lundi 27 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco SD-WAN Solution WebUI Parameter command injection

A vulnerability was found in Cisco SD-WAN Solution (the affected version unknown). It has been classified as critical. This affects an unknown code block of the component WebUI. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN Solution Web Interface sql injection [CVE-2019-12619]

A vulnerability was found in Cisco SD-WAN Solution (affected version not known) and classified as critical. Affected by this issue is an unknown code of the component Web Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

AMD ATIDXX64.DLL Pixel Shader Type Confusion privilege escalation

A vulnerability has been found in AMD ATIDXX64.DLL 26.20.13031.10003/26.20.13031.15006/26.20.13031.18002 and classified as critical. Affected by this vulnerability is an unknown part of the component Pixel Shader. There is no information about...
Auteur: VulDB

AMD ATIDXX64.DLL 26.20.13003.1007 Pixel Shader Out-of-Bounds denial of service

A vulnerability, which was classified as problematic, was found in AMD ATIDXX64.DLL 26.20.13003.1007. Affected is some unknown functionality of the component Pixel Shader. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

AMD ATIDXX64.DLL 26.20.13025.10004 Pixel Shader Out-of-Bounds denial of service

A vulnerability, which was classified as problematic, has been found in AMD ATIDXX64.DLL 26.20.13025.10004. This issue affects an unknown functionality of the component Pixel Shader. There is no information about possible countermeasures known....
Auteur: VulDB

AMD ATIDXX64.DLL 26.20.13001.50005 Pixel Shader Out-of-Bounds denial of service

A vulnerability classified as problematic was found in AMD ATIDXX64.DLL 26.20.13001.50005. This vulnerability affects an unknown function of the component Pixel Shader. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Mirumee Saleor up to 2.9.0 Access Control privilege escalation

A vulnerability classified as critical has been found in Mirumee Saleor up to 2.9.0. This affects some unknown processing of the component Access Control. Upgrading to version 2.9.1 eliminates this vulnerability.
Auteur: VulDB

Cryptacular 1.2.3 Decode CiphertextHeader.java Header denial of service

A vulnerability was found in Cryptacular 1.2.3. It has been rated as problematic. Affected by this issue is an unknown code block of the file CiphertextHeader.java of the component Decode Handler. There is no information about possible...
Auteur: VulDB

CODESYS Control V3/HMI V3 prior 3.5.15.30 denial of service [CVE-2020-7052]

A vulnerability was found in CODESYS Control V3 and HMI V3 (SCADA Software). It has been declared as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 3.5.15.30 eliminates this vulnerability.
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 Remote Desktop Control Code Execution weak encryption

A vulnerability was found in ApexPro/CARESCAPE Telemetry Server up to 4.2. It has been classified as critical. Affected is an unknown part of the component Remote Desktop Control. There is no information about possible countermeasures known. It...
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 Software Update File Upload privilege escalation

A vulnerability was found in ApexPro/CARESCAPE Telemetry Server up to 4.2 and classified as critical. This issue affects some unknown functionality of the component Software Update. There is no information about possible countermeasures known. It...
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 Keyboard Switching privilege escalation

A vulnerability has been found in ApexPro/CARESCAPE Telemetry Server up to 4.2 and classified as critical. This vulnerability affects an unknown functionality of the component Keyboard Switching Handler. There is no information about possible...
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 SMB Default Credentials weak authentication

A vulnerability, which was classified as critical, was found in ApexPro/CARESCAPE Telemetry Server up to 4.2. This affects an unknown function of the component SMB Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 Web-based Configuration Utility Remote Code Execution

A vulnerability, which was classified as critical, has been found in ApexPro/CARESCAPE Telemetry Server up to 4.2. Affected by this issue is some unknown processing of the component Web-based Configuration Utility. There is no information about...
Auteur: VulDB

ApexPro/CARESCAPE Telemetry Server up to 4.2 Configuration File Key information disclosure

A vulnerability classified as problematic was found in ApexPro/CARESCAPE Telemetry Server up to 4.2. Affected by this vulnerability is an unknown code block of the component Configuration File. There is no information about possible...
Auteur: VulDB

SimpleSAMLphp up to 1.18.3 Twig Template www/erroreport.php free-text cross site scripting

A vulnerability classified as problematic has been found in SimpleSAMLphp up to 1.18.3. Affected is an unknown code of the file www/erroreport.php of the component Twig Template Handler. Upgrading to version 1.18.4 eliminates this vulnerability.
Auteur: VulDB

SimpleSAMLphp up to 1.18.3 Log www/erroreport.php reportID privilege escalation

A vulnerability was found in SimpleSAMLphp up to 1.18.3. It has been rated as critical. This issue affects an unknown part of the file www/erroreport.php of the component Log Handler. Upgrading to version 1.18.4 eliminates this vulnerability.
Auteur: VulDB

User Sessions up to 1.7.0 on Django denial of service [CVE-2020-5224]

A vulnerability was found in User Sessions up to 1.7.0 on Django. It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading to version 1.7.1 eliminates this vulnerability.
Auteur: VulDB

Angular Expressions up to 1.0.0 expressions.compile() cross site scripting

A vulnerability was found in Angular Expressions up to 1.0.0. It has been classified as problematic. This affects the function expressions.compile(). Upgrading to version 1.0.1 eliminates this vulnerability.
Auteur: VulDB

yast2-security prior 4.2.6 weak encryption [CVE-2019-3700]

A vulnerability was found in yast2-security and classified as problematic. Affected by this issue is an unknown function. Upgrading to version 4.2.6 eliminates this vulnerability.
Auteur: VulDB

openSUSE Leap 15.1 privoxy Symlink privilege escalation

A vulnerability has been found in openSUSE Leap 15.1 and classified as critical. Affected by this vulnerability is some unknown processing of the component privoxy. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

openSUSE Leap 15.1 gnump3d Symlink privilege escalation

A vulnerability, which was classified as critical, was found in openSUSE Leap 15.1. Affected is an unknown code block of the component gnump3d. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

openSUSE Fatory munin Symlink privilege escalation

A vulnerability, which was classified as critical, has been found in openSUSE Fatory (unknown version). This issue affects an unknown code of the component munin. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

SuSE Linux Enterprise Server up to 11 mailman Symlink privilege escalation

A vulnerability classified as critical was found in SuSE Linux Enterprise Server up to 11. This vulnerability affects an unknown part of the component mailman. Upgrading to version 15.1 eliminates this vulnerability.
Auteur: VulDB

SuSE Linux Enterprise Server 11 INN Symlink privilege escalation

A vulnerability classified as critical has been found in SuSE Linux Enterprise Server 11. This affects some unknown functionality of the component INN. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS