Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SerenityOS 2021-03-27 read buffer overflow

A vulnerability classified as critical was found in SerenityOS 2021-03-27. Affected by this vulnerability is the function EndOfCentralDirectory::read. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

Net::Netmask prior 2.0000 on Perl Zero access control

A vulnerability classified as critical has been found in Net::Netmask on Perl. Affected is an unknown functionality of the component Zero Handler. Upgrading to version 2.0000 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Open Container Initiative umoci up to 0.4.6 Image symlink

A vulnerability was found in Open Container Initiative umoci up to 0.4.6 (Virtualization Software). It has been rated as critical. This issue affects an unknown function of the component Image Handler. Upgrading to version 0.4.7 eliminates this...
Auteur: VulDB

SerenityOS LibTextCode buffer overflow [CVE-2021-28874]

A vulnerability was found in SerenityOS (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown processing of the component LibTextCode. Applying the patch...
Auteur: VulDB

Django up to 2.2.19/3.0.13/3.1.7 MultiPartParser pathname traversal

A vulnerability was found in Django up to 2.2.19/3.0.13/3.1.7 (Content Management System). It has been classified as critical. This affects an unknown code block of the component MultiPartParser. Upgrading to version 2.2.20, 3.0.14 or 3.1.8...
Auteur: VulDB

Vangene deltaFlow E-Platform unrestricted upload [CVE-2021-28173]

A vulnerability was found in Vangene deltaFlow E-Platform (affected version not known) and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Vangene deltaFlow E-Platform File Download path traversal [CVE-2021-28172]

A vulnerability has been found in Vangene deltaFlow E-Platform (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown part of the component File Download Handler. There is no information about possible...
Auteur: VulDB

Vangene deltaFlow E-Platform Cookie insufficiently protected credentials

A vulnerability, which was classified as critical, was found in Vangene deltaFlow E-Platform (version unknown). Affected is some unknown functionality of the component Cookie Handler. There is no information about possible countermeasures known....
Auteur: VulDB

CITSmart prior 9.1.2.28 Filtro de Autocomplete unknown vulnerability

A vulnerability, which was classified as problematic, has been found in CITSmart. This issue affects an unknown functionality of the component Filtro de Autocomplete. Upgrading to version 9.1.2.28 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

iKuaiOS 3.4.8 Build 202012291059 information disclosure [CVE-2021-28075]

A vulnerability classified as problematic was found in iKuaiOS 3.4.8 Build 202012291059. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_control_messages.c _parse_options buffer overflow

A vulnerability classified as critical has been found in RIOT-OS up to 2021.01. This affects the function _parse_options of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible countermeasures...
Auteur: VulDB

RIOT-OS up to 2021.01 gnrc_rpl_validation.c gnrc_rpl_validation_options buffer overflow

A vulnerability was found in RIOT-OS up to 2021.01. It has been rated as critical. Affected by this issue is the function gnrc_rpl_validation_options of the file sys/net/gnrc/routing/rpl/gnrc_rpl_validation.c. There is no information about...
Auteur: VulDB

RIOT-OS 2020.01 gnrc_rpl_control_messages.c buffer overflow

A vulnerability was found in RIOT-OS 2020.01. It has been declared as critical. Affected by this vulnerability is an unknown code of the file /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. There is no information about possible...
Auteur: VulDB

SerenityOS ASN.1 DER.h der_decode_sequence buffer overflow

A vulnerability was found in SerenityOS (version unknown). It has been classified as problematic. Affected is the function Crypto::der_decode_sequence in the library /Userland/Libraries/LibCrypto/ASN1/DER.h of the component ASN.1 Handler....
Auteur: VulDB

TimelyBills on iOS/Android JWT Token Storage cleartext storage

A vulnerability was found in TimelyBills on iOS/Android (unknown version) and classified as problematic. This issue affects some unknown functionality of the component JWT Token Storage. There is no information about possible countermeasures...
Auteur: VulDB

Facebook WhatsApp/WhatsApp Business prior 2.21.4.18 on Android Cache Configuration information disclosure

A vulnerability has been found in Facebook WhatsApp and WhatsApp Business on Android (Social Network Software) and classified as problematic. This vulnerability affects an unknown functionality of the component Cache Configuration Handler....
Auteur: VulDB

Facebook WhatsApp/WhatsApp Business on Android/iOS Decoding Pipeline out-of-bounds write

A vulnerability, which was classified as critical, was found in Facebook WhatsApp and WhatsApp Business on Android/iOS (Social Network Software) (the affected version unknown). This affects an unknown function of the component Decoding Pipeline...
Auteur: VulDB

MongoDB Compass up to 1.2.x/1.24.x on Windows privileges management

A vulnerability, which was classified as critical, has been found in MongoDB Compass up to 1.2.x/1.24.x on Windows (Database Software). Affected by this issue is some unknown processing. Upgrading to version 1.3.0 or 1.25.0 eliminates this...
Auteur: VulDB

Union Pay up to 3.3.12 on iOS signature verification [CVE-2020-36285]

A vulnerability classified as critical was found in Union Pay up to 3.3.12 on iOS (iOS App Software). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Union Pay up to 3.4.93.4.9 on Android signature verification

A vulnerability classified as critical has been found in Union Pay up to 3.4.93.4.9 on Android (Android App Software). Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Union Pay up to 1.2.0 Shopping signature verification

A vulnerability was found in Union Pay up to 1.2.0. It has been rated as critical. This issue affects an unknown part of the component Shopping Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Red Hat Enterprise Linux up to 8.3 QEMU out-of-bounds read

A vulnerability was found in Red Hat Enterprise Linux up to 8.3 (Operating System). It has been declared as problematic. This vulnerability affects some unknown functionality of the component QEMU. Applying a patch is able to eliminate this...
Auteur: VulDB

CERTFR-2021-ACT-013 : Bulletin d’actualité CERTFR-2021-ACT-013 (06 avril 2021)

Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas …
Auteur: Cert FR

Redmine up to 4.0.7/4.1.1 Issues API permission

A vulnerability was found in Redmine up to 4.0.7/4.1.1 (Project Management Software). It has been classified as critical. This affects an unknown functionality of the component Issues API. Upgrading to version 4.0.8 or 4.1.2 eliminates this...
Auteur: VulDB

Redmine up to 4.0.7/4.1.1 Project project_id information disclosure

A vulnerability was found in Redmine up to 4.0.7/4.1.1 (Project Management Software) and classified as problematic. Affected by this issue is an unknown function of the component Project Handler. Upgrading to version 4.0.8 or 4.1.2 eliminates...
Auteur: VulDB
First3456789101112Last

Événements SSI