Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VU#567764: MySQL for Windows is vulnerable to privilege escalation due to OPENSSLDIR location

Overview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create...
Auteur: US Cert

VU#213092: Pulse Connect Secure vulnerable to authentication bypass that could allow for remote code execution

Overview Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code. Description CVE-2021-22893 An unspecified vulnerability exposed by...
Auteur: US Cert

CERTFR-2021-ALE-007 : Vulnérabilité dans Pulse Connect Secure (20 avril 2021)

Le 20 avril 2021, Pulse Secure a publié un bulletin de sécurité concernant la vulnérabilité CVE-2021-22893 (cf. section Documentation). Celle-ci permet à un attaquant non authentifié d'exécuter du code arbitraire à distance. Aucun correctif n'est...
Auteur: Cert FR

vscode-restructuredtext prior 146.0.0 Workspace Configuration injection

A vulnerability classified as critical has been found in vscode-restructuredtext. This affects an unknown code block of the component Workspace Configuration Handler. Upgrading to version 146.0.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

ADTRAN Netvanta 7060/Netvanta 7100 10.8.1 DNS unknown vulnerability

A vulnerability was found in ADTRAN Netvanta 7060 and Netvanta 7100 10.8.1. It has been rated as problematic. Affected by this issue is an unknown code of the component DNS Handler. The problem might be mitigated by replacing the product with as...
Auteur: VulDB

ADTRAN Netvanta 7060/Netvanta 7100 10.8.1 cross site scripting

A vulnerability was found in ADTRAN Netvanta 7060 and Netvanta 7100 10.8.1. It has been declared as problematic. Affected by this vulnerability is an unknown part. The problem might be mitigated by replacing the product with as an alternative.
Auteur: VulDB

ADTRAN Netvanta 7060/Netvanta 7100 10.8.1 cross site scripting

A vulnerability was found in ADTRAN Netvanta 7060 and Netvanta 7100 10.8.1. It has been classified as problematic. Affected is some unknown functionality. The problem might be mitigated by replacing the product with as an alternative.
Auteur: VulDB

IBM WebSphere Application Server 8.0/8.5/9.0 XML Data xml external entity reference

A vulnerability was found in IBM WebSphere Application Server 8.0/8.5/9.0 (Application Server Software) and classified as critical. This issue affects an unknown functionality of the component XML Data Handler. There is no information about...
Auteur: VulDB

SonicWall Email Security 10.0.9.x path traversal [CVE-2021-20023]

A vulnerability has been found in SonicWall Email Security 10.0.9.x (Anti-Malware Software) and classified as critical. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Helpcom improper authentication [CVE-2020-7856]

A vulnerability, which was classified as critical, was found in Helpcom (the affected version unknown). This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Palo Alto GlobalProtect App up to 5.1.7/5.2.3 on Windows denial of service

A vulnerability, which was classified as problematic, has been found in Palo Alto GlobalProtect App up to 5.1.7/5.2.3 on Windows. Affected by this issue is an unknown code block. Upgrading to version 5.1.8 or 5.2.4 eliminates this vulnerability.
Auteur: VulDB

Palo Alto PAN-OS Scheduled Configuration Export debug log file

A vulnerability classified as problematic was found in Palo Alto PAN-OS (Firewall Software) (affected version unknown). Affected by this vulnerability is an unknown code of the component Scheduled Configuration Export Handler. There is no...
Auteur: VulDB

Palo Alto PAN-OS XML API Request log file [CVE-2021-3036]

A vulnerability classified as problematic has been found in Palo Alto PAN-OS (Firewall Software) (version unknown). Affected is an unknown part of the component XML API Request Handler. There is no information about possible countermeasures...
Auteur: VulDB

Bridgecrew Checkov up to 2.0.25 Terraform File deserialization

A vulnerability was found in Bridgecrew Checkov up to 2.0.25. It has been rated as critical. This issue affects some unknown functionality of the component Terraform File Handler. Upgrading to version 2.0.26 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-290 : Multiples vulnérabilités dans les produits Juniper (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

CERTFR-2021-AVI-289 : Vulnérabilité dans IBM WebSphere (20 avril 2021)

Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-288 : Multiples vulnérabilités dans F5 BIG-IP (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-287 : Multiples vulnérabilités dans Mozilla Firefox (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2021-AVI-286 : Multiples vulnérabilités dans Mozilla Thunderbird (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

Linux Kernel up to 5.12.0-rc3 f2fs module fs/f2fs/node.c out-of-bounds read

A vulnerability was found in Linux Kernel up to 5.12.0-rc3 (Operating System). It has been declared as critical. This vulnerability affects an unknown functionality of the file fs/f2fs/node.c of the component f2fs module. Upgrading to version...
Auteur: VulDB

libtpms up to 0.7.x TPM 2 RsaAdjustPrimeCandidate entropy

A vulnerability was found in libtpms up to 0.7.x. It has been classified as problematic. This affects the function RsaAdjustPrimeCandidate of the component TPM 2 Handler. Upgrading to version 0.8.0 eliminates this vulnerability.
Auteur: VulDB

GStreamer up to 1.18.3 Matroska heap-based overflow

A vulnerability was found in GStreamer up to 1.18.3 (Multimedia Processing Software) and classified as critical. Affected by this issue is some unknown processing of the component Matroska Handler. Upgrading to version 1.18.4 eliminates this...
Auteur: VulDB

GStreamer up to 1.18.3 Matroska File use after free

A vulnerability has been found in GStreamer up to 1.18.3 (Multimedia Processing Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component Matroska File Handler. Upgrading to version 1.18.4...
Auteur: VulDB

GPAC 1.0.1 MP4Box AV1_DuplicateConfig denial of service

A vulnerability, which was classified as problematic, was found in GPAC 1.0.1. Affected is the function AV1_DuplicateConfig of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

GPAC 1.0.1 MP4Box gf_hinter_track_new information disclosure

A vulnerability, which was classified as problematic, has been found in GPAC 1.0.1. This issue affects the function gf_hinter_track_new of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB
12345678910Last

Événements SSI