Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco IoT Field Network Director access control [CVE-2020-26077]

A vulnerability has been found in Cisco IoT Field Network Director (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director access control [CVE-2020-26076]

A vulnerability, which was classified as critical, was found in Cisco IoT Field Network Director (the affected version unknown). This affects an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director REST API sql injection [CVE-2020-26075]

A vulnerability, which was classified as critical, has been found in Cisco IoT Field Network Director (affected version not known). Affected by this issue is an unknown part of the component REST API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director SOAP API access control [CVE-2020-26072]

A vulnerability classified as critical was found in Cisco IoT Field Network Director (affected version unknown). Affected by this vulnerability is some unknown functionality of the component SOAP API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco TelePresence Collaboration Endpoint/RoomOS xAPI service authorization

A vulnerability classified as critical has been found in Cisco TelePresence Collaboration Endpoint and RoomOS (Unified Communication Software) (version unknown). Affected is an unknown functionality of the component xAPI service. Upgrading...
Auteur: VulDB

lemocms 1.8.x Uploads.php unrestricted upload

A vulnerability was found in lemocms 1.8.x. It has been rated as critical. This issue affects an unknown function of the file app\admin\controller\sys\Uploads.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

TP-LINK TL-WPA4220 2/3/4 httpd /admin/powerline os command injection

A vulnerability was found in TP-LINK TL-WPA4220 2/3/4 (Router Operating System). It has been declared as critical. This vulnerability affects some unknown processing of the file /admin/powerline of the component httpd. Upgrading to version...
Auteur: VulDB

Schneider Electric Modicon M340 Web Server buffer overflow [CVE-2020-7564]

A vulnerability was found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy (SCADA Software) (the affected version unknown). It has been classified as critical. This affects an unknown code block of the component Web...
Auteur: VulDB

Schneider Electric Modicon M340 Web Server out-of-bounds write

A vulnerability was found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy (SCADA Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code of the component Web...
Auteur: VulDB

Schneider Electric Modicon M340 Web Server out-of-bounds read

A vulnerability has been found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy (SCADA Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown part of the...
Auteur: VulDB

Kamailio up to 5.3.x Whitespace remove_hf protection mechanism failure

A vulnerability, which was classified as critical, was found in Kamailio up to 5.3.x. Affected is the function remove_hf of the component Whitespace Handler. Upgrading to version 5.4.0 eliminates this vulnerability.
Auteur: VulDB

PHPGurukul User Registration & Login/User Management System 2.1 Admin Panel cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul User Registration & Login and User Management System 2.1. This issue affects an unknown functionality of the component Admin Panel. There is no information about...
Auteur: VulDB

view_statistics Extension up to 2.0.0 on TYPO3 missing encryption

A vulnerability classified as problematic was found in view_statistics Extension up to 2.0.0 on TYPO3. This vulnerability affects an unknown function. Upgrading to version 2.0.1 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel up to 5.8.14 fbcon buffer overflow

A vulnerability classified as problematic has been found in Linux Kernel up to 5.8.14 (Operating System). This affects some unknown processing of the component fbcon. Upgrading to version 5.8.15 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

CERTFR-2020-AVI-757 : Multiples vulnérabilités dans IBM Db2 (18 novembre 2020)

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-756 : Multiples vulnérabilités dans Google Chrome (18 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-755 : Multiples vulnérabilités dans les produits Mozilla (18 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox, Mozilla Firefox ESR et Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code...
Auteur: Cert FR

CERTFR-2020-AVI-754 : Vulnérabilité dans le noyaux Linux de SUSE (18 novembre 2020)

Une vulnérabilité a été découverte dans le noyaux Linux de SUSE. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

Kata Containers up to 1.11.4 permission [CVE-2020-28914]

A vulnerability was found in Kata Containers up to 1.11.4 (Virtualization Software). It has been rated as critical. Affected by this issue is an unknown code block. Upgrading to version 1.11.5 eliminates this vulnerability. The upgrade is hosted...
Auteur: VulDB

SourceCodester Water Billing System 1.0 process.php username/password sql injection

A vulnerability was found in SourceCodester Water Billing System 1.0 (Billing Software). It has been declared as critical. Affected by this vulnerability is an unknown code of the file process.php. There is no information about possible...
Auteur: VulDB

SourceCodester Online Clothing Store 1.0 Image Upload Products.php unrestricted upload

A vulnerability was found in SourceCodester Online Clothing Store 1.0. It has been classified as critical. Affected is an unknown part of the file Products.php of the component Image Upload Handler. There is no information about possible...
Auteur: VulDB

SourceCodester Online Clothing Store 1.0 offer.php Offer Detail cross site scripting

A vulnerability was found in SourceCodester Online Clothing Store 1.0 and classified as problematic. This issue affects some unknown functionality of the file offer.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SourceCodester Online Clothing Store 1.0 login.php txtUserName sql injection

A vulnerability has been found in SourceCodester Online Clothing Store 1.0 and classified as critical. This vulnerability affects an unknown functionality of the file login.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SourceCodester Tourism Management System 1.0 admin/create-package.php unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Tourism Management System 1.0. This affects an unknown function of the file admin/create-package.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

SourceCodester Simple Grocery Store Sales and Inventory System 1.0 login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Grocery Store Sales and Inventory System 1.0. Affected by this issue is some unknown processing of the file sales_inventory/login.php. There is no...
Auteur: VulDB
First567891011121314Last

Événements SSI