Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Schneider Electric EcoStruxure/SmartStruxure access control [CVE-2020-7547]

A vulnerability classified as critical was found in Schneider Electric EcoStruxure and SmartStruxure (SCADA Software) (affected version unknown). Affected by this vulnerability is some unknown processing. There is no information about possible...
Auteur: VulDB

Schneider Electric EcoStruxure/SmartStruxure Web Page Generation cross site scripting

A vulnerability classified as problematic has been found in Schneider Electric EcoStruxure and SmartStruxure (SCADA Software) (version unknown). Affected is an unknown code block of the component Web Page Generation Handler. There is no...
Auteur: VulDB

Schneider Electric EcoStruxure/SmartStruxure access control [CVE-2020-7545]

A vulnerability was found in Schneider Electric EcoStruxure and SmartStruxure (SCADA Software) (unknown version). It has been rated as critical. This issue affects an unknown code. There is no information about possible countermeasures known. It...
Auteur: VulDB

Schneider Electric Modicon Quantum/ModiconPremium Legacy Communication Module credentials management

A vulnerability was found in Schneider Electric Modicon Quantum and ModiconPremium Legacy (SCADA Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part of the component...
Auteur: VulDB

ZXELINK ZXV10 W908 prior MIPS_A_1022IPV6R3T6P7Y20 filter sql injection

A vulnerability was found in ZXELINK ZXV10 W908. It has been classified as critical. This affects some unknown functionality. Upgrading to version MIPS_A_1022IPV6R3T6P7Y20 eliminates this vulnerability.
Auteur: VulDB

HCL Domino ID Vault Service excessive authentication [CVE-2020-4128]

A vulnerability was found in HCL Domino (affected version not known) and classified as problematic. Affected by this issue is an unknown functionality of the component ID Vault Service. There is no information about possible countermeasures...
Auteur: VulDB

ThinkAdmin cross site scripting [CVE-2020-29315]

A vulnerability has been found in ThinkAdmin (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ATX miniCMTS200a Broadband Gateway/Pico CMTS up to 2.0 pathname traversal

A vulnerability, which was classified as critical, was found in ATX miniCMTS200a Broadband Gateway and Pico CMTS up to 2.0. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Western Digital My Cloud OS prior 5.06.115 improper authentication

A vulnerability, which was classified as critical, has been found in Western Digital My Cloud OS (Cloud Software). This issue affects an unknown code block. Upgrading to version 5.06.115 eliminates this vulnerability.
Auteur: VulDB

Western Digital My Cloud OS prior 5.06.115 Cookie improper authentication

A vulnerability classified as critical was found in Western Digital My Cloud OS (Cloud Software). This vulnerability affects an unknown code of the component Cookie Handler. Upgrading to version 5.06.115 eliminates this vulnerability.
Auteur: VulDB

Western Digital My Cloud OS prior 5.06.115 NAS Admin Dashboard improper authentication

A vulnerability classified as critical has been found in Western Digital My Cloud OS (Cloud Software). This affects an unknown part of the component NAS Admin Dashboard. Upgrading to version 5.06.115 eliminates this vulnerability.
Auteur: VulDB

Edimax IC-3116W/IC-3140W prior 3.08 GET Request ipcam_cgi doGetSysteminfo stack-based buffer overflow

A vulnerability was found in Edimax IC-3116W and IC-3140W. It has been rated as critical. Affected by this issue is the function doGetSysteminfo of the file ipcam_cgi of the component GET Request Handler. Upgrading to version 3.08 eliminates this...
Auteur: VulDB

WECON PLC Editor up to 1.3.8 heap-based buffer overflow [CVE-2020-25181]

A vulnerability was found in WECON PLC Editor up to 1.3.8. It has been declared as critical. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

WECON PLC Editor up to 1.3.8 stack-based buffer overflow [CVE-2020-25177]

A vulnerability was found in WECON PLC Editor up to 1.3.8. It has been classified as critical. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Apache Cordova on Android Camera Plugin access control

A vulnerability was found in Apache Cordova on Android (Android App Software) (unknown version) and classified as critical. This issue affects some unknown processing of the component Camera Plugin. There is no information about possible...
Auteur: VulDB

Solarwinds Web Help Desk 12.7.0 cross site scripting [CVE-2019-16958]

A vulnerability has been found in Solarwinds Web Help Desk 12.7.0 and classified as problematic. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2020-AVI-784 : Multiples vulnérabilités dans le noyau Linux de SUSE (01 décembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique...
Auteur: Cert FR

Huawei Nova 4/SydneyM-AL00 prior 10.0.0.165 specific out-of-bounds write

A vulnerability, which was classified as critical, was found in Huawei Nova 4 and SydneyM-AL00. This affects an unknown code. Upgrading to version 10.0.0.165 eliminates this vulnerability.
Auteur: VulDB

Huawei FusionCompute 6.3.0/6.3.1/6.5.0/6.5.1/8.0.0 Administrator access control

A vulnerability, which was classified as critical, has been found in Huawei FusionCompute 6.3.0/6.3.1/6.5.0/6.5.1/8.0.0. Affected by this issue is an unknown part of the component Administrator Handler. There is no information about possible...
Auteur: VulDB

McAfee Total Protection prior 16.0.29 Microsoft Windows Client access control

A vulnerability classified as critical was found in McAfee Total Protection. Affected by this vulnerability is some unknown functionality of the component Microsoft Windows Client. Upgrading to version 16.0.29 eliminates this vulnerability.
Auteur: VulDB

containerd up to 1.3.8/1.4.2 containerd-shim API incorrect resource transfer

A vulnerability classified as critical has been found in containerd up to 1.3.8/1.4.2 (Virtualization Software). Affected is an unknown functionality of the component containerd-shim API. Upgrading to version 1.3.9 or 1.4.3 eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-785 : Vulnérabilité dans Junos OS (01 décembre 2020)

Une vulnérabilité a été découverte dans Junos OS. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-783 : Multiples vulnérabilités dans Chrome OS (01 décembre 2020)

De multiples vulnérabilités ont été découvertes dans Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-782 : Multiples vulnérabilités dans IBM Db2 (01 décembre 2020)

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

Huawei FusionCompute 6.5.1/8.0.0 command injection [CVE-2020-9116]

A vulnerability was found in Huawei FusionCompute 6.5.1/8.0.0. It has been rated as critical. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB
12345678910Last

Événements SSI