Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Bridgecrew Checkov up to 2.0.25 Terraform File deserialization

A vulnerability was found in Bridgecrew Checkov up to 2.0.25. It has been rated as critical. This issue affects some unknown functionality of the component Terraform File Handler. Upgrading to version 2.0.26 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-290 : Multiples vulnérabilités dans les produits Juniper (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

CERTFR-2021-AVI-289 : Vulnérabilité dans IBM WebSphere (20 avril 2021)

Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-288 : Multiples vulnérabilités dans F5 BIG-IP (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-287 : Multiples vulnérabilités dans Mozilla Firefox (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2021-AVI-286 : Multiples vulnérabilités dans Mozilla Thunderbird (20 avril 2021)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

Linux Kernel up to 5.12.0-rc3 f2fs module fs/f2fs/node.c out-of-bounds read

A vulnerability was found in Linux Kernel up to 5.12.0-rc3 (Operating System). It has been declared as critical. This vulnerability affects an unknown functionality of the file fs/f2fs/node.c of the component f2fs module. Upgrading to version...
Auteur: VulDB

libtpms up to 0.7.x TPM 2 RsaAdjustPrimeCandidate entropy

A vulnerability was found in libtpms up to 0.7.x. It has been classified as problematic. This affects the function RsaAdjustPrimeCandidate of the component TPM 2 Handler. Upgrading to version 0.8.0 eliminates this vulnerability.
Auteur: VulDB

GStreamer up to 1.18.3 Matroska heap-based overflow

A vulnerability was found in GStreamer up to 1.18.3 (Multimedia Processing Software) and classified as critical. Affected by this issue is some unknown processing of the component Matroska Handler. Upgrading to version 1.18.4 eliminates this...
Auteur: VulDB

GStreamer up to 1.18.3 Matroska File use after free

A vulnerability has been found in GStreamer up to 1.18.3 (Multimedia Processing Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component Matroska File Handler. Upgrading to version 1.18.4...
Auteur: VulDB

GPAC 1.0.1 MP4Box AV1_DuplicateConfig denial of service

A vulnerability, which was classified as problematic, was found in GPAC 1.0.1. Affected is the function AV1_DuplicateConfig of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

GPAC 1.0.1 MP4Box gf_hinter_track_new information disclosure

A vulnerability, which was classified as problematic, has been found in GPAC 1.0.1. This issue affects the function gf_hinter_track_new of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

GPAC 1.0.1 MP4Box MergeTrack denial of service

A vulnerability classified as problematic was found in GPAC 1.0.1. This vulnerability affects the function MergeTrack of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

GPAC 1.0.1 MP4Box gf_isom_cenc_get_default_info_internal denial of service

A vulnerability classified as problematic has been found in GPAC 1.0.1. This affects the function gf_isom_cenc_get_default_info_internal of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

GPAC 1.0.1 MP4Box gf_isom_set_extraction_slc denial of service

A vulnerability was found in GPAC 1.0.1. It has been rated as problematic. Affected by this issue is the function gf_isom_set_extraction_slc of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

GPAC 1.0.1 MP4Box HintFile denial of service

A vulnerability was found in GPAC 1.0.1. It has been declared as problematic. Affected by this vulnerability is the function HintFile of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

GPAC 1.0.1 MP4Box stbl_GetSampleInfos memory leak

A vulnerability was found in GPAC 1.0.1. It has been classified as problematic. Affected is the function stbl_GetSampleInfos of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

GPAC 1.0.1 MP4Box abst_box_read buffer overflow

A vulnerability was found in GPAC 1.0.1 and classified as critical. This issue affects the function abst_box_read of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

GPAC 1.0.1 MP4Box tenc_box_read denial of service

A vulnerability has been found in GPAC 1.0.1 and classified as problematic. This vulnerability affects the function tenc_box_read of the component MP4Box. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

GPAC 1.0.1 MP4 File filters/reframe_latm.c gf_filter_pck_get_data null pointer dereference

A vulnerability, which was classified as problematic, was found in GPAC 1.0.1. This affects the function gf_filter_pck_get_data of the file filters/reframe_latm.c of the component MP4 File Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

GPAC 1.0.1 media_tools/av_parsers.c gf_avc_read_pps_bs_internal integer overflow

A vulnerability, which was classified as problematic, has been found in GPAC 1.0.1. Affected by this issue is the function gf_avc_read_pps_bs_internal of the file media_tools/av_parsers.c. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

GPAC 1.0.1 File media_tools/av_parsers.c gf_hevc_read_pps_bs_internal infinite loop

A vulnerability classified as problematic was found in GPAC 1.0.1. Affected by this vulnerability is the function gf_hevc_read_pps_bs_internal of the file media_tools/av_parsers.c of the component File Handler. Applying a patch is able to...
Auteur: VulDB

GPAC 1.0.1 filters/reframe_adts.c adts_dmx_process heap-based overflow

A vulnerability classified as critical has been found in GPAC 1.0.1. Affected is the function adts_dmx_process of the file filters/reframe_adts.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

GPAC 1.0.1 filter_core/filter_pck.c av1dmx_parse_flush_sample null pointer dereference

A vulnerability was found in GPAC 1.0.1. It has been rated as problematic. This issue affects the function av1dmx_parse_flush_sample of the file filter_core/filter_pck.c. Applying a patch is able to eliminate this problem. The bugfix is ready for...
Auteur: VulDB

GPAC 1.0.1 media_tools/av_parsers.c hevc_parse_slice_segment integer overflow

A vulnerability was found in GPAC 1.0.1. It has been declared as problematic. This vulnerability affects the function hevc_parse_slice_segment of the file media_tools/av_parsers.c. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB
12345678910Last

Événements SSI