Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Barco wePresent WiPG-1600W 2.5.1.8 web_index.cgi authentication bypass

A vulnerability was found in Barco wePresent WiPG-1600W 2.5.1.8. It has been declared as critical. This vulnerability affects an unknown part of the file /cgi-bin/web_index.cgi?lang=en&src=AwSystem.html&ertqVvnKV4TjU9Vt. Upgrading to version...
Auteur: VulDB

VU#724367: VMware Workspace ONE Access and related components are vulnerable to command injection

Overview VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to...
Auteur: US Cert

Barco wePresent WiPG-1600W 2.5.1.8 cleartext storage [CVE-2020-28330]

A vulnerability was found in Barco wePresent WiPG-1600W 2.5.1.8. It has been classified as problematic. This affects some unknown functionality. Upgrading to version 2.5.3.12 eliminates this vulnerability.
Auteur: VulDB

Barco wePresent 2.4.1.19/2.5.0.24/2.5.0.25/2.5.1.8 Service Port 4001 hard-coded credentials

A vulnerability was found in Barco wePresent 2.4.1.19/2.5.0.24/2.5.0.25/2.5.1.8 and classified as critical. Affected by this issue is an unknown functionality of the component Service Port 4001. Upgrading eliminates this vulnerability.
Auteur: VulDB

Libsvm 324 Model SVM svm.cpp svm_predict_values denial of service

A vulnerability has been found in Libsvm 324 and classified as problematic. Affected by this vulnerability is the function svm_predict_values of the file svm.cpp of the component Model SVM Handler. Applying a patch is able to eliminate this...
Auteur: VulDB

Paradox IP150 5.02.09 stack-based buffer overflow [CVE-2020-25189]

A vulnerability, which was classified as critical, was found in Paradox IP150 5.02.09. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

HCL Notes 9/10/11 Email Message denial of service

A vulnerability, which was classified as problematic, has been found in HCL Notes 9/10/11. This issue affects an unknown code block of the component Email Message Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

HCL Domino up to 9.0.1 FP10 IF5/10.0.0 denial of service [CVE-2020-14234]

A vulnerability classified as problematic was found in HCL Domino up to 9.0.1 FP10 IF5/10.0.0. This vulnerability affects an unknown code. Upgrading to version 9.0.1 FP10 IF6 or 10.0.1 eliminates this vulnerability.
Auteur: VulDB

HCL Domino up to 9.0.1 FP10 IF5/10.0.1 FP4/11.0.0 Email Message denial of service

A vulnerability classified as problematic has been found in HCL Domino up to 9.0.1 FP10 IF5/10.0.1 FP4/11.0.0. This affects an unknown part of the component Email Message Handler. Upgrading to version 9.0.1 FP10 IF6, 10.0.1 FP5 or 11.0.1...
Auteur: VulDB

TP-LINK Archer C9 1.180125 symlink [CVE-2020-5797]

A vulnerability was found in TP-LINK Archer C9 1.180125. It has been rated as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Xpdf 4.02 SplashOutputDev.cc endType3Char use after free

A vulnerability was found in Xpdf 4.02 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is the function SplashOutputDev::endType3Char of the file SplashOutputDev.cc. There is no information about...
Auteur: VulDB

Paradox IP150 5.02.09 buffer overflow [CVE-2020-25185]

A vulnerability was found in Paradox IP150 5.02.09. It has been classified as critical. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Netis Korea D'live AP 1.1.10 Time Setting ntpServerlp1 command injection

A vulnerability was found in Netis Korea D'live AP 1.1.10 and classified as critical. This issue affects some unknown processing of the component Time Setting Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Sterling B2B Integrator Standard Edition up to 6.0.3.2 inadequate encryption

A vulnerability has been found in IBM Sterling B2B Integrator Standard Edition up to 6.0.3.2 (Business Process Management Software) and classified as problematic. This vulnerability affects an unknown code block.
Auteur: VulDB

IBM DB2 Accessories Suite/DB2/DB2 Connect Server 9.7/10.1/10.5/11.1/11.5 untrusted search path

A vulnerability, which was classified as critical, was found in IBM DB2 Accessories Suite, DB2 and DB2 Connect Server 9.7/10.1/10.5/11.1/11.5 (Database Software). This affects an unknown code.
Auteur: VulDB

VMware ESXi up to 6.4/6.5/6.6 System Call Remote Privilege Escalation

A vulnerability, which was classified as critical, has been found in VMware ESXi up to 6.4/6.5/6.6 (Virtualization Software). Affected by this issue is an unknown part of the component System Call Handler. Upgrading to version 6.5, 6.7 or 7.0...
Auteur: VulDB

VMware ESXi/Workstation/Fusion XHCI USB Controller use after free

A vulnerability classified as critical was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version unknown). Affected by this vulnerability is some unknown functionality of the component XHCI USB Controller....
Auteur: VulDB

Linux Kernel up to 5.9.6 fbcon drivers/tty/vt/vt.c KD_FONT_OP_COPY out-of-bounds read

A vulnerability classified as problematic has been found in Linux Kernel up to 5.9.6 (Operating System). Affected is the function KD_FONT_OP_COPY of the file drivers/tty/vt/vt.c of the component fbcon. Upgrading to version 5.9.7 eliminates this...
Auteur: VulDB

TP-LINK WDR7400 devDiscoverHandle Server copy_msg_element buffer overflow

A vulnerability was found in TP-LINK WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N and WR708N. It has been rated as critical. This issue affects the function...
Auteur: VulDB

Netskope 75.0 Admin Portal csv injection

A vulnerability was found in Netskope 75.0. It has been declared as critical. This vulnerability affects some unknown processing of the component Admin Portal. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ScratchVerifier improper authentication [CVE-2020-26236]

A vulnerability was found in ScratchVerifier (the affected version unknown). It has been classified as critical. This affects an unknown code block. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

NetIQ Identity Manager up to 4.8 SP2 injection [CVE-2020-25839]

A vulnerability was found in NetIQ Identity Manager up to 4.8 SP2 and classified as critical. Affected by this issue is an unknown code. Upgrading to version 4.8 SP2 HF1 eliminates this vulnerability.
Auteur: VulDB

PDFResurrect up to 0.19 Header Validation pdf_get_version heap-based buffer overflow

A vulnerability has been found in PDFResurrect up to 0.19 and classified as critical. Affected by this vulnerability is the function pdf_get_version of the component Header Validation Handler. Upgrading to version 0.20 eliminates this...
Auteur: VulDB

libvips up to 8.8.1 im_vips2dz.c im_vips2dz uninitialized pointer

A vulnerability, which was classified as critical, was found in libvips up to 8.8.1. Affected is the function im_vips2dz in the library /libvips/libvips/deprecated/im_vips2dz.c. Upgrading to version 8.8.2 eliminates this vulnerability. Applying a...
Auteur: VulDB

libsixel 1.8.6 fromgif.c gif_out_code array index

A vulnerability, which was classified as critical, has been found in libsixel 1.8.6. This issue affects the function gif_out_code of the file fromgif.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
12345678910Last

Événements SSI