mardi 7 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Hirschmann Automation Control HiOS/HiSecOS URL Argument HTTP Requests memory corruption

A vulnerability classified as critical was found in Hirschmann Automation Control HiOS and HiSecOS (Automation Software) (the affected version is unknown). This vulnerability affects an unknown code of the component URL Argument Handler. There is...
Auteur: VulDB

Dell Latitude 7202 Rugged Tablet BIOS prior A28 System Management Mode privilege escalation

A vulnerability classified as critical has been found in Dell Latitude 7202 Rugged Tablet BIOS (Tablet Operating System). This affects an unknown part of the component System Management Mode. Upgrading to version A28 eliminates this vulnerability.
Auteur: VulDB

Dell EMC Isilon OneFS up to 8.2.2 SmartConnect DNS Response Loop denial of service

A vulnerability was found in Dell EMC Isilon OneFS up to 8.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SmartConnect. There is no information about possible countermeasures known. It...
Auteur: VulDB

IBM Spectrum Scale 4.2/5.0 privilege escalation [CVE-2020-4273]

A vulnerability was found in IBM Spectrum Scale 4.2/5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

GnuTLS up to 3.6.12 DTLS weak encryption

A vulnerability was found in GnuTLS up to 3.6.12 (Network Encryption Software). It has been classified as critical. Affected is an unknown function of the component DTLS Handler. Upgrading to version 3.6.13 eliminates this vulnerability.
Auteur: VulDB

Zoom Client for Meetings up to 4.6.9 weak encryption [CVE-2020-11500]

A vulnerability was found in Zoom Client for Meetings up to 4.6.9 and classified as problematic. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

MediaWiki up to 1.34.0 CSS cross site scripting

A vulnerability has been found in MediaWiki up to 1.34.0 (Content Management System) and classified as problematic. This vulnerability affects an unknown code block of the component CSS Handler. Upgrading to version 1.34.1 eliminates this...
Auteur: VulDB

Eclipse Che up to 7.8.x Workspace Pod privilege escalation

A vulnerability, which was classified as problematic, was found in Eclipse Che up to 7.8.x. This affects an unknown code of the component Workspace Pod Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module up to 11.5.0.2 Password Hash weak encryption

A vulnerability, which was classified as problematic, has been found in VISAM VBASE Editor and VBASE Web-Remote Module up to 11.5.0.2. Affected by this issue is an unknown part of the component Password Hash Handler. There is no information about...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module ActiveX memory corruption

A vulnerability classified as critical was found in VISAM VBASE Editor and VBASE Web-Remote Module (affected version unknown). Affected by this vulnerability is some unknown functionality of the component ActiveX. There is no information about...
Auteur: VulDB

SuSE Linux Enterprise Server autoyast2 privilege escalation [CVE-2019-18905]

A vulnerability classified as critical has been found in SuSE Linux Enterprise Server (version unknown). Affected is an unknown functionality of the component autoyast2. Applying a patch is able to eliminate this problem.
Auteur: VulDB

SuSE Linux Enterprise Server Resource Exhaustion denial of service

A vulnerability was found in SuSE Linux Enterprise Server, Linux Enterprise High Performance Computing, Linux Enterprise Module for Public Cloud and Linux Enterprise Module for Server Applications (unknown version). It has been rated as...
Auteur: VulDB

OneTone Theme up to 3.0.6 on WordPress theme-functions.php cross site scripting

A vulnerability was found in OneTone Theme up to 3.0.6 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects some unknown processing of the file includes/theme-functions.php. There is no information...
Auteur: VulDB

OneTone Theme up to 3.0.6 on WordPress Options theme-functions.php privilege escalation

A vulnerability was found in OneTone Theme up to 3.0.6 on WordPress (WordPress Plugin). It has been classified as critical. This affects an unknown code block of the file includes/theme-functions.php of the component Options Handler. There is no...
Auteur: VulDB

SuSE Openstack Cloud/OpenStack Cloud Crowbar privilege escalation

A vulnerability was found in SuSE Openstack Cloud and OpenStack Cloud Crowbar (Cloud Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR

Original release date: April 3, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have...
Auteur: US Cert

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

CERTFR-2020-AVI-185 : Vulnérabilité dans HAProxy (03 avril 2020)

Une vulnérabilité a été découverte dans HAProxy. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 RTSP Service weak authentication

A vulnerability has been found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 and classified as critical. Affected by this vulnerability is an unknown part of the component RTSP Service. There is no information about possible...
Auteur: VulDB

Huawei SmartAX MA5600T/SmartAX MA5800/SmartAX EA5800 Code Execution memory corruption

A vulnerability, which was classified as critical, was found in Huawei SmartAX MA5600T, SmartAX MA5800 and SmartAX EA5800 (version unknown). Affected is some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Linux Kernel up to 5.4.28/5.5.13/5.6.0 BPF Verifier kernel/bpf/verifier.c) memory corruption

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.28/5.5.13/5.6.0. This issue affects an unknown functionality of the file kernel/bpf/verifier.c) of the component BPF Verifier. Upgrading to version...
Auteur: VulDB

TP-LINK TL-WR841N V10 3.16.9 GET Request memory corruption

A vulnerability classified as critical was found in TP-LINK TL-WR841N V10 3.16.9. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications Cron Job race condition

A vulnerability classified as problematic has been found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (the affected version unknown). This affects some unknown processing of...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications texlive-filesystem privilege escalation

A vulnerability was found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (affected version not known). It has been rated as critical. Affected by this issue is an unknown code...
Auteur: VulDB

Exim up to 4.93.0.4-3.0 on openSUSE Symlink privilege escalation

A vulnerability was found in Exim up to 4.93.0.4-3.0 on openSUSE. It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 4.93.0.4-3.1 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI