Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apport prior 2.20.11-0ubuntu57 Report File denial of service

A vulnerability was found in Apport and classified as problematic. This issue affects an unknown part of the component Report File Handler. Upgrading to version 2.20.11-0ubuntu57 eliminates this vulnerability.
Auteur: VulDB

JerryScript 2.2.0 parser_emit_cbc_backward_branch assertion

A vulnerability has been found in JerryScript 2.2.0 and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

JerryScript 2.2.0 js-parser.c parser_parse_source assertion

A vulnerability, which was classified as critical, was found in JerryScript 2.2.0. This affects the function parser_parse_source of the file js-parser.c. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

QNAP Helpdesk up to 3.0.3 access control [CVE-2021-28814]

A vulnerability, which was classified as critical, has been found in QNAP Helpdesk up to 3.0.3. Affected by this issue is an unknown function. Upgrading to version 3.0.4 eliminates this vulnerability.
Auteur: VulDB

QNAP QSS source code [CVE-2021-28805]

A vulnerability classified as problematic was found in QNAP QSS (affected version unknown). Affected by this vulnerability is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Apport prior 2.20.11-0ubuntu57 /proc/pid/stat get_starttime input validation

A vulnerability classified as critical has been found in Apport. Affected is the function get_starttime of the file /proc/pid/stat. Upgrading to version 2.20.11-0ubuntu57 eliminates this vulnerability.
Auteur: VulDB

Apport prior 2.20.11-0ubuntu57 /proc/pid/status get_pid_info input validation

A vulnerability was found in Apport. It has been rated as critical. This issue affects the function get_pid_info of the file /proc/pid/status. Upgrading to version 2.20.11-0ubuntu57 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2021-AVI-460 : Multiples vulnérabilités dans Citrix Hypervisor (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2021-AVI-459 : Multiples vulnérabilités dans les produits Qnap (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un problème de sécurité non spécifié par l'éditeur et une atteinte à la...
Auteur: Cert FR

CERTFR-2021-AVI-458 : Multiples vulnérabilités dans Nagios XI (11 juin 2021)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2021-AVI-457 : Vulnérabilité dans MongoDB Go Driver (11 juin 2021)

Une vulnérabilité a été découverte dans MongoDB Go Driver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Auteur: Cert FR

Backdoor.Win32.Zombam.gen HTML Web UI cross site scripting

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown part of the component HTML Web UI. Proper firewalling of...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI buffer overflow

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (the affected version unknown). It has been classified as critical. This affects some unknown functionality of the component HTML Web UI. It is possible to mitigate...
Auteur: VulDB

Backdoor.Win32.Zombam.gen HTML Web UI command injection

A vulnerability was found in Backdoor.Win32.Zombam.gen (Remote Access Software) (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the component HTML Web UI. Addressing this...
Auteur: VulDB

NetSetMan Pro up to 4.x Save Log to File Local Privilege Escalation

A vulnerability has been found in NetSetMan Pro up to 4.x and classified as critical. Affected by this vulnerability is an unknown function of the component Save Log to File. Upgrading to version 5.0 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows uncontrolled search path

A vulnerability, which was classified as critical, was found in McAfee Agent up to 5.7.2 on Windows. Affected is some unknown processing. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

McAfee Agent up to 5.7.2 on Windows MA Event Folder privileges management

A vulnerability, which was classified as critical, has been found in McAfee Agent up to 5.7.2 on Windows. This issue affects an unknown code block of the component MA Event Folder. Upgrading to version 5.7.3 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This vulnerability affects an unknown code. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 cross site scripting

A vulnerability classified as problematic has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software). This affects an unknown part. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Irzip 0.631 stream.c lzma_decompress_buf use after free

A vulnerability was found in Irzip 0.631. It has been rated as problematic. Affected by this issue is the function lzma_decompress_buf of the file stream.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

F5 BIG-IP APM/BIG-IP APM Clients Windows Installer Service permission

A vulnerability was found in F5 BIG-IP APM and BIG-IP APM Clients (Firewall Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Windows Installer...
Auteur: VulDB

MongoDB Go Driver up to 1.5.0 BSON injection

A vulnerability was found in MongoDB Go Driver up to 1.5.0 (Database Software). It has been classified as critical. Affected is an unknown function of the component BSON Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24671]

A vulnerability was found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This issue affects some unknown processing. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

Trace Financial CRESTBridge up to 6.3.0.01 sql injection [CVE-2020-24667]

A vulnerability has been found in Trace Financial CRESTBridge up to 6.3.0.01 (Financial Software) and classified as critical. This vulnerability affects an unknown code block. Upgrading to version 6.3.0.03 eliminates this vulnerability.
Auteur: VulDB

XScreenSaver 5.45 Video Output update_screen_layout buffer overflow

A vulnerability, which was classified as critical, was found in XScreenSaver 5.45. This affects the function update_screen_layout of the component Video Output Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First3456789101112Last

Événements SSI