Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-245 : Multiples vulnérabilités dans le noyau Linux de SUSE (08 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

id-map Crate up to 2021-02-26 on Rust remove_set double free

A vulnerability classified as critical has been found in id-map Crate up to 2021-02-26 on Rust (Rust Package). Affected is the function remove_set. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

id-map Crate up to 2021-02-26 on Rust get_or_insert double free

A vulnerability was found in id-map Crate up to 2021-02-26 on Rust (Rust Package). It has been rated as critical. This issue affects the function get_or_insert. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

id-map Crate up to 2021-02-26 on Rust Clone clone IdMap::clone_from double free

A vulnerability was found in id-map Crate up to 2021-02-26 on Rust (Rust Package). It has been declared as critical. This vulnerability affects the function IdMap::clone_from of the file clone of the component Clone Handler. There is no...
Auteur: VulDB

outer_cgi Crate up to 0.2.0 on Rust KeyValueReader uninitialized pointer

A vulnerability was found in outer_cgi Crate up to 0.2.0 on Rust (Rust Package). It has been classified as problematic. Upgrading to version 0.2.1 eliminates this vulnerability.
Auteur: VulDB

jsrsasign Package up to 10.1.13 on node.js RSA PKCS#1 v1.5 Signature Verification signature verification

A vulnerability was found in jsrsasign Package up to 10.1.13 on node.js (JavaScript Library) and classified as problematic. Affected by this issue is an unknown part of the component RSA PKCS#1 v1.5 Signature Verification Handler. There is no...
Auteur: VulDB

FFmpeg up to 4.3 libavcodec buffer overflow

A vulnerability has been found in FFmpeg up to 4.3 (Multimedia Processing Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component libavcodec. Applying a patch is able to eliminate this...
Auteur: VulDB

Directus up to 8.8.1 Upload Directory unrestricted upload

A vulnerability, which was classified as critical, was found in Directus up to 8.8.1. Affected is an unknown functionality of the component Upload Directory Handler. Upgrading to version 8.8.2 eliminates this vulnerability.
Auteur: VulDB

Eclipse Mosquitto up to 2.0.9 MQTT v5 null pointer dereference

A vulnerability, which was classified as problematic, has been found in Eclipse Mosquitto up to 2.0.9. This issue affects an unknown function of the component MQTT v5 Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Litespeed Technologies OpenLiteSpeed 1.7.8 access control [CVE-2021-26758]

A vulnerability classified as critical was found in Litespeed Technologies OpenLiteSpeed 1.7.8. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Grav Admin Plugin up to 1.10.7 access control [CVE-2021-21425]

A vulnerability classified as critical has been found in Grav Admin Plugin up to 1.10.7. This affects an unknown code block. Upgrading to version 1.10.8 eliminates this vulnerability.
Auteur: VulDB

RELIC PKCS Signature signature verification [CVE-2020-36316]

A vulnerability was found in RELIC (affected version not known). It has been rated as problematic. Affected by this issue is an unknown code of the component PKCS Signature Handler. Upgrading eliminates this vulnerability. Applying a patch is...
Auteur: VulDB

RELIC RSA PKCS Signature certificate validation [CVE-2020-36315]

A vulnerability was found in RELIC (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown part of the component RSA PKCS Signature Handler. Upgrading eliminates this vulnerability. Applying a...
Auteur: VulDB

Wcms 0.3.2 wex/html.php pagename server-side request forgery

A vulnerability was found in Wcms 0.3.2. It has been classified as critical. Affected is some unknown functionality of the file wex/html.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Wcms 0.3.2 wex/cssjs.php path server-side request forgery

A vulnerability was found in Wcms 0.3.2 and classified as critical. This issue affects an unknown functionality of the file wex/cssjs.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Wcms 0.3.2 wex/cssjs.php path pathname traversal

A vulnerability has been found in Wcms 0.3.2 and classified as critical. This vulnerability affects an unknown function of the file wex/cssjs.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Wcms 0.3.2 wex/cssjs.php type cross site scripting

A vulnerability, which was classified as problematic, was found in Wcms 0.3.2. This affects some unknown processing of the file wex/cssjs.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Ps Project Management Team unity-firefox-extension prior 3.0.0+14.04.20140416-0ubuntu1.14.04.1 denial of service

A vulnerability, which was classified as problematic, has been found in Ps Project Management Team unity-firefox-extension (Project Management Software). Affected by this issue is an unknown code block. Upgrading to version...
Auteur: VulDB

Ps Project Management Team unity-firefox-extension prior 3.0.0+14.04.20140416-0ubuntu1.14.04.1 denial of service

A vulnerability classified as problematic was found in Ps Project Management Team unity-firefox-extension (Project Management Software). Affected by this vulnerability is an unknown code. Upgrading to version 3.0.0+14.04.20140416-0ubuntu1.14.04.1...
Auteur: VulDB

Backdoor.Win32.Small.n Service Port 1337 backdoor

A vulnerability classified as very critical has been found in Backdoor.Win32.Small.n (Remote Access Software) (version unknown). Affected is an unknown part of the component Service Port 1337. There is no information about possible...
Auteur: VulDB

Backdoor.Win32.Hupigon.das Service Port 8080 winserv.com backdoor

A vulnerability was found in Backdoor.Win32.Hupigon.das (Remote Access Software) (unknown version). It has been rated as critical. This issue affects some unknown functionality of the file winserv.com of the component Service Port 8080. There is...
Auteur: VulDB

Trojan-Downloader.Win32.Genome.omht C:\wjmd97\ permission

A vulnerability was found in Trojan-Downloader.Win32.Genome.omht (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown functionality of the file C:\wjmd97\. There is no information about...
Auteur: VulDB

Trojan-Downloader.Win32.Genome.qiw C:\tmp permission

A vulnerability was found in Trojan-Downloader.Win32.Genome.qiw (the affected version unknown). It has been classified as critical. This affects an unknown function of the file C:\tmp. There is no information about possible countermeasures known....
Auteur: VulDB

Trojan.Win32.Hotkeychick.d C:\Sniperscan permission

A vulnerability was found in Trojan.Win32.Hotkeychick.d (affected version not known) and classified as critical. Affected by this issue is some unknown processing of the file C:\Sniperscan. There is no information about possible countermeasures...
Auteur: VulDB

Trojan.Win32.Hosts2.yqf C:\mlekaocYUmaae permission

A vulnerability has been found in Trojan.Win32.Hosts2.yqf (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown code block of the file C:\mlekaocYUmaae. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI