Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-247 : Multiples vulnérabilités dans Tenable Nessus Agent (09 avril 2021)

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

Exiv2 up to 0.27.4-RC1 JPG Image jp2image.cpp Jp2Image::readMetadata rawData.size heap-based overflow

A vulnerability classified as critical was found in Exiv2 up to 0.27.4-RC1 (Image Processing Software). This vulnerability affects the function Jp2Image::readMetadata of the file jp2image.cpp of the component JPG Image Handler. Upgrading to...
Auteur: VulDB

dnsmasq up to 2.84 Port security check for standard

A vulnerability classified as problematic has been found in dnsmasq up to 2.84 (Domain Name Software). This affects an unknown function of the component Port Handler. Upgrading to version 2.85 eliminates this vulnerability.
Auteur: VulDB

Red Hat Satellite up to 2.1.x tfm-rubygem-foreman_azure_rm information disclosure

A vulnerability was found in Red Hat Satellite up to 2.1.x. It has been rated as problematic. Affected by this issue is some unknown processing of the component tfm-rubygem-foreman_azure_rm. Upgrading to version 2.2.0 eliminates this...
Auteur: VulDB

Aprelium Abyss Web Server 2.12.1/2.14 HTTP Request out-of-bounds read

A vulnerability was found in Aprelium Abyss Web Server 2.12.1/2.14 (Web Server). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component HTTP Request Handler. Proper firewalling of is able to...
Auteur: VulDB

Dolby Audio X2 API prior 0.8.8.90 on Windows Remote Privilege Escalation

A vulnerability was found in Dolby Audio X2 API on Windows (Automation Software). It has been classified as critical. Upgrading to version 0.8.8.90 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel BPF JIT Compiler Remote Privilege Escalation [CVE-2021-29154]

A vulnerability was found in Linux Kernel (Operating System) (unknown version) and classified as critical. This issue affects an unknown part of the component BPF JIT Compiler. Applying a patch is able to eliminate this problem. The bugfix is...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins authorization

A vulnerability has been found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software) and classified as critical. This vulnerability affects some unknown functionality. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins cross-site request forgery

A vulnerability, which was classified as problematic, was found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). This affects an unknown functionality. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins certificate validation

A vulnerability, which was classified as critical, has been found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). Affected by this issue is an unknown function. There is no information about possible...
Auteur: VulDB

Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins cross site scripting

A vulnerability classified as problematic was found in Micro Focus Application Automation Tools Plugin up to 6.7 on Jenkins (Automation Software). Affected by this vulnerability is some unknown processing. There is no information about possible...
Auteur: VulDB

Micro Focus Operations Bridge Manager 2019.05/2019.11/2020.05/2020.10 improper authentication

A vulnerability classified as critical has been found in Micro Focus Operations Bridge Manager 2019.05/2019.11/2020.05/2020.10. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Huawei Secospace USG9500 Message memory leak [CVE-2021-22312]

A vulnerability was found in Huawei IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and Secospace USG9500. It has been rated as problematic. This issue affects an unknown code of the component Message Handler....
Auteur: VulDB

Cloud Foundry Cloud Controller API up to 1.105.x Service Broker Credential log file

A vulnerability was found in Cloud Foundry Cloud Controller API up to 1.105.x (Cloud Software). It has been declared as problematic. This vulnerability affects an unknown part of the component Service Broker Credential Handler. Upgrading to...
Auteur: VulDB

Forcepoint Web Security Content Gateway up to 8.5.3 XML information disclosure

A vulnerability was found in Forcepoint Web Security Content Gateway up to 8.5.3 (Anti-Malware Software). It has been classified as problematic. This affects some unknown functionality of the component XML Handler. Upgrading to version 8.5.4...
Auteur: VulDB

Xiaomi Mobile Phone MIUI prior 2021.01.26 information disclosure

A vulnerability was found in Xiaomi Mobile Phone MIUI (Smartphone Operating System) and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 2021.01.26 eliminates this vulnerability.
Auteur: VulDB

Xiaomi AX3600 1.0.50 XQBackup race condition

A vulnerability has been found in Xiaomi AX3600 1.0.50 and classified as critical. Affected by this vulnerability is an unknown function of the component XQBackup. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Xiaomi 10 MIUI prior 2020.01.15 SNO information disclosure

A vulnerability, which was classified as problematic, was found in Xiaomi 10 MIUI. Affected is some unknown processing of the component SNO Handler. Upgrading to version 2020.01.15 eliminates this vulnerability.
Auteur: VulDB

Xiaomi AX1800/RM1800 Backup hard-coded key [CVE-2020-14099]

A vulnerability, which was classified as problematic, has been found in Xiaomi AX1800 and RM1800 (unknown version). This issue affects an unknown code block of the component Backup Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Squirro Insights Engine up to 3.2.4 cross site scripting [CVE-2021-27945]

A vulnerability classified as problematic was found in Squirro Insights Engine up to 3.2.4. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Learnsite 1.2.5.0 Cookie /Manager/index.aspx JudgIsAdmin access control

A vulnerability classified as critical has been found in Learnsite 1.2.5.0. This affects the function JudgIsAdmin of the file /Manager/index.aspx of the component Cookie Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Realtek rtl8723de BLE Stack up to 4.1 CONNECT_REQ Message interval denial of service

A vulnerability was found in Realtek rtl8723de BLE Stack up to 4.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component CONNECT_REQ Message Handler. There is no information about possible...
Auteur: VulDB

VestaCP up to 0.9.8-24 user.conf RKEY permission

A vulnerability was found in VestaCP up to 0.9.8-24. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file user.conf. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

VestaCP up to 0.9.8-24 sudo Configuration /usr/local/vesta/bin access control

A vulnerability was found in VestaCP up to 0.9.8-24. It has been classified as critical. Affected is an unknown function of the file /usr/local/vesta/bin of the component sudo Configuration Handler. There is no information about possible...
Auteur: VulDB

zzcms 201910 /user/adv.php access control

A vulnerability was found in zzcms 201910 (Content Management System) and classified as critical. This issue affects some unknown processing of the file /user/adv.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI