Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Android 11.0 windowmanager privilege escalation

A vulnerability was found in Google Android 11.0. It has been declared as critical. This vulnerability affects an unknown code block of the component windowmanager. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 Factory Reset Protection privilege escalation

A vulnerability was found in Google Android 11.0. It has been classified as critical. This affects an unknown code of the component Factory Reset Protection. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 libstagefright Integer Overflow memory corruption

A vulnerability was found in Google Android 11.0 and classified as critical. Affected by this issue is an unknown part of the component libstagefright. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 8.0/8.1/9.0/10.0/11.0 combined_decode.cpp DecodeFrameCombinedMode Out-of-Bounds memory corruption

A vulnerability has been found in Google Android 8.0/8.1/9.0/10.0/11.0 and classified as critical. Affected by this vulnerability is the function DecodeFrameCombinedMode of the file combined_decode.cpp. Applying a patch is able to eliminate this...
Auteur: VulDB

Google Android Out-of-Bounds memory corruption [CVE-2020-0229]

A vulnerability, which was classified as critical, was found in Google Android (version unknown). Affected is an unknown functionality. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 screencap command injection

A vulnerability, which was classified as critical, has been found in Google Android 11.0. This issue affects an unknown function of the component screencap. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 mediadrm Out-of-Bounds information disclosure

A vulnerability classified as problematic was found in Google Android 11.0. This vulnerability affects some unknown processing of the component mediadrm. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android Out-of-Bounds memory corruption [CVE-2020-0123]

A vulnerability classified as critical has been found in Google Android (the affected version unknown). This affects an unknown code block. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 8.0/8.1/9.0/10.0/11.0 PackageManagerService.java verifyIntentFiltersIfNeeded privilege escalation

A vulnerability was found in Google Android 8.0/8.1/9.0/10.0/11.0. It has been rated as critical. Affected by this issue is the function verifyIntentFiltersIfNeeded of the file PackageManagerService.java. Applying a patch is able to eliminate...
Auteur: VulDB

DBI Module up to 1.642 on Perl hv_fetch() NULL Pointer Dereference denial of service

A vulnerability was found in DBI Module up to 1.642 on Perl. It has been declared as problematic. Affected by this vulnerability is the function hv_fetch(). Upgrading to version 1.643 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-579 : Vulnérabilité dans Samba (17 septembre 2020)

Une vulnérabilité a été découverte dans le logiciel Samba. Elle permet à un attaquant de provoquer une élévation de privilgèes si le serveur Samba est configuré pour être contrôleur de domaine (de type 'NT4' ou Active Directory). La configuration...
Auteur: Cert FR

SuSE Linux Enterprise Module for SUSE Manager Server Salt privilege escalation

A vulnerability was found in SuSE Linux Enterprise Module for SUSE Manager Server, Manager Proxy, Manager Retail Branch Server and Manager Server (Operating System) (version unknown). It has been classified as critical. Affected is some unknown...
Auteur: VulDB

CERTFR-2020-AVI-578 : Multiples vulnérabilités dans les produits F5 (17 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits F5 . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-577 : Multiples vulnérabilités dans Drupal core (17 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Drupal core. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

Apple iOS/iPadOS up to 14.0 SpringBoard privilege escalation

A vulnerability was found in Apple iOS and iPadOS up to 14.0 (Smartphone Operating System) and classified as critical. This issue affects an unknown functionality of the component SpringBoard. The problem might be mitigated by replacing the...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 7.13.5/8.5.6/8.11.x /ViewUserHover.jspa information disclosure

A vulnerability has been found in Atlassian JIRA Server and Data Center up to 7.13.5/8.5.6/8.11.x (Bug Tracking Software) and classified as problematic. This vulnerability affects an unknown function of the file /ViewUserHover.jspa. Upgrading to...
Auteur: VulDB

Bosch Smart Home System App up to 9.17.0 on iOS Certificate Validation Man-in-the-Middle weak authentication

A vulnerability, which was classified as critical, was found in Bosch Smart Home System App up to 9.17.0 on iOS (iOS App Software). This affects some unknown processing of the component Certificate Validation Handler. Upgrading to version 9.17.1...
Auteur: VulDB

Nitro Pro 13.13.2.242/13.16.2.300 File Heap-based memory corruption

A vulnerability, which was classified as critical, has been found in Nitro Pro 13.13.2.242/13.16.2.300. Affected by this issue is an unknown code block of the component File Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Sylabs Singularity up to 3.6.2 Permission privilege escalation

A vulnerability classified as critical was found in Sylabs Singularity up to 3.6.2. Affected by this vulnerability is an unknown code of the component Permission. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Sylabs Singularity up to 3.6.2 Permission privilege escalation

A vulnerability classified as critical has been found in Sylabs Singularity up to 3.6.2. Affected is an unknown part of the component Permission. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Genexis Platinum 4410 V2-1.28 WiFi Access Point cross site request forgery

A vulnerability was found in Genexis Platinum 4410 V2-1.28. It has been rated as problematic. This issue affects some unknown functionality of the component WiFi Access Point. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Freebox Server up to 4.2.2 OS Web Interface DNS Rebinding privilege escalation

A vulnerability was found in Freebox Server up to 4.2.2. It has been declared as critical. This vulnerability affects an unknown functionality of the component OS Web Interface. Upgrading to version 4.2.3 eliminates this vulnerability.
Auteur: VulDB

Freebox Server up to 4.2.2 UPnP IGD DNS Rebinding privilege escalation

A vulnerability was found in Freebox Server up to 4.2.2. It has been classified as critical. This affects an unknown function of the component UPnP IGD. Upgrading to version 4.2.3 eliminates this vulnerability.
Auteur: VulDB

Freebox HD up to 1.5.28 DNS DNS Rebinding privilege escalation

A vulnerability was found in Freebox HD up to 1.5.28 and classified as critical. Affected by this issue is some unknown processing of the component DNS Handler. Upgrading to version 1.5.29 eliminates this vulnerability.
Auteur: VulDB

Freebox Server up to 4.2.2 UPnP MediaServer cross site request forgery

A vulnerability has been found in Freebox Server up to 4.2.2 and classified as problematic. Affected by this vulnerability is an unknown code block of the component UPnP MediaServer. Upgrading to version 4.2.3 eliminates this vulnerability.
Auteur: VulDB
First78910111213141516Last

Événements SSI