Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Backdoor.Win32.Floder.gqe C:\RECYCLER\ permission

A vulnerability was found in Backdoor.Win32.Floder.gqe (Remote Access Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code block of the file C:\RECYCLER\. There is no information about...
Auteur: VulDB

Trojan.Win32.Siscos.bqe C:\Windupdt\ permission

A vulnerability has been found in Trojan.Win32.Siscos.bqe (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown code of the file C:\Windupdt\. There is no information about possible countermeasures...
Auteur: VulDB

Trojan.Win32.Agent.xdtv access control

A vulnerability, which was classified as critical, was found in Trojan.Win32.Agent.xdtv (version unknown). Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Backdoor.Win32.NinjaSpy.c Service Port 2003 authentication bypass

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.NinjaSpy.c (Remote Access Software) (unknown version). This issue affects some unknown functionality of the component Service Port 2003. Addressing this...
Auteur: VulDB

Packed.Win32.Black.d Service Port 1080 Hacker.com.cn.exe improper authentication

A vulnerability classified as critical was found in Packed.Win32.Black.d (the affected version is unknown). This vulnerability affects an unknown functionality of the file Hacker.com.cn.exe of the component Service Port 1080. Proper firewalling...
Auteur: VulDB

Dell dbutil_2_3.sys Driver improper authorization [CVE-2021-21551]

A vulnerability classified as critical has been found in Dell dbutil_2_3.sys Driver (Hardware Driver Software) (the affected version unknown). This affects an unknown function. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Windscribe VPN up to 2.02.9 on Mac/Win WindscribeService root/SYSTEM access control

A vulnerability was found in Windscribe VPN up to 2.02.9 on Mac/Win (Network Encryption Software). It has been rated as critical. Affected by this issue is some unknown processing of the file root/SYSTEM of the component WindscribeService....
Auteur: VulDB

SolarWinds Serv-U up to 15.2.1 Macro injection

A vulnerability was found in SolarWinds Serv-U up to 15.2.1 (File Transfer Software). It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Macro Handler. Upgrading to version 15.2.2 eliminates...
Auteur: VulDB

Centreon Web 19.10.18/20.04.8/20.10.2 File Extension unrestricted upload

A vulnerability was found in Centreon Web 19.10.18/20.04.8/20.10.2. It has been classified as critical. Affected is an unknown code of the component File Extension Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Redis 6.2.0/6.2.1/6.2.2 redis-server integer overflow

A vulnerability was found in Redis 6.2.0/6.2.1/6.2.2 and classified as critical. This issue affects an unknown part of the file redis-server. Upgrading to version 6.2.3 eliminates this vulnerability.
Auteur: VulDB

Redis up to 6.0.12/6.2.2 Command integer overflow

A vulnerability has been found in Redis up to 6.0.12/6.2.2 and classified as critical. This vulnerability affects some unknown functionality of the component Command Handler. Upgrading to version 6.0.13 or 6.2.3 eliminates this vulnerability.
Auteur: VulDB

IBM FlashSystem 900 1.5.2.9/1.6.1.3 User Management GUI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM FlashSystem 900 1.5.2.9/1.6.1.3. This affects an unknown functionality of the component User Management GUI. There is no information about possible countermeasures known. It...
Auteur: VulDB

iWT FaceSentry Access Control System 6.4.8 pingTest strInIP os command injection

A vulnerability, which was classified as critical, has been found in iWT FaceSentry Access Control System 6.4.8. Affected by this issue is an unknown function of the file pingTest. There is no information about possible countermeasures known. It...
Auteur: VulDB

CODESYS Development System up to 3.5.16.x Package Manager unknown vulnerability

A vulnerability classified as problematic was found in CODESYS Development System up to 3.5.16.x. Affected by this vulnerability is some unknown processing of the component Package Manager. Upgrading to version 3.5.17.0 eliminates this...
Auteur: VulDB

IoT Devices SDK up to 1.0.2 on Google Cloud Platform calloc buffer overflow

A vulnerability classified as critical has been found in IoT Devices SDK up to 1.0.2 on Google Cloud Platform. Affected is the function calloc. Upgrading to version 1.0.3 eliminates this vulnerability. Applying a patch is able to eliminate this...
Auteur: VulDB

path-parse Package Regular Expression splitDeviceRe/splitTailRe/splitPathRe denial of service

A vulnerability was found in path-parse Package (unknown version). It has been rated as problematic. This issue affects the function splitDeviceRe/splitTailRe/splitPathRe of the component Regular Expression Handler. There is no information about...
Auteur: VulDB

handlebars Package up to 4.7.6 Prototype code injection

A vulnerability was found in handlebars Package up to 4.7.6. It has been declared as critical. This vulnerability affects an unknown part of the component Prototype Handler. Upgrading to version 4.7.7 eliminates this vulnerability. Applying a...
Auteur: VulDB

Apache Unomi up to 1.5.4 Log crlf injection

A vulnerability was found in Apache Unomi up to 1.5.4. It has been classified as critical. This affects some unknown functionality of the component Log Handler. Upgrading to version 1.5.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-338 : Vulnérabilité dans Apache OpenOffice (04 mai 2021)

Une vulnérabilité a été découverte dans Apache OpenOffice. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2021-AVI-337 : Multiples vulnérabilités dans Google Android (04 mai 2021)

De multiples vulnérabilités ont été découvertes dans Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-336 : Multiples vulnérabilités dans les produits Apple (04 mai 2021)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2021-ACT-017 : Bulletin d’actualité CERTFR-2021-ACT-017 (04 mai 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

CODESYS Automation Server up to 1.15.x cross-site request forgery

A vulnerability was found in CODESYS Automation Server up to 1.15.x (Automation Software) and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 1.16.0 eliminates this vulnerability.
Auteur: VulDB

OX Software OX App Suite up to 7.10.4 Note Item cross site scripting

A vulnerability has been found in OX Software OX App Suite up to 7.10.4 and classified as problematic. Affected by this vulnerability is an unknown function of the component Note Item Handler. There is no information about possible...
Auteur: VulDB

CODESYS Control Runtime System up to 3.5.16.x Packet input validation

A vulnerability, which was classified as critical, was found in CODESYS Control Runtime System up to 3.5.16.x. Affected is some unknown processing of the component Packet Handler. Upgrading to version 3.5.17.0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI