Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Vangene deltaFlow E-Platform File Download path traversal [CVE-2021-28172]

A vulnerability has been found in Vangene deltaFlow E-Platform (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part of the component File Download Handler. There is no information about possible...
Auteur: VulDB

Vangene deltaFlow E-Platform Cookie insufficiently protected credentials

A vulnerability, which was classified as critical, was found in Vangene deltaFlow E-Platform (version unknown). Affected is some unknown functionality of the component Cookie Handler. There is no information about possible countermeasures known....
Auteur: VulDB

CITSmart prior 9.1.2.28 Filtro de Autocomplete unknown vulnerability

A vulnerability, which was classified as problematic, has been found in CITSmart. This issue affects an unknown functionality of the component Filtro de Autocomplete. Upgrading to version 9.1.2.28 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

iKuaiOS 3.4.8 Build 202012291059 information disclosure [CVE-2021-28075]

A vulnerability classified as problematic was found in iKuaiOS 3.4.8 Build 202012291059. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_control_messages.c _parse_options buffer overflow

A vulnerability classified as critical has been found in RIOT-OS up to 2021.01. This affects the function _parse_options of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible countermeasures...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_validation.c gnrc_rpl_validation_options buffer overflow

A vulnerability was found in RIOT-OS up to 2021.01. It has been rated as critical. Affected by this issue is the function gnrc_rpl_validation_options of the file sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c. There is no information about...
Auteur: VulDB

RIOT-OS 2020.01 gnrc_rpl_control_messages.c buffer overflow

A vulnerability was found in RIOT-OS 2020.01. It has been declared as critical. Affected by this vulnerability is an unknown code of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible...
Auteur: VulDB

SerenityOS ASN.1 DER.h der_decode_sequence buffer overflow

A vulnerability was found in SerenityOS (version unknown). It has been classified as problematic. Affected is the function Crypto::der_decode_sequence in the library /Userland/Libraries/LibCrypto/ASN1/DER.h of the component ASN.1 Handler....
Auteur: VulDB

TimelyBills on iOS/Android JWT Token Storage cleartext storage

A vulnerability was found in TimelyBills on iOS/Android (unknown version) and classified as problematic. This issue affects some unknown functionality of the component JWT Token Storage. There is no information about possible countermeasures...
Auteur: VulDB

Facebook WhatsApp/WhatsApp Business prior 2.21.4.18 on Android Cache Configuration information disclosure

A vulnerability has been found in Facebook WhatsApp and WhatsApp Business on Android (Social Network Software) and classified as problematic. This vulnerability affects an unknown functionality of the component Cache Configuration Handler....
Auteur: VulDB

Facebook WhatsApp/WhatsApp Business on Android/iOS Decoding Pipeline out-of-bounds write

A vulnerability, which was classified as critical, was found in Facebook WhatsApp and WhatsApp Business on Android/iOS (Social Network Software) (the affected version unknown). This affects an unknown function of the component Decoding Pipeline...
Auteur: VulDB

MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management

A vulnerability, which was classified as critical, has been found in MongoDB Compass up to 1.2.x/1.24.x on Windows (Database Software). Affected by this issue is some unknown processing. Upgrading to version 1.3.0 or 1.25.0 eliminates this...
Auteur: VulDB

Union Pay up to 3.3.12 on iOS signature verification [CVE-2020-36285]

A vulnerability classified as critical was found in Union Pay up to 3.3.12 on iOS (iOS App Software). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Union Pay up to 3.4.93.4.9 on Android signature verification

A vulnerability classified as critical has been found in Union Pay up to 3.4.93.4.9 on Android (Android App Software). Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Union Pay up to 1.2.0 Shopping signature verification

A vulnerability was found in Union Pay up to 1.2.0. It has been rated as critical. This issue affects an unknown part of the component Shopping Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Red Hat Enterprise Linux up to 8.3 QEMU out-of-bounds read

A vulnerability was found in Red Hat Enterprise Linux up to 8.3 (Operating System). It has been declared as problematic. This vulnerability affects some unknown functionality of the component QEMU. Applying a patch is able to eliminate this...
Auteur: VulDB

CERTFR-2021-ACT-013 : Bulletin d’actualité CERTFR-2021-ACT-013 (06 avril 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

Redmine up to 4.0.7/4.1.1 Issues API permission

A vulnerability was found in Redmine up to 4.0.7/4.1.1 (Project Management Software). It has been classified as critical. This affects an unknown functionality of the component Issues API. Upgrading to version 4.0.8 or 4.1.2 eliminates this...
Auteur: VulDB

Redmine up to 4.0.7/4.1.1 Project project_id information disclosure

A vulnerability was found in Redmine up to 4.0.7/4.1.1 (Project Management Software) and classified as problematic. Affected by this issue is an unknown function of the component Project Handler. Upgrading to version 4.0.8 or 4.1.2 eliminates...
Auteur: VulDB

LG Mobile Devices ISMS Services access control [CVE-2021-30162]

A vulnerability has been found in LG Mobile Devices (Smartphone Operating System) (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown processing of the component ISMS Services. There is no...
Auteur: VulDB

LG Mobile Device Lockscreen protection mechanism [CVE-2021-30161]

A vulnerability, which was classified as critical, was found in LG Mobile Device (Smartphone Operating System) (version unknown). Affected is an unknown code block of the component Lockscreen. There is no information about possible...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 Special:ResetTokens denial of service

A vulnerability, which was classified as problematic, has been found in MediaWiki up to 1.31.11/1.35.1 (Content Management System). This issue affects an unknown code of the file Special:ResetTokens. Upgrading to version 1.31.12 or 1.35.2...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 ChangesList Special Pages cross site scripting

A vulnerability classified as problematic was found in MediaWiki up to 1.31.11/1.35.1 (Content Management System). This vulnerability affects an unknown part of the component ChangesList Special Pages. Upgrading to version 1.31.12 or 1.35.2...
Auteur: VulDB

MediaWiki up to 1.31.11/1.35.1 Special:NewFiles cross site scripting

A vulnerability classified as problematic has been found in MediaWiki up to 1.31.11/1.35.1 (Content Management System). This affects some unknown functionality of the file Special:NewFiles. Upgrading to version 1.31.12 or 1.35.2 eliminates this...
Auteur: VulDB

Sidekiq up to 5.1.3/6.2.0 Live-Poll cross site scripting

A vulnerability was found in Sidekiq up to 5.1.3/6.2.0. It has been rated as problematic. Affected by this issue is an unknown functionality of the component Live-Poll. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First567891011121314Last

Événements SSI