Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel up to 5.9.1 events_base.c use after free

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.9.1 (Operating System). Affected is an unknown function of the file drivers/xen/events/events_base.c. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Xen up to 4.14.x TLB Entry memory corruption

A vulnerability, which was classified as critical, has been found in Xen up to 4.14.x (Virtualization Software). This issue affects some unknown processing of the component TLB Entry Handler. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Linux Kernel up to 5.9.1 dom0 Event denial of service

A vulnerability classified as critical was found in Linux Kernel up to 5.9.1 (Operating System). This vulnerability affects an unknown code block of the component dom0 Event Handler. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Xen up to 4.14.x Superpage use after free

A vulnerability classified as problematic has been found in Xen up to 4.14.x (Virtualization Software). This affects an unknown code of the component Superpage Handler. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Xen up to 4.14.x IOMMU TLB Flush denial of service

A vulnerability was found in Xen up to 4.14.x (Virtualization Software). It has been rated as problematic. Affected by this issue is an unknown part of the component IOMMU TLB Flush Handler. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Xen up to 4.14.x AMD IOMMU Page-Table Entry denial of service

A vulnerability was found in Xen up to 4.14.x (Virtualization Software). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component AMD IOMMU Page-Table Entry Handler. Applying a patch is...
Auteur: VulDB

Strapi up to 3.2.4 WYSIWYG Editor Preview cross site scripting

A vulnerability was found in Strapi up to 3.2.4. It has been classified as problematic. Affected is an unknown functionality of the component WYSIWYG Editor Preview Handler. Upgrading to version 3.2.5 eliminates this vulnerability.
Auteur: VulDB

Strapi up to 3.2.4 content-type-builder Route admin::hasPermissions permission

A vulnerability was found in Strapi up to 3.2.4 and classified as critical. This issue affects the function admin::hasPermissions of the component content-type-builder Route Handler. Upgrading to version 3.2.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-676 : Multiples vulnérabilités dans Chrome OS (23 octobre 2020)

De multiples vulnérabilités ont été découvertes dans Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Strapi up to 3.2.4 index.js unknown vulnerability

A vulnerability has been found in Strapi up to 3.2.4 and classified as problematic. This vulnerability affects some unknown processing of the file admin/src/containers/InputModalStepperProvider/index.js. Upgrading to version 3.2.5 eliminates this...
Auteur: VulDB

LeviStudioU up to 2019-09-21 Parameter xml external entity reference

A vulnerability, which was classified as critical, was found in LeviStudioU up to 2019-09-21. This affects an unknown code block of the component Parameter Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

CERTFR-2020-AVI-675 : Multiples vulnérabilités dans les produits VMware (23 octobre 2020)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une injection de code à distance (XSS) et une atteinte à la confidentialité des données.

Auteur: Cert FR

Eyoucms 1.2.7 login.php cross-site request forgery

A vulnerability, which was classified as problematic, has been found in Eyoucms 1.2.7. Affected by this issue is an unknown code of the file login.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Tiki up to 21.1 Admin Password tiki-login.php improper authentication

A vulnerability classified as critical was found in Tiki up to 21.1. Affected by this vulnerability is an unknown part of the file tiki-login.php of the component Admin Password Handler. Upgrading to version 21.2 eliminates this vulnerability.
Auteur: VulDB

parse-server on npm Session Token operation on a resource after expiration

A vulnerability classified as problematic has been found in parse-server on npm (version unknown). Affected is some unknown functionality of the component Session Token Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

GitLab Runner up to 13.2.9/13.3.6/13.4.1 Runner Configuration unknown vulnerability

A vulnerability was found in GitLab Runner up to 13.2.9/13.3.6/13.4.1 (Bug Tracking Software). It has been rated as problematic. This issue affects an unknown functionality of the component Runner Configuration Handler. Upgrading to version...
Auteur: VulDB

Micro Focus Manager up to 2020.05 unknown vulnerability [CVE-2020-11853]

A vulnerability was found in Micro Focus Manager up to 2020.05. It has been declared as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

fabric8-maven-plugin 4.0.0 wildfly-swarm/Thorntail Custom Configuration deserialization

A vulnerability was found in fabric8-maven-plugin 4.0.0. It has been classified as critical. This affects some unknown processing of the component wildfly-swarm/Thorntail Custom Configuration. There is no information about possible...
Auteur: VulDB

Mozilla Network Security Services up to 3.43 Certificate Sequence denial of service

A vulnerability was found in Mozilla Network Security Services up to 3.43 (Web Browser) and classified as problematic. Affected by this issue is an unknown code block of the component Certificate Sequence Handler. Upgrading to version 3.44...
Auteur: VulDB

Mozilla Network Security Services up to 3.45 buffer overflow

A vulnerability has been found in Mozilla Network Security Services up to 3.45 (Web Browser) and classified as problematic. Affected by this vulnerability is an unknown code of the component Network Security Services. Upgrading to version 3.46...
Auteur: VulDB

Microchip CryptoAuthentication Library CryptoAuthLib prior 20191122 buffer overflow

A vulnerability, which was classified as problematic, was found in Microchip CryptoAuthentication Library CryptoAuthLib (Software Library). Affected is an unknown part. Upgrading to version 20191122 eliminates this vulnerability.
Auteur: VulDB

Microchip CryptoAuthentication Library CryptoAuthLib prior 20191122 buffer overflow

A vulnerability, which was classified as problematic, has been found in Microchip CryptoAuthentication Library CryptoAuthLib (Software Library). This issue affects some unknown functionality. Upgrading to version 20191122 eliminates this...
Auteur: VulDB

Atmel Advanced Software Framework 4 integer overflow [CVE-2019-16127]

A vulnerability classified as critical was found in Atmel Advanced Software Framework 4. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Mozilla Network Security Services up to 3.36.6/3.41.0 Signature denial of service

A vulnerability classified as problematic has been found in Mozilla Network Security Services up to 3.36.6/3.41.0 (Web Browser). This affects an unknown function of the component Signature Handler. Upgrading to version 3.36.7 or 3.41.1 eliminates...
Auteur: VulDB

Elasticsearch up to 6.8.12/7.9.1 Field Level Security permission

A vulnerability was found in Elasticsearch up to 6.8.12/7.9.1. It has been rated as critical. Affected by this issue is some unknown processing of the component Field Level Security. Upgrading to version 6.8.13 or 7.9.2 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI