Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SaltStack Salt prior 3002.5 salt.modules.cmdmod log file

A vulnerability was found in SaltStack Salt. It has been rated as problematic. This issue affects the function salt.modules.cmdmod. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at saltproject.io.
Auteur: VulDB

SaltStack Salt prior 3002.5 Jinja Renderer injection

A vulnerability was found in SaltStack Salt. It has been declared as critical. This vulnerability affects some unknown processing of the component Jinja Renderer. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt.wheel.pillar_roots.write pathname traversal

A vulnerability was found in SaltStack Salt. It has been classified as critical. This affects the function salt.wheel.pillar_roots.write. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

SaltStack Salt prior 3002.5 salt-api Remote Privilege Escalation

A vulnerability was found in SaltStack Salt and classified as critical. Affected by this issue is an unknown code of the component salt-api. Upgrading to version 3002.5 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Redis up to 5.0.10/6.0.10 on 32-bit configuration integer overflow

A vulnerability has been found in Redis up to 5.0.10/6.0.10 on 32-bit and classified as critical. Affected by this vulnerability is an unknown part. Upgrading to version 5.0.10, 6.0.10 or 6.2.0 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

PrestaShop up to 1.7.7.1 Soft Logout System improper authentication

A vulnerability, which was classified as critical, was found in PrestaShop up to 1.7.7.1 (E-Commerce Management Software). Affected is some unknown functionality of the component Soft Logout System. Upgrading to version 1.7.7.2 eliminates this...
Auteur: VulDB

PrestaShop up to 1.7.7.1 Admin Panel csv injection

A vulnerability, which was classified as critical, has been found in PrestaShop up to 1.7.7.1 (E-Commerce Management Software). This issue affects an unknown functionality of the component Admin Panel. Upgrading to version 1.7.7.2 eliminates this...
Auteur: VulDB

Google Android 10.0/11.0 cameraisp out-of-bounds write

A vulnerability classified as critical was found in Google Android 10.0/11.0 (Smartphone Operating System). This vulnerability affects an unknown function of the component cameraisp. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 10.0/11.0 Performance Driver out-of-bounds write

A vulnerability classified as critical has been found in Google Android 10.0/11.0 (Smartphone Operating System). This affects some unknown processing of the component Performance Driver. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 mobile_log_d information disclosure

A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been rated as problematic. Affected by this issue is an unknown code block of the component mobile_log_d. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 netdiag information disclosure

A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been declared as problematic. Affected by this vulnerability is an unknown code of the component netdiag. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 jpeg out-of-bounds write

A vulnerability was found in Google Android 11.0 (Smartphone Operating System). It has been classified as critical. Affected is an unknown part of the component jpeg. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 10.0/11.0 vow memory corruption

A vulnerability was found in Google Android 10.0/11.0 (Smartphone Operating System) and classified as critical. This issue affects some unknown functionality of the component vow. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 10.0/11.0 vpu memory corruption

A vulnerability has been found in Google Android 10.0/11.0 (Smartphone Operating System) and classified as critical. This vulnerability affects an unknown functionality of the component vpu. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 10.0/11.0 vpu memory corruption

A vulnerability, which was classified as critical, was found in Google Android 10.0/11.0 (Smartphone Operating System). This affects an unknown function of the component vpu. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Zenphoto CMS up to 1.5.7 Uploader Plugin unrestricted upload

A vulnerability, which was classified as critical, has been found in Zenphoto CMS up to 1.5.7 (Content Management System). Affected by this issue is some unknown processing of the component Uploader Plugin. There is no information about possible...
Auteur: VulDB

SaltStack Salt prior 3002.5 certificate validation [CVE-2020-35662]

A vulnerability classified as critical was found in SaltStack Salt. Affected by this vulnerability is an unknown code block. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 certificate validation [CVE-2020-28972]

A vulnerability classified as critical has been found in SaltStack Salt. Affected is an unknown code. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

SaltStack Salt prior 3002.5 Process Name command injection

A vulnerability was found in SaltStack Salt. It has been rated as critical. This issue affects an unknown part of the component Process Name Handler. Upgrading to version 3002.5 eliminates this vulnerability.
Auteur: VulDB

GNU C Library up to 2.32 Mutlibyte iconv infinite loop

A vulnerability was found in GNU C Library up to 2.32 (Software Library). It has been declared as problematic. This vulnerability affects the function iconv of the component Mutlibyte Handler. There is no information about possible...
Auteur: VulDB

Eclipse Jetty up to 9.4.36.v20210114/10.0.0/11.0.0 Accept Header algorithmic complexity

A vulnerability was found in Eclipse Jetty up to 9.4.36.v20210114/10.0.0/11.0.0. It has been classified as problematic. This affects an unknown functionality of the component Accept Header Handler. There is no information about possible...
Auteur: VulDB

Scytl sVote 2.1 X-Forwarded-For Header injection

A vulnerability was found in Scytl sVote 2.1 and classified as critical. Affected by this issue is an unknown function of the component X-Forwarded-For Header Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Scytl sVote 2.1 Event Alias Runtime.getRuntime.exec code injection

A vulnerability has been found in Scytl sVote 2.1 and classified as critical. Affected by this vulnerability is the function Runtime.getRuntime.exec of the component Event Alias Handler. There is no information about possible countermeasures...
Auteur: VulDB

Scytl sVote 2.1 Database Manager hard-coded password

A vulnerability, which was classified as critical, was found in Scytl sVote 2.1. Affected is an unknown code block of the component Database Manager. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Scytl sVote 2.1 sdm-ws-rest API preconfiguration improper authentication

A vulnerability, which was classified as critical, has been found in Scytl sVote 2.1. This issue affects an unknown code of the file /sdm-ws-rest/preconfiguration of the component sdm-ws-rest API. Addressing this vulnerability is possible by...
Auteur: VulDB
12345678910Last

Événements SSI