Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

McAfee Database Security up to 4.8.1 Administrator Interface cleartext transmission

A vulnerability was found in McAfee Database Security up to 4.8.1 and classified as problematic. Affected by this issue is some unknown processing of the component Administrator Interface. Upgrading to version 4.8.2 eliminates this vulnerability.
Auteur: VulDB

Eclipse Mojarra up to 2.3.13 loc/con pathname traversal

A vulnerability has been found in Eclipse Mojarra up to 2.3.13 and classified as critical. Affected by this vulnerability is an unknown code block. Upgrading to version 2.3.14 eliminates this vulnerability. Applying a patch is able to eliminate...
Auteur: VulDB

QEMU hcd-dwc2 USB Host Controller Emulation hw/usb/hcd-dwc2.c dwc2_handle_packet divide by zero

A vulnerability, which was classified as problematic, was found in QEMU (Virtualization Software) (version unknown). Affected is the function dwc2_handle_packet of the file hw/usb/hcd-dwc2.c of the component hcd-dwc2 USB Host Controller...
Auteur: VulDB

LibRaw up to 0.20.0 identify.cpp identify_process_dng_fields stack-based overflow

A vulnerability, which was classified as critical, has been found in LibRaw up to 0.20.0 (Image Processing Software). This issue affects the function LibRaw::identify_process_dng_fields of the file identify.cpp. Upgrading to version 0.20.1...
Auteur: VulDB

lrzsz up to 0.12.20 zsdata information disclosure

A vulnerability classified as problematic was found in lrzsz up to 0.12.20. This vulnerability affects the function zsdata. Upgrading to version 0.12.21 eliminates this vulnerability.
Auteur: VulDB

OpenStack Swift up to 2.10.1/2.13.0/2.14.0 Proxy-Server Log information disclosure

A vulnerability classified as problematic has been found in OpenStack Swift up to 2.10.1/2.13.0/2.14.0 (Cloud Software). This affects an unknown functionality of the component Proxy-Server Log Handler. There is no information about possible...
Auteur: VulDB

file up to 5.01 buffer overflow [CVE-2009-0948]

A vulnerability was found in file up to 5.01. It has been rated as critical. Affected by this issue is the function cdf_read_sat/cdf_read_long_sector_chain/cdf_read_ssat. Upgrading to version 5.02 eliminates this vulnerability.
Auteur: VulDB

file up to 5.01 cdf_read_property_info/cdf_read_sat integer overflow

A vulnerability was found in file up to 5.01. It has been declared as critical. Affected by this vulnerability is the function cdf_read_property_info/cdf_read_sat. Upgrading to version 5.02 eliminates this vulnerability.
Auteur: VulDB

Fortinet FortiGate 6.4.0/6.4.1/6.4.2/6.4.3/6.4.4 SSLVPN certificate validation

A vulnerability was found in Fortinet FortiGate 6.4.0/6.4.1/6.4.2/6.4.3/6.4.4 (Firewall Software). It has been classified as critical. Affected is an unknown code block of the component SSLVPN. There is no information about possible...
Auteur: VulDB

Openshift Container Platform Restricted Security Context Constraints allocation of resources

A vulnerability was found in Openshift Container Platform (Virtualization Software) (unknown version) and classified as problematic. This issue affects an unknown code of the component Restricted Security Context Constraints. There is no...
Auteur: VulDB

OpenShift prior 4.7.0-202105111858.p0 kubeconfig privileges assignment

A vulnerability has been found in OpenShift (Virtualization Software) and classified as problematic. This vulnerability affects an unknown part of the file /etc/kubernetes/kubeconfig. Upgrading to version 4.7.0-202105111858.p0 eliminates this...
Auteur: VulDB

QEMU up to 6.0 virtio vhost-user GPU Device virgl.c virgl_cmd_get_capset_info information disclosure

A vulnerability, which was classified as problematic, was found in QEMU up to 6.0 (Virtualization Software). This affects the function virgl_cmd_get_capset_info of the file contrib/vhost-user-gpu/virgl.c of the component virtio vhost-user GPU...
Auteur: VulDB

Satori go.uuid g.rand.Read weak prng

A vulnerability, which was classified as problematic, has been found in Satori go.uuid (affected version not known). Affected by this issue is the function g.rand.Read. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

KDE Messagelib up to 5.17.0 Encrypted Message viewer_p.cpp deleteAttachment missing encryption

A vulnerability classified as problematic was found in KDE Messagelib up to 5.17.0. Affected by this vulnerability is the function ViewerPrivate::deleteAttachment of the file messageviewer/src/viewer/viewer_p.cpp of the component Encrypted...
Auteur: VulDB

Pillow up to 8.1.x BLP Data BlpImagePlugin denial of service

A vulnerability classified as problematic has been found in Pillow up to 8.1.x. Affected is the function BlpImagePlugin of the component BLP Data Handler. Upgrading to version 8.2.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Pillow up to 8.1.x EPS File EPSImageFile resource consumption

A vulnerability was found in Pillow up to 8.1.x. It has been rated as problematic. This issue affects the function EPSImageFile of the component EPS File Handler. Upgrading to version 8.2.0 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Pillow up to 8.1.x FLI Data FliDecode infinite loop

A vulnerability was found in Pillow up to 8.1.x. It has been declared as problematic. This vulnerability affects the function FliDecode of the component FLI Data Handler. Upgrading to version 8.2.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

Pillow up to 8.1.x Data Block PSDImagePlugin.PsdImageFile denial of service

A vulnerability was found in Pillow up to 8.1.x. It has been classified as problematic. This affects the function PSDImagePlugin.PsdImageFile of the component Data Block Handler. Upgrading to version 8.2.0 eliminates this vulnerability.
Auteur: VulDB

Pillow up to 8.1.x j2ku_gray_i out-of-bounds read

A vulnerability was found in Pillow up to 8.1.x and classified as problematic. Affected by this issue is the function j2ku_gray_i. Upgrading to version 8.2.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Pillow up to 8.1.x j2ku_graya_la out-of-bounds read

A vulnerability has been found in Pillow up to 8.1.x and classified as problematic. Affected by this vulnerability is the function j2ku_graya_la. Upgrading to version 8.2.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Red Hat jboss-remoting prior 5.0.20.SP1-redhat-00001 Message resource consumption

A vulnerability, which was classified as problematic, was found in Red Hat jboss-remoting (Application Server Software). Affected is an unknown function of the component Message Handler. Upgrading to version 5.0.20.SP1-redhat-00001 eliminates...
Auteur: VulDB

QEMU ide/ahci.c ahci_commit_buf denial of service

A vulnerability, which was classified as problematic, has been found in QEMU (Virtualization Software) (unknown version). This issue affects the function ahci_commit_buf of the file ide/ahci.c. There is no information about possible...
Auteur: VulDB

lz4 memmove size out-of-bounds write

A vulnerability classified as critical was found in lz4 (the affected version is unknown). This vulnerability affects the function memmove. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

McAfee Database Security up to 4.8.1 deserialization [CVE-2021-23895]

A vulnerability classified as critical has been found in McAfee Database Security up to 4.8.1. This affects an unknown code. Upgrading to version 4.8.2 eliminates this vulnerability.
Auteur: VulDB

McAfee Database Security up to 4.8.1 deserialization [CVE-2021-23894]

A vulnerability was found in McAfee Database Security up to 4.8.1. It has been rated as critical. Affected by this issue is an unknown part. Upgrading to version 4.8.2 eliminates this vulnerability.
Auteur: VulDB
First16171819202122232425Last

Événements SSI