Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

QNAP QSS source code [CVE-2021-28805]

A vulnerability classified as problematic was found in QNAP QSS (affected version unknown). Affected by this vulnerability is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Apport prior 2.20.11-0ubuntu57 /proc/pid/stat get_starttime input validation

A vulnerability classified as critical has been found in Apport. Affected is the function get_starttime of the file /proc/pid/stat. Upgrading to version 2.20.11-0ubuntu57 eliminates this vulnerability.
Auteur: VulDB

Apport prior 2.20.11-0ubuntu57 /proc/pid/status get_pid_info input validation

A vulnerability was found in Apport. It has been rated as critical. This issue affects the function get_pid_info of the file /proc/pid/status. Upgrading to version 2.20.11-0ubuntu57 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-460 : Multiples vulnérabilités dans Citrix Hypervisor (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2021-AVI-459 : Multiples vulnérabilités dans les produits Qnap (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un problème de sécurité non spécifié par l'éditeur et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-458 : Multiples vulnérabilités dans Nagios XI (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-457 : Vulnérabilité dans MongoDB Go Driver (11 juin 2021)

Une vulnérabilité a été découverte dans MongoDB Go Driver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Auteur: Cert FR

Backdoor.Win32.Zombam.gen HTML Web UI cross site scripting

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown part of the component HTML Web UI. Proper firewalling of...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI buffer overflow

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version unknown). It has been classified as critical. This affects some unknown functionality of the component HTML Web UI. It is possible to mitigate...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI command injection

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the component HTML Web UI. Addressing this...
Auteur: VulDB

NetSetMan Pro up to 4.x Save Log to File Local Privilege Escalation

A vulnerability has been found in NetSetMan Pro up to 4.x and classified as critical. Affected by this vulnerability is an unknown function of the component Save Log to File. Upgrading to version 5.0 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows uncontrolled search path

A vulnerability, which was classified as critical, was found in McAfee Agent up to 5.7.2 on Windows. Affected is some unknown processing. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows MA Event Folder privileges management

A vulnerability, which was classified as critical, has been found in McAfee Agent up to 5.7.2 on Windows. This issue affects an unknown code block of the component MA Event Folder. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This vulnerability affects an unknown code. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This affects an unknown part. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Irzip 0.631 stream.c lzma_decompress_buf use after free

A vulnerability was found in Irzip 0.631. It has been rated as problematic. Affected by this issue is the function lzma_decompress_buf of the file stream.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission

A vulnerability was found in F5 BIG-IP APM and BIG-IP APM Clients (Firewall Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Windows Installer...
Auteur: VulDB

MongoDB Go Driver up to 1.5.0 BSON injection

A vulnerability was found in MongoDB Go Driver up to 1.5.0 (Database Software). It has been classified as critical. Affected is an unknown function of the component BSON Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24671]

A vulnerability was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This issue affects some unknown processing. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24667]

A vulnerability has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This vulnerability affects an unknown code block. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

XScreenSaver 5.45 Video Output update_screen_layout buffer overflow

A vulnerability, which was classified as critical, was found in XScreenSaver 5.45. This affects the function update_screen_layout of the component Video Output Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

LabCup up to 6.3.0.02 Save API improper authentication

A vulnerability, which was classified as critical, has been found in LabCup up to 6.3.0.02. Affected by this issue is an unknown part of the component Save API. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Irzip 0.631 stream.c ucompthread null pointer dereference

A vulnerability classified as problematic was found in Irzip 0.631. Affected by this vulnerability is the function ucompthread of the file stream.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Irzip 0.621 stream.c lzo_decompress_buf null pointer dereference

A vulnerability classified as problematic has been found in Irzip 0.621. Affected is the function lzo_decompress_buf of the file stream.c. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Kiuwan Plugin up to 1.6.0 on Jenkins Query Parameter cross site scripting

A vulnerability was found in Kiuwan Plugin up to 1.6.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. This issue affects an unknown function of the component Query Parameter Handler. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI