Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Sokrates SOWA SowaSQL up to 5.6.1 OPAC sowacgi.php typ cross site scripting

A vulnerability classified as problematic has been found in Sokrates SOWA SowaSQL up to 5.6.1. Affected is an unknown function of the file sowacgi.php of the component OPAC. Upgrading to version 5.6.2 eliminates this vulnerability.
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator code download

A vulnerability was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (unknown version). It has been rated as problematic. This issue affects some unknown processing of the component PLC Simulator. There is no information...
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator excessive authentication

A vulnerability was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown code block of the component PLC Simulator....
Auteur: VulDB

EcoStruxure Control Expert PLC Simulator authorization [CVE-2020-28211]

A vulnerability was found in EcoStruxure Control Expert (the affected version unknown). It has been classified as critical. This affects an unknown code of the component PLC Simulator. There is no information about possible countermeasures known....
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebStation up to 3.1 Web Page Generation cross site scripting

A vulnerability was found in Schneider Electric EcoStruxure Building Operation WebStation up to 3.1 (SCADA Software) and classified as problematic. Affected by this issue is an unknown part of the component Web Page Generation Handler. There is...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation Enterprise Server Installer unquoted search path

A vulnerability has been found in Schneider Electric EcoStruxure Building Operation Enterprise Server Installer and EcoStruxure Enterprise Central Installer up to 3.1 on Windows (SCADA Software) and classified as critical. Affected by this...
Auteur: VulDB

Pritunl Electron Client up to 1.2.2550.20 access control [CVE-2020-25989]

A vulnerability, which was classified as critical, was found in Pritunl Electron Client up to 1.2.2550.20. Affected is an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

OpenWrt up to 18.06.8/19.07.4 libuci file.c uci_parse_package use after free

A vulnerability, which was classified as critical, has been found in OpenWrt up to 18.06.8/19.07.4. This issue affects the function uci_parse_package of the file file.c of the component libuci. Upgrading to version 18.06.9 or 19.07.5 eliminates...
Auteur: VulDB

Archive_Tar up to 1.4.10 Filename unknown vulnerability [CVE-2020-28949]

A vulnerability classified as critical was found in Archive_Tar up to 1.4.10. This vulnerability affects some unknown processing of the component Filename Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Archive_Tar up to 1.4.10 PHAR deserialization

A vulnerability classified as critical has been found in Archive_Tar up to 1.4.10. This affects an unknown code block of the component PHAR Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Linux Kernel up to 5.9.9 Speakup Driver spk_ttyio.c denial of service

A vulnerability was found in Linux Kernel up to 5.9.9 (Operating System). It has been rated as problematic. Affected by this issue is an unknown code of the file drivers/accessibility/speakup/spk_ttyio.c of the component Speakup Driver. Applying...
Auteur: VulDB

Rclone up to 1.53.2 entropy [CVE-2020-28924]

A vulnerability was found in Rclone up to 1.53.2. It has been declared as problematic. Affected by this vulnerability is an unknown part. Upgrading to version 1.53.3 eliminates this vulnerability.
Auteur: VulDB

ZTE ZXHN Z500/ZXHN F670L Rule Configuration tamper input validation

A vulnerability was found in ZTE ZXHN Z500 and ZXHN F670L (version unknown). It has been classified as problematic. Affected is some unknown functionality of the component Rule Configuration Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

MISP 2.4.134 Template Element id cross site scripting

A vulnerability was found in MISP 2.4.134 and classified as problematic. This issue affects an unknown functionality of the component Template Element Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

PrimeKey EJBCA up to 7.4.2 EJBCA Enrollment improper authorization

A vulnerability has been found in PrimeKey EJBCA up to 7.4.2 and classified as critical. This vulnerability affects an unknown function of the component EJBCA Enrollment. Upgrading to version 7.4.3 eliminates this vulnerability.
Auteur: VulDB

Moodle up to 3.7.7/3.8.4/3.9.1 Participants Table Download insertion of sensitive information into sent data

A vulnerability, which was classified as problematic, was found in Moodle up to 3.7.7/3.8.4/3.9.1 (Learning Management Software). This affects some unknown processing of the component Participants Table Download. Upgrading to version 3.9.3,...
Auteur: VulDB

Moodle up to 3.9.0/3.9.1/3.9.2 cross site scripting [CVE-2020-25702]

A vulnerability, which was classified as problematic, has been found in Moodle up to 3.9.0/3.9.1/3.9.2 (Learning Management Software). Affected by this issue is an unknown code block. There is no information about possible countermeasures known....
Auteur: VulDB

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Upload Course Tool access control

A vulnerability classified as critical was found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). Affected by this vulnerability is an unknown code of the component Upload Course Tool. Upgrading to version 3.9.3, 3.8.6,...
Auteur: VulDB

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Database Module Web Service sql injection

A vulnerability classified as critical has been found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). Affected is an unknown part of the component Database Module Web Service. Upgrading to version 3.8.6, 3.7.9, 3.5.15 or...
Auteur: VulDB

Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 Capability Check access control

A vulnerability was found in Moodle up to 3.5.14/3.7.8/3.8.5/3.9.2 (Learning Management Software). It has been rated as critical. This issue affects some unknown functionality of the component Capability Check. Upgrading to version 3.9.3, 3.8.6,...
Auteur: VulDB

Moodle up to 3.5.143.7.8/3.8.5/3.9.2 User Enrollment access control

A vulnerability was found in Moodle up to 3.5.143.7.8/3.8.5/3.9.2 (Learning Management Software). It has been declared as critical. This vulnerability affects an unknown functionality of the component User Enrollment. Upgrading to version 3.9.3,...
Auteur: VulDB

YzmCMS 5.5 Editor cross site scripting

A vulnerability was found in YzmCMS 5.5. It has been classified as problematic. This affects an unknown function of the component Editor. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

TwinCAT XAR 3.1 TcSysUI.exe default permission

A vulnerability was found in TwinCAT XAR 3.1 and classified as critical. Affected by this issue is some unknown processing of the file TcSysUI.exe. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Endress+Hauser Ecograph T 2.0.0 information disclosure [CVE-2020-12496]

A vulnerability has been found in Endress+Hauser Ecograph T 2.0.0 and classified as problematic. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Endress+Hauser Ecograph T up to 1.x Web-based User Interface Neutral/Private privileges management

A vulnerability, which was classified as critical, was found in Endress+Hauser Ecograph T up to 1.x. Affected is an unknown code of the file Neutral/Private of the component Web-based User Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB
First78910111213141516Last

Événements SSI