Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel up to 5.6 KVM Subsystem arch/s390/kvm/kvm-s390.c unknown vulnerability

A vulnerability has been found in Linux Kernel up to 5.6 (Operating System) and classified as problematic. This vulnerability affects some unknown functionality of the file arch/s390/kvm/kvm-s390.c of the component KVM Subsystem. Upgrading to...
Auteur: VulDB

Linux Kernel up to 5.8.9 virt/kvm/kvm_main.c kvm_io_bus_unregister_dev memory leak

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.8.9 (Operating System). This affects the function kvm_io_bus_unregister_dev of the file virt/kvm/kvm_main.c. Upgrading to version 5.8.10 eliminates this...
Auteur: VulDB

Linux Kernel up to 5.8 SEV VM arch/x86/kvm/svm/sev.c denial of service

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.8 (Operating System). Affected by this issue is an unknown function of the file arch/x86/kvm/svm/sev.c of the component SEV VM Handler. Upgrading to...
Auteur: VulDB

Linux Kernel up to 5.7 arch/x86/kvm/svm/svm.c set_memory_region_test infinite loop

A vulnerability classified as problematic was found in Linux Kernel up to 5.7 (Operating System). Affected by this vulnerability is the function set_memory_region_test of the file arch/x86/kvm/svm/svm.c. Upgrading to version 5.8 eliminates this...
Auteur: VulDB

CERTFR-2021-AVI-244 : Multiples vulnérabilités dans les produits Fortinet (07 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-243 : Vulnérabilité dans MongoDB Compass (07 avril 2021)

Une vulnérabilité a été découverte dans MongoDB Compass. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-242 : Multiples vulnérabilités dans le noyau Linux de Red Hat (07 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-241 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (07 avril 2021)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Auteur: Cert FR

Proofpoint Insider Threat Management Server up to 7.11.0 Web Console improper authorization

A vulnerability classified as critical has been found in Proofpoint Insider Threat Management Server up to 7.11.0. Affected is an unknown code block of the component Web Console. Upgrading to version 7.11.1 eliminates this vulnerability.
Auteur: VulDB

Proofpoint Insider Threat Management Agents up to 7.11.0 on macOS/Linux channel accessible

A vulnerability was found in Proofpoint Insider Threat Management Agents up to 7.11.0 on macOS/Linux. It has been rated as critical. This issue affects an unknown code. Upgrading to version 7.11.1 eliminates this vulnerability.
Auteur: VulDB

Teradici PCoIP Connection Manager and Security Gateway prior 21.01.3 log file

A vulnerability was found in Teradici PCoIP Connection Manager and Security Gateway. It has been declared as problematic. This vulnerability affects an unknown part. Upgrading to version 21.01.3 eliminates this vulnerability.
Auteur: VulDB

Proofpoint Insider Threat Management Server up to 7.10 Web Console xml external entity reference

A vulnerability was found in Proofpoint Insider Threat Management Server up to 7.10. It has been classified as critical. This affects some unknown functionality of the component Web Console. Upgrading to version 7.11 eliminates this vulnerability.
Auteur: VulDB

Proofpoint Insider Threat Management Server up to 7.11.0 cross site scripting

A vulnerability was found in Proofpoint Insider Threat Management Server up to 7.11.0 and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 7.11.1 eliminates this vulnerability.
Auteur: VulDB

projen Project Configuration Remote Privilege Escalation [CVE-2021-21423]

A vulnerability has been found in projen (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function of the component Project Configuration Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

Syncthing up to 1.14.x Relay Messages denial of service

A vulnerability, which was classified as problematic, was found in Syncthing up to 1.14.x. Affected is some unknown processing of the component Relay Messages Handler. Upgrading to version 1.15.0 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

ngx_http_lua_module up to 0.10.15 API an unknown vulnerability

A vulnerability, which was classified as problematic, has been found in ngx_http_lua_module up to 0.10.15. This issue affects an unknown code block of the component API. Upgrading to version 0.10.16 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

OpenIAM up to 4.2.0.2 /webconsole/rest/api/ permission

A vulnerability classified as critical was found in OpenIAM up to 4.2.0.2. This vulnerability affects an unknown code of the file /webconsole/rest/api/. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 access control [CVE-2020-13421]

A vulnerability classified as critical has been found in OpenIAM up to 4.2.0.2. This affects an unknown part. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Groovy Script Remote Privilege Escalation

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Groovy Script Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Batch pathname traversal

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Batch Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

OpenIAM up to 4.2.0.2 Add New User cross site scripting

A vulnerability was found in OpenIAM up to 4.2.0.2. It has been classified as problematic. Affected is an unknown function of the component Add New User Handler. Upgrading to version 4.2.0.3 eliminates this vulnerability.
Auteur: VulDB

Seafile 7.0.5 Share of Library cross site scripting

A vulnerability was found in Seafile 7.0.5 and classified as problematic. This issue affects some unknown processing of the component Share of Library. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

LiquidFiles up to 3.4.15 Send Email cross site scripting

A vulnerability has been found in LiquidFiles up to 3.4.15 and classified as problematic. This vulnerability affects an unknown code block of the component Send Email Handler. Upgrading to version 3.5 eliminates this vulnerability.
Auteur: VulDB

phpseclib up to 2.0.30/3.0.6 RSA PKCS#1 v1.5 Signature Verification signature verification

A vulnerability, which was classified as problematic, was found in phpseclib up to 2.0.30/3.0.6. This affects an unknown code of the component RSA PKCS#1 v1.5 Signature Verification Handler. Upgrading to version 2.0.31 or 3.0.7 eliminates this...
Auteur: VulDB

VIGRA Computer Vision Library 1-11-1 File impex.hxx read_image_band denial of service

A vulnerability, which was classified as problematic, has been found in VIGRA Computer Vision Library 1-11-1 (Software Library). Affected by this issue is the function read_image_band of the file impex.hxx of the component File Handler. There is...
Auteur: VulDB
First234567891011Last

Événements SSI