vendredi 10 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-130 : Multiples vulnérabilités dans le noyau Linux de SUSE (06 mars 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

CERTFR-2020-AVI-129 : Multiples vulnérabilités dans GitLab (06 mars 2020)

De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

D-Link DSL-2640B E1 EU_1.01 Administrative Interface POST Request weak authentication

A vulnerability classified as critical has been found in D-Link DSL-2640B E1 EU_1.01. Affected is an unknown code of the component Administrative Interface. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

PDFescape Desktop up to 4.0.22 Installer Search Path privilege escalation

A vulnerability was found in PDFescape Desktop up to 4.0.22. It has been rated as critical. This issue affects an unknown part of the component Installer. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Django up to 1.10.28/2.2.10/3.0.3 tolerance sql injection

A vulnerability was found in Django up to 1.10.28/2.2.10/3.0.3 (Content Management System). It has been declared as critical. This vulnerability affects some unknown functionality. Upgrading to version 1.10.29, 2.2.11 or 3.0.4 eliminates this...
Auteur: VulDB

IPTV Smarters Web TV Player up to 2020-02-22 Upload OS Command Injection privilege escalation

A vulnerability was found in IPTV Smarters Web TV Player up to 2020-02-22. It has been classified as critical. This affects an unknown functionality of the component Upload. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Humax HGA12R-02 BRGCAA 1.1.53 Session weak authentication

A vulnerability was found in Humax HGA12R-02 BRGCAA 1.1.53 and classified as critical. Affected by this issue is an unknown function of the component Session Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Xiaomi AI speaker MDZ-25-DT 1.34.36/1.40.14 UART Interface Backdoor privilege escalation

A vulnerability has been found in Xiaomi AI speaker MDZ-25-DT 1.34.36/1.40.14 (Artificial Intelligence Software) and classified as critical. Affected by this vulnerability is some unknown processing of the component UART Interface. There is no...
Auteur: VulDB

Omron PLC CJ Ethernet Module Packet denial of service

A vulnerability, which was classified as problematic, was found in Omron PLC CJ (version unknown). Affected is an unknown code block of the component Ethernet Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Emerson ValveLink up to 13.4.118 Configuration Parameter privilege escalation

A vulnerability, which was classified as critical, has been found in Emerson ValveLink up to 13.4.118. This issue affects an unknown code of the component Configuration Parameter. There is no information about possible countermeasures known. It...
Auteur: VulDB

NVIDIA Windows GPU Display Driver Control Panel privilege escalation

A vulnerability classified as critical was found in NVIDIA Windows GPU Display Driver (Hardware Driver Software) (the affected version is unknown). This vulnerability affects an unknown part of the component Control Panel. There is no information...
Auteur: VulDB

Spring Cloud Config up to 2.1.6/2.2.1 spring-cloud-config-server directory traversal

A vulnerability classified as critical has been found in Spring Cloud Config up to 2.1.6/2.2.1 (Cloud Software). This affects some unknown functionality of the component spring-cloud-config-server. Upgrading to version 2.1.7 or 2.2.2 eliminates...
Auteur: VulDB

PrestaShop up to 1.7.6.3 Address privilege escalation

A vulnerability was found in PrestaShop up to 1.7.6.3. It has been rated as critical. Affected by this issue is an unknown functionality of the component Address Handler. Upgrading to version 1.7.6.4 eliminates this vulnerability.
Auteur: VulDB

IBM Platform LSF privilege escalation [CVE-2020-4278]

A vulnerability was found in IBM Platform LSF, Spectrum LSF Suite and Spectrum Suite for HPA (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function. There is no information about...
Auteur: VulDB

HCL Connections 6.5 information disclosure [CVE-2020-4083]

A vulnerability was found in HCL Connections 6.5. It has been classified as problematic. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

HCL Connections 5.5 Help System cross site scripting

A vulnerability was found in HCL Connections 5.5 and classified as problematic. This issue affects an unknown code block of the component Help System. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

YubiKey Validation Server up to 2.39 Sync Endpoint Replay weak authentication

A vulnerability has been found in YubiKey Validation Server up to 2.39 and classified as critical. This vulnerability affects an unknown code of the component Sync Endpoint. Upgrading to version 2.40 eliminates this vulnerability.
Auteur: VulDB

YubiKey Validation Server up to 2.39 Verify Endpoint sql injection

A vulnerability, which was classified as critical, was found in YubiKey Validation Server up to 2.39. This affects an unknown part of the component Verify Endpoint. Upgrading to version 2.40 eliminates this vulnerability.
Auteur: VulDB

ESET Smart Security Premium AV Parsing Engine Archive privilege escalation

A vulnerability, which was classified as critical, has been found in ESET Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro, Cyber Security, Mobile Security, Smart TV Security and NOD32 Antivirus. Affected by this...
Auteur: VulDB

Timeshift up to 20.02 Temp File TeeJee.FileSystem.vala init_tmp privilege escalation

A vulnerability classified as critical was found in Timeshift up to 20.02. Affected by this vulnerability is the function init_tmp of the file TeeJee.FileSystem.vala of the component Temp File Handler. Upgrading to version 20.03 eliminates this...
Auteur: VulDB

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m Diagnostic Page Shell Metacharacter command injection

A vulnerability classified as critical has been found in Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m. Affected is an unknown function of the component Diagnostic Page. There is no information about possible countermeasures known. It may...
Auteur: VulDB

PHPGurukul Daily Expense Tracker System 1.0 manage-expense.php ExpenseItem/ExpenseCost cross site scripting

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file manage-expense.php. There is no information about possible countermeasures known....
Auteur: VulDB

PHPGurukul Daily Expense Tracker System 1.0 index.php email sql injection

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.0. It has been declared as critical. This vulnerability affects an unknown code block of the file index.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

Qualcomm Snapdragon Auto up to SM8150 TCP SYN Packet Sequence weak authentication

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables. It has been classified as...
Auteur: VulDB

Qualcomm Snapdragon Auto up to SXR1130 WLAN memory corruption

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and...
Auteur: VulDB
First275276277278279280281282283284Last

Événements SSI