Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-371 : Multiples vulnérabilités dans le noyau Linux de Red Hat (14 mai 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

Elastic App Search 7.11.x App Search Web Crawler xml external entity reference

A vulnerability was found in Elastic App Search 7.11.x and classified as problematic. Affected by this issue is an unknown functionality of the component App Search Web Crawler. Upgrading to version 7.12.0 eliminates this vulnerability. The...
Auteur: VulDB

Prosody up to 0.11.8 TLS Renegotiation Request resource consumption

A vulnerability has been found in Prosody up to 0.11.8 and classified as problematic. Affected by this vulnerability is an unknown function of the component TLS Renegotiation Request Handler. Upgrading to version 0.11.9 eliminates this...
Auteur: VulDB

Exiv2 up to 0.27.3 Metadata uninitialized resource

A vulnerability, which was classified as critical, was found in Exiv2 up to 0.27.3 (Image Processing Software). Affected is some unknown processing of the component Metadata Handler. Upgrading to version 0.27.4 eliminates this vulnerability....
Auteur: VulDB

Omron CX-One/CX-Server stack-based overflow [CVE-2021-27413]

A vulnerability, which was classified as critical, has been found in Omron CX-One and CX-Server (unknown version). This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Logstash up to 6.8.15/7.11.x certificate validation [CVE-2021-22138]

A vulnerability classified as critical was found in Logstash up to 6.8.15/7.11.x. This vulnerability affects an unknown code. Upgrading to version 6.8.15 or 7.12.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

QEMU up to 4.2.0on on aarch64 ARM Generic Interrupt Controller Emulator out-of-bounds write

A vulnerability classified as critical has been found in QEMU up to 4.2.0on on aarch64 (Virtualization Software). This affects an unknown part of the component ARM Generic Interrupt Controller Emulator. There is no information about possible...
Auteur: VulDB

QEMU up to 5.2.0 9pfs Server use after free

A vulnerability was found in QEMU up to 5.2.0 (Virtualization Software). It has been rated as critical. Affected by this issue is some unknown functionality of the component 9pfs Server. There is no information about possible countermeasures...
Auteur: VulDB

ILIAS up to 5.3.18/5.4.9 Personal Data Import file inclusion

A vulnerability was found in ILIAS up to 5.3.18/5.4.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Personal Data Import. Upgrading to version 5.3.19, 5.4.10 or 6.0 eliminates this...
Auteur: VulDB

Aurelia Framework 1.x html-sanitizer.ts HTMLSanitizer cross site scripting

A vulnerability was found in Aurelia Framework 1.x. It has been classified as problematic. Affected is the function HTMLSanitizer of the file html-sanitizer.ts. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

Prosody up to 0.11.8 proxy65 access control

A vulnerability was found in Prosody up to 0.11.8 and classified as critical. This issue affects some unknown processing of the component proxy65. Upgrading to version 0.11.9 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Bitcoin Core 0.12.0/0.21.1 BIP125 Replacement Policy denial of service

A vulnerability has been found in Bitcoin Core 0.12.0/0.21.1 and classified as problematic. This vulnerability affects an unknown code block of the component BIP125 Replacement Policy. There is no information about possible countermeasures known....
Auteur: VulDB

Prosody up to 0.11.8 Lua timing discrepancy

A vulnerability, which was classified as problematic, was found in Prosody up to 0.11.8. This affects an unknown code of the component Lua. Upgrading to version 0.11.9 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

GraphHopper up to 2.3/3.0 Regular Expression resource consumption

A vulnerability, which was classified as problematic, has been found in GraphHopper up to 2.3/3.0. Affected by this issue is an unknown part of the component Regular Expression Handler. Upgrading to version 2.4 or 3.0 eliminates this...
Auteur: VulDB

Kibana up to 7.12.0 Webhook Action resource consumption

A vulnerability classified as problematic was found in Kibana up to 7.12.0. Affected by this vulnerability is some unknown functionality of the component Webhook Action Handler. Upgrading to version 7.12.1 eliminates this vulnerability.
Auteur: VulDB

Elasticsearch up to 6.8.14/7.11.1 Field Level Security information disclosure

A vulnerability classified as problematic has been found in Elasticsearch up to 6.8.14/7.11.1. Affected is an unknown functionality of the component Field Level Security. Upgrading to version 6.8.15 or 7.11.2 eliminates this vulnerability.
Auteur: VulDB

Kibana up to 6.8.14/7.11.x Session Timeout session expiration

A vulnerability was found in Kibana up to 6.8.14/7.11.x. It has been rated as problematic. This issue affects an unknown function of the component Session Timeout Handler. Upgrading to version 6.8.15 or 7.12.0 eliminates this vulnerability.
Auteur: VulDB

Elasticsearch up to 6.8.14/7.11.1 Suggester/Profile API information disclosure

A vulnerability was found in Elasticsearch up to 6.8.14/7.11.1. It has been declared as problematic. This vulnerability affects some unknown processing of the component Suggester/Profile API. Upgrading to version 6.8.15 or 7.11.2 eliminates this...
Auteur: VulDB

ILIAS up to 5.3.18/5.4.11 Workspace Upload information disclosure

A vulnerability was found in ILIAS up to 5.3.18/5.4.11. It has been classified as problematic. This affects an unknown code block of the component Workspace Upload Handler. Upgrading to version 5.3.19, 5.4.12 or 6.0 eliminates this vulnerability....
Auteur: VulDB

Prosody up to 0.11.8 Server-to-Server Authentication dialback_without_dialback certificate validation

A vulnerability was found in Prosody up to 0.11.8 and classified as critical. Affected by this issue is the function dialback_without_dialback of the component Server-to-Server Authentication. Upgrading to version 0.11.9 eliminates this...
Auteur: VulDB

Prosody up to 0.11.8 Lua resource consumption

A vulnerability has been found in Prosody up to 0.11.8 and classified as problematic. Affected by this vulnerability is an unknown part of the component Lua. Upgrading to version 0.11.9 eliminates this vulnerability. The upgrade is hosted for...
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 HERMES 2.1 RemoteDiagnosisApp out-of-bounds read

A vulnerability, which was classified as problematic, was found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). Affected is the function RemoteDiagnosisApp of the component HERMES 2.1. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 HERMES 2.1 Local Privilege Escalation

A vulnerability, which was classified as critical, has been found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This issue affects an unknown functionality of the component HERMES 2.1. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 Headunit NTG6 MultiSvSetAttributes type confusion

A vulnerability classified as problematic was found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This vulnerability affects the function MultiSvSetAttributes of the component Headunit NTG6. Upgrading eliminates this vulnerability.
Auteur: VulDB

Daimler Mercedes MBUX up to 2021 Headunit NTG6 MultiSvGet/GetAttributes/MultiSvSet Local Privilege Escalation

A vulnerability classified as problematic has been found in Daimler Mercedes MBUX up to 2021 (Vehicle Software). This affects the function MultiSvGet/GetAttributes/MultiSvSet of the component Headunit NTG6. Upgrading eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI