Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Cloud Pak for Security 1.4.0.0/1.5.0.0/1.5.0.1/1.6.0.0/1.6.0.1 protection mechanism

A vulnerability has been found in IBM Cloud Pak for Security 1.4.0.0/1.5.0.0/1.5.0.1/1.6.0.0/1.6.0.1 (Cloud Software) and classified as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible...
Auteur: VulDB

DeDeCMS 5.7 SP2 action_search.php keyword cross site scripting

A vulnerability, which was classified as problematic, was found in DeDeCMS 5.7 SP2 (Content Management System). Affected is an unknown function of the file /uploads/dede/action_search.php. There is no information about possible countermeasures...
Auteur: VulDB

Backdoor.Win32.Agent.cy Service Port 1111 Spoolsw.exe hard-coded credentials

A vulnerability, which was classified as critical, has been found in Backdoor.Win32.Agent.cy (Remote Access Software) (unknown version). This issue affects some unknown processing of the file Spoolsw.exe of the component Service Port 1111....
Auteur: VulDB

LAOBANCMS 2.0 unrestricted upload [CVE-2020-18166]

A vulnerability classified as critical was found in LAOBANCMS 2.0. This vulnerability affects an unknown code block of the file admin/wenjian.php?wj=../templets/pc. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Backdoor.Win32.Antilam.14.d Service Port 47891 backdoor

A vulnerability classified as critical has been found in Backdoor.Win32.Antilam.14.d (Remote Access Software) (the affected version unknown). This affects an unknown code of the component Service Port 47891. It is possible to mitigate the...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 decode_padded_raw_op.cc tf.io.decode_raw initialization

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software). It has been rated as critical. Affected by this issue is the function tf.io.decode_raw of the file...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 tf.raw_ops.SdcaOptimizer null pointer dereference

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software). It has been declared as problematic. Affected by this vulnerability is the function tf.raw_ops.SdcaOptimizer. Upgrading to version...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 sparse_dense_binary_op_shared.cc tf.raw_ops.SparseDenseCwiseMul assertion

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software). It has been classified as problematic. Affected is the function tf.raw_ops.SparseDenseCwiseMul of the file...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 quantized_batch_norm_op.cc divide by zero

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software) and classified as problematic. This issue affects the function tf.raw_ops.QuantizedBatchNormWithGlobalNormalization of the file...
Auteur: VulDB

Google TensorFlow up to 2.3.2/2.4.1/2.4.x bincount_op.cc RaggedBincount splits heap-based overflow

A vulnerability has been found in Google TensorFlow up to 2.3.2/2.4.1/2.4.x (Artificial Intelligence Software) and classified as critical. This vulnerability affects the function RaggedBincount of the file core/kernels/bincount_op.cc. Upgrading...
Auteur: VulDB

Google TensorFlow up to 2.3.2/2.4.1/2.4.x bincount_op.cc RaggedBincount splits heap-based overflow

A vulnerability, which was classified as critical, was found in Google TensorFlow up to 2.3.2/2.4.1/2.4.x (Artificial Intelligence Software). This affects the function RaggedBincount of the file core/kernels/bincount_op.cc. Upgrading to version...
Auteur: VulDB

IBM Cloud Pak for Security 1.4.0.0/1.5.0.0/1.5.0.1/1.6.0.0/1.6.0.1 cleartext transmission

A vulnerability, which was classified as problematic, has been found in IBM Cloud Pak for Security 1.4.0.0/1.5.0.0/1.5.0.1/1.6.0.0/1.6.0.1 (Cloud Software). Affected by this issue is an unknown code. There is no information about possible...
Auteur: VulDB

IBM QRadar User Behavior Analytics up to 1.0.0/4.1.0 unknown vulnerability

A vulnerability classified as problematic was found in IBM QRadar User Behavior Analytics up to 1.0.0/4.1.0 (Log Management Software). Affected by this vulnerability is an unknown part. There is no information about possible countermeasures...
Auteur: VulDB

IBM QRadar User Behavior Analytics up to 4.1.0 information exposure

A vulnerability classified as problematic has been found in IBM QRadar User Behavior Analytics up to 4.1.0 (Log Management Software). Affected is some unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Linux Kernel up to 5.1 Block Subsystem blk_mq_free_rqs/blk_cleanup_queue use after free

A vulnerability was found in Linux Kernel up to 5.1 (Operating System). It has been rated as critical. This issue affects the function blk_mq_free_rqs/blk_cleanup_queue of the component Block Subsystem. Upgrading to version 5.2 eliminates this...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 draw_bounding_box_op.cc#L116-L130 out-of-bounds write

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software). It has been declared as critical. This vulnerability affects an unknown function of the file...
Auteur: VulDB

Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 Array Conversion ndarray_tensor.cc type confusion

A vulnerability was found in Google TensorFlow up to 2.1.3/2.2.2/2.3.2/2.4.1 (Artificial Intelligence Software). It has been classified as critical. This affects some unknown processing of the file python/lib/core/ndarray_tensor.cc of the...
Auteur: VulDB

YFCMF 2.3.1 index.php Remote Privilege Escalation

A vulnerability was found in YFCMF 2.3.1 and classified as critical. Affected by this issue is an unknown code block of the file index.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Backdoor.Win32.Agent.oda Service Port 53 aspimgr.exe buffer overflow

A vulnerability has been found in Backdoor.Win32.Agent.oda (Remote Access Software) (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown code of the file aspimgr.exe of the component Service Port 53....
Auteur: VulDB

CERTFR-2021-AVI-383 : Multiples vulnérabilités dans Microsoft Edge (14 mai 2021)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2021-AVI-382 : Vulnérabilité dans MongoDB (14 mai 2021)

Une vulnérabilité a été découverte dans MongoDB. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-381 : Multiples vulnérabilités dans PostgreSQL (14 mai 2021)

De multiples vulnérabilités ont été découvertes dans PostgreSQL. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2021-AVI-380 : Vulnérabilité dans SonicWall Email Security Virtual Appliance (14 mai 2021)

Une vulnérabilité a été découverte dans SonicWall Email Security Virtual Appliance. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2021-AVI-379 : Multiples vulnérabilités dans les produits Qnap (14 mai 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2021-AVI-378 : Multiples vulnérabilités dans WordPress (14 mai 2021)

De multiples vulnérabilités ont été découvertes dans WordPress. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR
First234567891011Last

Événements SSI