

A vulnerability classified as critical was found in SonicWALL Directory Services Connector up to 4.1.17 (Firewall Software). This vulnerability affects an unknown function of the component SSO Agent. Upgrading to version 4.1.19 eliminates this...
Auteur: VulDB

CERTFR-2021-AVI-171 : Multiples vulnérabilités dans le noyau Linux de SUSE (05 mars 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Auteur: Cert FR

IdentityModel up to 1.2.x Branca improper authentication

A vulnerability classified as critical has been found in IdentityModel up to 1.2.x. This affects some unknown processing of the component Branca. Upgrading to version 1.3.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Sangoma Asterisk up to 13.21-cert4/13.29.1/16.6.1/17.0.0 SIP Request channels/chan_sip.c improper authentication

A vulnerability was found in Sangoma Asterisk up to 13.21-cert4/13.29.1/16.6.1/17.0.0 (Communications System). It has been rated as critical. Affected by this issue is an unknown code block of the file channels/chan_sip.c of the component SIP...
Auteur: VulDB
12345678910Last

Événements SSI