Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-ACT-015 : Bulletin d’actualité CERTFR-2021-ACT-015 (19 avril 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CERTFR-2021-AVI-285 : Vulnérabilité dans VMware NSX-T (19 avril 2021)

Une vulnérabilité a été découverte dans VMware NSX-T. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-284 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service...
Auteur: Cert FR

CERTFR-2021-AVI-283 : Vulnérabilité dans Juniper Junos OS (19 avril 2021)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2021-AVI-282 : Multiples vulnérabilités dans les produits Qnap (19 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-AVI-281 : Vulnérabilité dans OpenSSH (19 avril 2021)

Une vulnérabilité a été découverte dans OpenSSH. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2021-AVI-280 : Multiples vulnérabilités dans Mitel MiCollab (19 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

killing child_process Remote Code Execution

A vulnerability was found in killing (affected version not known). It has been rated as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

roar-pidusage stat Remote Code Execution

A vulnerability was found in roar-pidusage (affected version unknown). It has been declared as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

portkiller child_process Remote Code Execution

A vulnerability was found in portkiller (version unknown). It has been classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

picotts say Remote Code Execution

A vulnerability was found in picotts (unknown version) and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

onion-oled-js Scroll child_process Remote Code Execution

A vulnerability has been found in onion-oled-js (the affected version is unknown) and classified as critical. This vulnerability affects the function child_process of the component Scroll Handler. There is no information about possible...
Auteur: VulDB

ffmpegdotjs child_process Remote Code Execution

A vulnerability, which was classified as critical, was found in ffmpegdotjs (Multimedia Processing Software) (the affected version unknown). There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

psnode Kill child_process Remote Code Execution

A vulnerability, which was classified as critical, has been found in psnode (affected version not known). Affected by this issue is the function child_process of the component Kill Handler. There is no information about possible countermeasures...
Auteur: VulDB

ps-visitor Kill child_process Remote Code Execution

A vulnerability classified as critical was found in ps-visitor (affected version unknown). Affected by this vulnerability is the function child_process of the component Kill Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Trojan.Win32.Agent.hsm C:\LOL\ permission

A vulnerability classified as critical has been found in Trojan.Win32.Agent.hsm (version unknown). Affected is an unknown code block of the file C:\LOL\. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Constructor.Win32.Bifrose.ag Bifrost Setting File Import stack-based overflow

A vulnerability was found in Constructor.Win32.Bifrose.ag (unknown version). It has been rated as critical. This issue affects an unknown code of the component Bifrost Setting File Import. There is no information about possible countermeasures...
Auteur: VulDB

HEUR.Backdoor.Win32.Generic Service Port 1080 C:\WINDOWS\1314.exe backdoor

A vulnerability was found in HEUR.Backdoor.Win32.Generic (Remote Access Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part of the file C:\WINDOWS\1314.exe of the component...
Auteur: VulDB

Trojan.Win32.Bayrob.dtrg C:\mnfqzckna0dkc\ permission

A vulnerability was found in Trojan.Win32.Bayrob.dtrg (the affected version unknown). It has been classified as critical. This affects some unknown functionality of the file C:\mnfqzckna0dkc\. There is no information about possible...
Auteur: VulDB

Trojan-Dropper.Win32.Agent.bjtzcp C:\Isrimss2018\ permission

A vulnerability was found in Trojan-Dropper.Win32.Agent.bjtzcp (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the file C:\Isrimss2018\. There is no information about possible...
Auteur: VulDB

Trojan.Win32.NanoBot.onh C:\AppData\ permission

A vulnerability has been found in Trojan.Win32.NanoBot.onh (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function of the file C:\AppData\. There is no information about possible...
Auteur: VulDB

Trojan.Win32.Agentb.iofv C:\drivr\ permission

A vulnerability, which was classified as critical, was found in Trojan.Win32.Agentb.iofv (version unknown). Affected is some unknown processing of the file C:\drivr\. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

overlayfs on Ubuntu privileges management [CVE-2021-3493]

A vulnerability, which was classified as critical, has been found in overlayfs on Ubuntu (unknown version). This issue affects an unknown code block. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

Shiftfs on Ubuntu Kernel Memory copy_from_user double free

A vulnerability classified as critical was found in Shiftfs on Ubuntu (the affected version is unknown). This vulnerability affects the function copy_from_user of the component Kernel Memory Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

ezXML 0.8.6 XML File Parser libezxml.a ezxml_parse_str out-of-bounds read

A vulnerability classified as problematic has been found in ezXML 0.8.6. This affects the function ezxml_parse_str of the file libezxml.a of the component XML File Parser. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI