Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SAP NetWeaver AS JAVA File cross site scripting [CVE-2021-27601]

A vulnerability has been found in SAP NetWeaver AS JAVA (Solution Stack Software) (affected version unknown) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component File Handler. There is no...
Auteur: VulDB

SAP Manufacturing Execution 15.1/15.2/15.3/15.4 HTTP Parameter cross site scripting

A vulnerability, which was classified as problematic, was found in SAP Manufacturing Execution 15.1/15.2/15.3/15.4. Affected is an unknown functionality of the component HTTP Parameter Handler. There is no information about possible...
Auteur: VulDB

CERTFR-2021-AVI-254 : Multiples vulnérabilités dans les produits IBM (14 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

SAP NetWeaver AS JAVA 7.31/7.40/7.50 Servlet access control

A vulnerability, which was classified as critical, has been found in SAP NetWeaver AS JAVA 7.31/7.40/7.50 (Solution Stack Software). This issue affects an unknown function of the component Servlet Handler. There is no information about possible...
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 Packet meta_driver_srv.js coverterCheckList code injection

A vulnerability classified as very critical was found in Eaton Intelligent Power Manager up to 1.68. This vulnerability affects the function coverterCheckList of the file meta_driver_srv.js of the component Packet Handler. Upgrading to version...
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 File Upload maps_srv.js uploadBackgroud unrestricted upload

A vulnerability classified as critical has been found in Eaton Intelligent Power Manager up to 1.68. This affects the function uploadBackgroud of the file maps_srv.js of the component File Upload Handler. Upgrading to version 1.69 eliminates this...
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 meta_driver_srv.js saveDriverData driverID input validation

A vulnerability was found in Eaton Intelligent Power Manager up to 1.68. It has been rated as critical. Affected by this issue is the function saveDriverData of the file meta_driver_srv.js. Upgrading to version 1.69 eliminates this vulnerability.
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 Packet server/maps_srv.js removeBackground input validation

A vulnerability was found in Eaton Intelligent Power Manager up to 1.68. It has been declared as critical. Affected by this vulnerability is the function removeBackground of the file server/maps_srv.js of the component Packet Handler. Upgrading...
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 Code Syntax scripts/libs/utils.js loadUserFile code injection

A vulnerability was found in Eaton Intelligent Power Manager up to 1.68. It has been classified as critical. Affected is the function loadUserFile in the library scripts/libs/utils.js of the component Code Syntax Handler. Upgrading to version...
Auteur: VulDB

Eaton Intelligent Power Manager up to 1.68 Packet sql injection

A vulnerability was found in Eaton Intelligent Power Manager up to 1.68 and classified as critical. This issue affects an unknown functionality of the component Packet Handler. Upgrading to version 1.69 eliminates this vulnerability.
Auteur: VulDB

Schneider Electric C-Bus Toolkit up to 1.15.7 Project Restore path traversal

A vulnerability has been found in Schneider Electric C-Bus Toolkit up to 1.15.7 (SCADA Software) and classified as critical. This vulnerability affects an unknown function of the component Project Restore Handler. There is no information about...
Auteur: VulDB

Schneider Electric C-Bus Toolkit up to 1.15.7 File Upload path traversal

A vulnerability, which was classified as critical, was found in Schneider Electric C-Bus Toolkit up to 1.15.7 (SCADA Software). This affects some unknown processing of the component File Upload Handler. There is no information about possible...
Auteur: VulDB

Schneider Electric C-Bus Toolkit up to 1.15.7 Project File Restore path traversal

A vulnerability, which was classified as critical, has been found in Schneider Electric C-Bus Toolkit up to 1.15.7 (SCADA Software). Affected by this issue is an unknown code block of the component Project File Restore Handler. There is no...
Auteur: VulDB

Schneider Electric C-Bus Toolkit up to 1.15.7 Config File path traversal

A vulnerability classified as critical was found in Schneider Electric C-Bus Toolkit up to 1.15.7 (SCADA Software). Affected by this vulnerability is an unknown code of the component Config File Handler. There is no information about possible...
Auteur: VulDB

Schneider Electric C-Bus Toolkit up to 1.15.7 privileges management

A vulnerability classified as critical has been found in Schneider Electric C-Bus Toolkit up to 1.15.7 (SCADA Software). Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

AccuSoft ImageGear 19.8 JPG File out-of-bounds write

A vulnerability was found in AccuSoft ImageGear 19.8. It has been rated as critical. This issue affects some unknown functionality of the component JPG File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SAP NetWeaver Application Server Java 7.10 up to 7.50 authentication spoofing

A vulnerability was found in SAP NetWeaver Application Server Java 7.10 up to 7.50 (Application Server Software). It has been declared as critical. This vulnerability affects an unknown functionality. There is no information about possible...
Auteur: VulDB

SAP NetWeaver Application Server for Java NTLM Hash information disclosure

A vulnerability was found in SAP NetWeaver Application Server for Java (Application Server Software) (the affected version unknown). It has been classified as problematic. This affects an unknown function of the component NTLM Hash Handler. There...
Auteur: VulDB

SAP Solution Manager 720 information disclosure [CVE-2021-21483]

A vulnerability was found in SAP Solution Manager 720 and classified as problematic. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

SAP NetWeaver Master Data Management 710/710.750 information disclosure

A vulnerability has been found in SAP NetWeaver Master Data Management 710/710.750 (Solution Stack Software) and classified as problematic. Affected by this vulnerability is an unknown code block. There is no information about possible...
Auteur: VulDB

CERTFR-2021-AVI-253 : [SCADA] Multiples vulnérabilités dans les produits Schneider Electric (14 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

Google Android 8.1/9.0/10.0/11.0 CryptoPlugin.cpp decrypt_1_2 out-of-bounds read

A vulnerability, which was classified as problematic, was found in Google Android 8.1/9.0/10.0/11.0 (Smartphone Operating System). Affected is the function decrypt_1_2 of the file CryptoPlugin.cpp. Applying a patch is able to eliminate this...
Auteur: VulDB

Google Android LK Local Privilege Escalation [CVE-2021-0468]

A vulnerability, which was classified as problematic, has been found in Google Android (Smartphone Operating System) (unknown version). This issue affects an unknown part of the component LK. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 11.0 ImportVCardActivity improper restriction of rendered ui layers

A vulnerability classified as problematic was found in Google Android 11.0 (Smartphone Operating System). This vulnerability affects the function ImportVCardActivity. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 9.0/11.0 WelcomeActivity.java start Local Privilege Escalation

A vulnerability classified as problematic has been found in Google Android 9.0/11.0 (Smartphone Operating System). This affects the function start of the file WelcomeActivity.java. Applying a patch is able to eliminate this problem.
Auteur: VulDB
First891011121314151617Last

Événements SSI