Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SUNNET eHRD Credentials information disclosure [CVE-2020-10508]

A vulnerability was found in SUNNET eHRD (unknown version) and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

CERTFR-2020-AVI-173 : Multiples vulnérabilités dans GitLab CE et EE (27 mars 2020)

De multiples vulnérabilités ont été découvertes dans GitLab CE et EE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité...
Auteur: Cert FR

Micro Focus Service Manager Automation up to 2019.08 sql injection

A vulnerability has been found in Micro Focus Service Manager Automation up to 2019.08 (Automation Software) and classified as critical. This vulnerability affects some unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Community plugin 2.9.e-beta on Piwigo Album image_id privilege escalation

A vulnerability, which was classified as critical, was found in Community plugin 2.9.e-beta on Piwigo. This affects an unknown functionality of the component Album Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Piwigo 2.10.1 /ws.php pwgimagessetInfo file cross site scripting

A vulnerability, which was classified as problematic, has been found in Piwigo 2.10.1 (Photo Gallery Software). Affected by this issue is the function pwgimagessetInfo of the file /ws.php. There is no information about possible countermeasures...
Auteur: VulDB

Huawei Smart Phone up to 10.0.1 Application privilege escalation

A vulnerability classified as critical was found in Huawei Smart Phone up to 10.0.1 (Smartphone Operating System). Affected by this vulnerability is some unknown processing. Upgrading to version 10.0.1.169(C00E166R4P1) eliminates this...
Auteur: VulDB

Huawei Smart Phone up to 10.0.0 Use-After-Free memory corruption

A vulnerability classified as critical has been found in Huawei Smart Phone up to 10.0.0 (Smartphone Operating System). Affected is an unknown code block. Upgrading to version 10.0.0.203(C00E201R7P2) eliminates this vulnerability.
Auteur: VulDB

Puppet Enterprise up to 3.3.x Impact Analysis Report Parameter information disclosure

A vulnerability was found in Puppet Enterprise up to 3.3.x (Service Management Software). It has been rated as problematic. This issue affects an unknown code of the component Impact Analysis Report. Upgrading to version 3.4.0 eliminates this...
Auteur: VulDB

IBM WebSphere Application Server 7.0/8.0/8.5/9.0 SOAP Connector Token privilege escalation

A vulnerability was found in IBM WebSphere Application Server 7.0/8.0/8.5/9.0. It has been declared as critical. This vulnerability affects an unknown part of the component SOAP Connector. There is no information about possible countermeasures...
Auteur: VulDB

UltraLog Express Device Management Interface Parameter sql injection

A vulnerability was found in UltraLog Express Device Management Interface (the affected version unknown). It has been classified as critical. This affects some unknown functionality. There is no information about possible countermeasures known....
Auteur: VulDB

UltraLog Express Device Management Interface Cleartext weak encryption

A vulnerability was found in UltraLog Express Device Management Interface (affected version not known) and classified as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

UltraLog Express Device Management Interface privilege escalation

A vulnerability has been found in UltraLog Express Device Management Interface (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures...
Auteur: VulDB

Huawei P30 up to 10.0.0 Access Control Crafted Application privilege escalation

A vulnerability, which was classified as critical, was found in Huawei P30 up to 10.0.0. Affected is some unknown processing of the component Access Control. Upgrading to version 10.0.0.185(C00E85R1P11) eliminates this vulnerability.
Auteur: VulDB

Osmand up to 2.0.0 BinaryMapIndexReader.java XML External Entity

A vulnerability, which was classified as critical, has been found in Osmand up to 2.0.0. This issue affects an unknown code block of the file binary/BinaryMapIndexReader.java. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Azkaban up to 3.84.0 XmlValidatorManager.java XML External Entity

A vulnerability classified as critical was found in Azkaban up to 3.84.0. This vulnerability affects an unknown code of the file validator/XmlValidatorManager.java. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

MuleSoft APIkit up to 1.3.0 RestXmlSchemaValidator.java XML External Entity

A vulnerability classified as critical has been found in MuleSoft APIkit up to 1.3.0. This affects an unknown part of the file validation/RestXmlSchemaValidator.java. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Accenture Mercury up to 1.12.27 SimpleXmlParser.java XML External Entity

A vulnerability was found in Accenture Mercury up to 1.12.27. It has been rated as critical. Affected by this issue is some unknown functionality of the file platformlambda/core/serializers/SimpleXmlParser.java. Upgrading to version 1.12.28...
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.0 HTTP Request Stack-based memory corruption

A vulnerability was found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Upgrading to version 1.5.1 eliminates this vulnerability.
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.0 HTTP Request Stack-based memory corruption

A vulnerability was found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.0. It has been classified as critical. Affected is an unknown function. Upgrading to version 1.5.1 eliminates this vulnerability.
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.0 Debug Mode /cgi-bin/activate.cgi HTTP Request command injection

A vulnerability was found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.0 (Router Operating System) and classified as critical. This issue affects some unknown processing of the file /cgi-bin/activate.cgi of the component Debug Mode....
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.0 /cgi-bin/activate.cgi ticket memory corruption

A vulnerability has been found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.0 and classified as critical. This vulnerability affects an unknown code block of the file /cgi-bin/activate.cgi. Upgrading to version 1.5.1 eliminates this...
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.1 /cgi-bin/activate.cgi ticket memory corruption

A vulnerability, which was classified as critical, was found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.1 (Router Operating System). This affects an unknown code of the file /cgi-bin/activate.cgi. There is no information about...
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.1 /cgi-bin/activate.cgi var memory corruption

A vulnerability, which was classified as critical, has been found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.1 (Router Operating System). Affected by this issue is an unknown part of the file /cgi-bin/activate.cgi. There is no...
Auteur: VulDB

3S-Smart CODESYS GatewayService 3.5.13.20 Name Service Client GatewayService.exe Crafted Packet memory corruption

A vulnerability classified as critical was found in 3S-Smart CODESYS GatewayService 3.5.13.20. Affected by this vulnerability is some unknown functionality of the file GatewayService.exe of the component Name Service Client. There is no...
Auteur: VulDB

Droit au déréférencement : le Conseil d’État confirme une portée mondiale « au cas par cas »

Dans sa décision du 27 mars 2020, le Conseil d’État a précisé la portée géographique du droit au déréférencement. La CNIL prend acte de cette décision qui tire les conséquences automatiques de l’arrêt de la Cour de justice de l’Union européenne...
Auteur: Cnil
First264265266267268269270271272273Last

Événements SSI