lundi 1 juin 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

QEMU 4.2.0 hw/scsi/megasas.c megasas_lookup_frame reply_queue_head information disclosure

A vulnerability, which was classified as problematic, has been found in QEMU 4.2.0 (Virtualization Software). Affected by this issue is the function megasas_lookup_frame of the file hw/scsi/megasas.c. There is no information about possible...
Auteur: VulDB

QEMU 4.2.0 hw/audio/es1370.c es1370_transfer_audio memory corruption

A vulnerability classified as critical was found in QEMU 4.2.0 (Virtualization Software). Affected by this vulnerability is the function es1370_transfer_audio of the file hw/audio/es1370.c. There is no information about possible countermeasures...
Auteur: VulDB

Vivotek Network Camera OS Command Injection privilege escalation

A vulnerability classified as critical has been found in Vivotek Network Camera (Network Camera Software). Affected is an unknown functionality. Upgrading to version XXXXX-VVTK-2.2002.xx.01x or XXXXX-VVTK-0XXXX_Beta2 eliminates this vulnerability.
Auteur: VulDB

Vivotek Network Camera Web Service testserver.cgi information disclosure

A vulnerability was found in Vivotek Network Camera (Network Camera Software). It has been rated as problematic. This issue affects an unknown function of the file testserver.cgi of the component Web Service. Upgrading to version...
Auteur: VulDB

CERTFR-2020-AVI-327 : Multiples vulnérabilités dans les produits VMware (29 mai 2020)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-326 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (29 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-325 : [SCADA] Vulnérabilité dans Hirschmann OWL (29 mai 2020)

Une vulnérabilité a été découverte dans Hirschmann OWL. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

Dell Dock Firmware Update Utilities Symlink privilege escalation

A vulnerability was found in Dell Dock Firmware Update Utilities (Firmware Software) (affected version not known). It has been rated as critical. Affected by this issue is some unknown processing. There is no information about possible...
Auteur: VulDB

CMS Made Simple up to 2.2.14 File Picker Profile Name cross site scripting

A vulnerability was found in CMS Made Simple up to 2.2.14 (Content Management System). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component File Picker Profile Name Handler. There is no...
Auteur: VulDB

Netgear R7000 SSL Certificate Validator weak authentication [CVE-2020-13245]

A vulnerability was found in Netgear R7000, R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500 and R7000P (Wireless LAN Software). It has been classified as problematic. Affected is an unknown code...
Auteur: VulDB

Teradici PCoIP Standard Agent/Graphics Agent up to 19.11.1 on Windows Named Pipe pcoip_credential_provider privilege escalation

A vulnerability was found in Teradici PCoIP Standard Agent and Graphics Agent up to 19.11.1 on Windows and classified as critical. This issue affects the function pcoip_credential_provider of the component Named Pipe Handler. There is no...
Auteur: VulDB

Kaminari up to 1.2.0 Pagination Link cross site scripting

A vulnerability has been found in Kaminari up to 1.2.0 and classified as problematic. This vulnerability affects some unknown functionality of the component Pagination Link Handler. Upgrading to version 1.2.1 eliminates this vulnerability.
Auteur: VulDB

node-dns-sync up to 0.2.0 on npm Remote Code Execution [CVE-2020-11079]

A vulnerability, which was classified as critical, was found in node-dns-sync up to 0.2.0 on npm. This affects an unknown functionality. Upgrading to version 0.2.1 eliminates this vulnerability.
Auteur: VulDB

VIM prior 8.1.0881 rvim OS Command Injection privilege escalation

A vulnerability was found in VIM (Word Processing Software). It has been declared as critical. This vulnerability affects some unknown processing of the component rvim. Upgrading to version 8.1.0881 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-324 : Multiples vulnérabilités dans Google Chrome OS (28 mai 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-323 : Multiples vulnérabilités dans GitLab (28 mai 2020)

De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Trend Micro InterScan Web Security Virtual Appliance 6.5 weak authentication

A vulnerability was found in Trend Micro InterScan Web Security Virtual Appliance 6.5 (Anti-Malware Software). It has been classified as critical. This affects an unknown code block. There is no information about possible countermeasures known....
Auteur: VulDB

Trend Micro InterScan Web Security Virtual Appliance 6.5 Remote Code Execution

A vulnerability was found in Trend Micro InterScan Web Security Virtual Appliance 6.5 (Anti-Malware Software) and classified as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

Trend Micro InterScan Web Security Virtual Appliance 6.5 information disclosure

A vulnerability has been found in Trend Micro InterScan Web Security Virtual Appliance 6.5 (Anti-Malware Software) and classified as problematic. Affected by this vulnerability is an unknown part. There is no information about possible...
Auteur: VulDB

Trend Micro InterScan Web Security Virtual Appliance 6.5 Web Interface cross site scripting

A vulnerability, which was classified as problematic, was found in Trend Micro InterScan Web Security Virtual Appliance 6.5 (Anti-Malware Software). Affected is some unknown functionality of the component Web Interface. There is no information...
Auteur: VulDB

Bosch Recording Station Kiosk Mode privilege escalation [CVE-2020-6774]

A vulnerability, which was classified as critical, has been found in Bosch Recording Station (unknown version). This issue affects an unknown functionality of the component Kiosk Mode. There is no information about possible countermeasures known....
Auteur: VulDB

IBM Spectrum Scale up to 5.0.4.4 weak encryption [CVE-2020-4379]

A vulnerability classified as problematic was found in IBM Spectrum Scale up to 5.0.4.4. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

IBM Spectrum Scale up to 5.0.4.4 privilege escalation [CVE-2020-4378]

A vulnerability classified as critical has been found in IBM Spectrum Scale up to 5.0.4.4. This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

IBM Spectrum Scale up to 5.0.4.4 Web UI cross site scripting

A vulnerability was found in IBM Spectrum Scale up to 5.0.4.4. It has been rated as problematic. Affected by this issue is an unknown code block of the component Web UI. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Spectrum Scale up to 5.0.4.4 Error Message information disclosure

A vulnerability was found in IBM Spectrum Scale up to 5.0.4.4. It has been declared as problematic. Affected by this vulnerability is an unknown code of the component Error Message Handler. There is no information about possible countermeasures...
Auteur: VulDB
First6789101112131415Last

Événements SSI