Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ytnef 1.9.3 File lib/ytnef.c SwapWord heap-based overflow

A vulnerability was found in ytnef 1.9.3 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is the function SwapWord in the library lib/ytnef.c of the component File Handler. There is no information about...
Auteur: VulDB

CERTFR-2021-AVI-170 : Vulnérabilité dans Asterisk (05 mars 2021)

Une vulnérabilité a été découverte dans Asterisk. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

ytnef 1.9.3 lib/ytnef.c TNEFSubjectHandler double free

A vulnerability was found in ytnef 1.9.3 (Document Reader Software). It has been classified as critical. Affected is the function TNEFSubjectHandler in the library lib/ytnef.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Doctor Appointment System 1.0 admin.php username sql injection

A vulnerability was found in Doctor Appointment System 1.0 (Appointment Software) and classified as critical. This issue affects some unknown functionality of the file admin.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

Yubico yubihsm-shell up to 2.0.3 _send_secure_msg out-of-bounds read

A vulnerability has been found in Yubico yubihsm-shell up to 2.0.3 and classified as problematic. This vulnerability affects the function _send_secure_msg. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CERTFR-2021-AVI-169 : Multiples vulnérabilités dans GitLab (05 mars 2021)

De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et une atteinte à l'intégrité...
Auteur: Cert FR

NetApp Clustered Data ONTAP up to 9.3P20/9.5P15/9.6P11/9.7P8 SMB Access denial of service

A vulnerability, which was classified as problematic, was found in NetApp Clustered Data ONTAP up to 9.3P20/9.5P15/9.6P11/9.7P8. This affects an unknown function of the component SMB Access Handler. Upgrading to version 9.3P21, 9.5P16, 9.6P12,...
Auteur: VulDB

NetApp Clustered Data ONTAP up to 9.3P20/9.5P15/9.6P11/9.7P7 information disclosure

A vulnerability, which was classified as problematic, has been found in NetApp Clustered Data ONTAP up to 9.3P20/9.5P15/9.6P11/9.7P7. Affected by this issue is some unknown processing. Upgrading to version 9.3P21, 9.5P16, 9.6P12, 9.7P8 or 9.8...
Auteur: VulDB

CERTFR-2021-AVI-168 : Vulnérabilité dans Sonicwall Directory Service Connector (05 mars 2021)

Une vulnérabilité a été découverte dans Sonicwall Directory Service Connector. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des...
Auteur: Cert FR

AfterLogic Aurora/WebMail Pro up to 8.5.3 DAV DAVServer.php pathname traversal

A vulnerability classified as critical was found in AfterLogic Aurora and WebMail Pro up to 8.5.3. Affected by this vulnerability is an unknown code block of the file DAVServer.php of the component DAV. There is no information about possible...
Auteur: VulDB

Joomla! up to 3.9.24 Form Filter Remote Privilege Escalation

A vulnerability classified as critical has been found in Joomla! up to 3.9.24 (Content Management System). Affected is an unknown code of the component Form Filter. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

CERTFR-2021-AVI-167 : Multiples vulnérabilités dans Microsoft Edge (05 mars 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Joomla! up to 3.9.24 ZIP Package path traversal

A vulnerability was found in Joomla! up to 3.9.24 (Content Management System). It has been rated as critical. This issue affects an unknown part of the component ZIP Package Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Joomla! up to 3.9.24 Category unknown vulnerability [CVE-2021-26027]

A vulnerability was found in Joomla! up to 3.9.24 (Content Management System). It has been declared as critical. This vulnerability affects some unknown functionality of the component Category Handler. There is no information about possible...
Auteur: VulDB

Samsung Internet prior 13.0.1.60 Permission permission

A vulnerability was found in Samsung Internet. It has been classified as problematic. This affects an unknown functionality of the component Permission Handler. Upgrading to version 13.0.1.60 eliminates this vulnerability.
Auteur: VulDB

Samsung Mobile Device prior SMR Feb-2021 Release 1 Email App improper authentication

A vulnerability was found in Samsung Mobile Device (Smartphone Operating System) and classified as critical. Affected by this issue is an unknown function of the component Email App. Upgrading to version SMR Feb-2021 Release 1 eliminates this...
Auteur: VulDB

Samsung Mobile Device prior SMR Jan-2021 Release 1 quram Library memory corruption

A vulnerability has been found in Samsung Mobile Device (Smartphone Operating System) and classified as critical. Affected by this vulnerability is some unknown processing of the component quram Library. Upgrading to version SMR Jan-2021 Release...
Auteur: VulDB

Samsung Mobile Device prior SMR Mar-2021 Release 1 hwcomposer denial of service

A vulnerability, which was classified as problematic, was found in Samsung Mobile Device (Smartphone Operating System). Affected is an unknown code block of the component hwcomposer. Upgrading to version SMR Mar-2021 Release 1 eliminates this...
Auteur: VulDB

Samsung Mobile Device prior SMR Mar-2021 Release 1 knox_custom Service permission

A vulnerability, which was classified as problematic, has been found in Samsung Mobile Device (Smartphone Operating System). This issue affects an unknown code of the component knox_custom Service. Upgrading to version SMR Mar-2021 Release 1...
Auteur: VulDB

Samsung Mobile Device prior 2.4.81.13/3.8.00.13 memory corruption

A vulnerability classified as problematic was found in Samsung Mobile Device (Smartphone Operating System). This vulnerability affects an unknown part. Upgrading to version 2.4.81.13 or 3.8.00.13 eliminates this vulnerability.
Auteur: VulDB

Samsung SMP SDK prior 3.0.9 Provider denial of service

A vulnerability classified as problematic has been found in Samsung SMP SDK. This affects some unknown functionality of the component Provider Handler. Upgrading to version 3.0.9 eliminates this vulnerability.
Auteur: VulDB

Samsung S Assistant prior 6.5.01.22 denial of service [CVE-2021-25341]

A vulnerability was found in Samsung S Assistant. It has been rated as problematic. Affected by this issue is an unknown functionality. Upgrading to version 6.5.01.22 eliminates this vulnerability.
Auteur: VulDB

Samsung Mobile Device prior SMR Feb-2021 Release 1 Keyboard access control

A vulnerability was found in Samsung Mobile Device (Smartphone Operating System). It has been declared as critical. Affected by this vulnerability is an unknown function of the component Keyboard. Upgrading to version SMR Feb-2021 Release 1...
Auteur: VulDB

Samsung Mobile Devices prior SMR Mar-2021 Release 1 HArx memory corruption

A vulnerability was found in Samsung Mobile Devices (Smartphone Operating System). It has been classified as critical. Affected is some unknown processing of the component HArx. Upgrading to version SMR Mar-2021 Release 1 eliminates this...
Auteur: VulDB

Samsung Mobile Devices prior SMR Mar-2021 Release 1 RKP access control

A vulnerability was found in Samsung Mobile Devices (Smartphone Operating System) and classified as critical. This issue affects an unknown code block of the component RKP. Upgrading to version SMR Mar-2021 Release 1 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI