Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-485 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (05 août 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Auteur: Cert FR

DaviewIndy Image File Daview.exe Code Execution memory corruption

A vulnerability was found in DaviewIndy (affected version not known) and classified as critical. Affected by this issue is an unknown functionality of the file Daview.exe of the component Image File Handler. There is no information about possible...
Auteur: VulDB

DaviewIndy Image File Daview.exe Heap-based memory corruption

A vulnerability has been found in DaviewIndy (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function of the file Daview.exe of the component Image File Handler. There is no information about...
Auteur: VulDB

ZoneAlarm Anti-Ransomware prior 1.0.713 Report race condition privilege escalation

A vulnerability, which was classified as critical, was found in ZoneAlarm Anti-Ransomware (Firewall Software). Affected is some unknown processing of the component Report Handler. Upgrading to version 1.0.713 eliminates this vulnerability.
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.6 on Windows Agent File denial of service

A vulnerability, which was classified as problematic, has been found in IBM Spectrum Protect Plus up to 10.1.6 on Windows (Backup Software). This issue affects an unknown code block of the component Agent File Handler. There is no information...
Auteur: VulDB

IBM Jazz Foundation/Engineering Web UI cross site scripting [CVE-2020-4542]

A vulnerability classified as problematic was found in IBM Jazz Foundation and Engineering (Programming Tool Software) (the affected version is unknown). This vulnerability affects an unknown code of the component Web UI. There is no information...
Auteur: VulDB

IBM Jazz Foundation/Engineering Web UI cross site scripting [CVE-2020-4525]

A vulnerability classified as problematic has been found in IBM Jazz Foundation and Engineering (Programming Tool Software) (the affected version unknown). This affects an unknown part of the component Web UI. There is no information about...
Auteur: VulDB

IBM Security Verify Access 10.7 Default Key weak encryption

A vulnerability was found in IBM Security Verify Access 10.7. It has been rated as problematic. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Jazz Foundation/Engineering Attachment HTTP GET Request information disclosure

A vulnerability was found in IBM Jazz Foundation and Engineering (Programming Tool Software) (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Attachment...
Auteur: VulDB

IBM Jazz Foundation/Engineering Web UI cross site scripting [CVE-2020-4396]

A vulnerability was found in IBM Jazz Foundation and Engineering (Programming Tool Software) (version unknown). It has been classified as problematic. Affected is an unknown function of the component Web UI. There is no information about possible...
Auteur: VulDB

Extreme Networks Extreme Management Center prior 8.5.0.169 Extreme Analytics GET Request Reflected cross site scripting

A vulnerability was found in Extreme Networks Extreme Management Center and classified as problematic. This issue affects some unknown processing of the component Extreme Analytics. Upgrading to version 8.5.0.169 eliminates this vulnerability.
Auteur: VulDB

Firecracker 0.20.0/0.21.0/0.21.1 Network Stack Flooding denial of service

A vulnerability has been found in Firecracker 0.20.0/0.21.0/0.21.1 and classified as problematic. This vulnerability affects an unknown code block of the component Network Stack. Upgrading to version 0.20.1 or 0.21.2 eliminates this vulnerability.
Auteur: VulDB

Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23 Project File Uninitialized Memory memory corruption

A vulnerability, which was classified as critical, was found in Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23. This affects an unknown code of the component Project File Handler. There is no information about possible...
Auteur: VulDB

Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23 Project File Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23. Affected by this issue is an unknown part of the component Project File Handler. There is no information about...
Auteur: VulDB

Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23 Project File Stack-based memory corruption

A vulnerability classified as critical was found in Delta Industrial Automation CNCSoft ScreenEditor up to 1.01.23. Affected by this vulnerability is some unknown functionality of the component Project File Handler. There is no information about...
Auteur: VulDB

Swisscom Internet Box 2 Sysbus-API Backdoor privilege escalation

A vulnerability classified as critical has been found in Swisscom Internet Box 2, Internet Box Standard and Internet Box Plus (version unknown). Affected is an unknown functionality of the component Sysbus-API. Upgrading eliminates this...
Auteur: VulDB

ACTi NVR3 Standard Server 3.0.12.42 ActiveMediaServer.exe memory corruption

A vulnerability was found in ACTi NVR3 Standard Server 3.0.12.42. It has been rated as critical. This issue affects an unknown function of the file ActiveMediaServer.exe. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Gantt-Chart Module up to 5.5.4 on Jira Dashboard Persistent cross site scripting

A vulnerability was found in Gantt-Chart Module up to 5.5.4 on Jira (Atlassian Jira App Software). It has been declared as problematic. This vulnerability affects some unknown processing of the component Dashboard. Upgrading to version 5.5.5...
Auteur: VulDB

Gantt-Chart Module up to 5.5.3 on Jira Privilege Check privilege escalation

A vulnerability was found in Gantt-Chart Module up to 5.5.3 on Jira (Atlassian Jira App Software). It has been classified as critical. This affects an unknown code block of the component Privilege Check. Upgrading to version 5.5.4 eliminates this...
Auteur: VulDB

Cohesive Networks VNS3:vpn up to 4.11.0 Administrative Interface Remote Code Execution

A vulnerability was found in Cohesive Networks VNS3:vpn up to 4.11.0 (Network Encryption Software) and classified as critical. Affected by this issue is an unknown code of the component Administrative Interface. Upgrading to version 4.11.1...
Auteur: VulDB

save-server up to 1.04 on npm cross site request forgery [CVE-2020-15135]

A vulnerability has been found in save-server up to 1.04 on npm and classified as problematic. Affected by this vulnerability is an unknown part. Upgrading to version 1.05 eliminates this vulnerability.
Auteur: VulDB

Solidus up to 2.8.5/2.9.5/2.10.1 Parameter privilege escalation

A vulnerability, which was classified as critical, was found in Solidus up to 2.8.5/2.9.5/2.10.1. Affected is some unknown functionality. Upgrading to version 2.8.6, 2.9.6 or 2.10.2 eliminates this vulnerability.
Auteur: VulDB

SoftPerfect RAM Disk 4.1 Driver spvve.sys Request information disclosure

A vulnerability, which was classified as problematic, has been found in SoftPerfect RAM Disk 4.1. This issue affects an unknown functionality in the library spvve.sys of the component Driver. There is no information about possible countermeasures...
Auteur: VulDB

SoftPerfect RAM Disk 4.1 Driver spvve.sys Request denial of service

A vulnerability classified as problematic was found in SoftPerfect RAM Disk 4.1. This vulnerability affects an unknown function in the library spvve.sys of the component Driver. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Ricoh Streamline NX Client Tool/Streamline NX PC Client privilege escalation

A vulnerability classified as critical has been found in Ricoh Streamline NX Client Tool and Streamline NX PC Client (the affected version unknown). This affects some unknown processing. There is no information about possible countermeasures...
Auteur: VulDB
12345678910Last

Événements SSI

Article does not exist or Permission Denied.