Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

FlexNet Publisher 11.14.0.2 Web Portal lmadmin.exe information disclosure

A vulnerability was found in FlexNet Publisher 11.14.0.2. It has been classified as problematic. This affects an unknown function of the file lmadmin.exe of the component Web Portal. There is no information about possible countermeasures known....
Auteur: VulDB

VMware GemFire/Tanzu GemFire for VMs bis JMX Service Remote Code Execution

A vulnerability was found in VMware GemFire and Tanzu GemFire for VMs bis and classified as critical. Affected by this issue is some unknown processing of the component JMX Service. Upgrading eliminates this vulnerability.
Auteur: VulDB

VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1 Kryo Codec Deserialization privilege escalation

A vulnerability classified as critical has been found in VMware Spring up to 4.3.22/5.1.11/5.2.7/5.3.1. This affects an unknown code block of the component Kryo Codec. Upgrading to version 4.3.23, 5.1.12, 5.2.8 or 5.3.2 eliminates this...
Auteur: VulDB

Faye up to 1.3.x Certificate Verification EM::Connection#start_tls TLS Certificate Man-in-the-Middle weak authentication

A vulnerability, which was classified as problematic, has been found in Faye up to 1.3.x. Affected by this issue is the function EM::Connection#start_tls of the component Certificate Verification. Upgrading to version 1.4.0 eliminates this...
Auteur: VulDB

Huawei P30 prior 10.1.0.160(C00E160R2P11) Messages Memory Leak denial of service

A vulnerability has been found in Huawei P30 (Smartphone Operating System) and classified as problematic. Affected by this vulnerability is an unknown code block. Upgrading to version 10.1.0.160(C00E160R2P11) eliminates this vulnerability.
Auteur: VulDB

Huawei FusionComput 8.0.0 Authorization privilege escalation

A vulnerability, which was classified as critical, was found in Huawei FusionComput 8.0.0. Affected is an unknown code of the component Authorization. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Inductive Automation Ignition up to 8.0.12 information disclosure

A vulnerability, which was classified as problematic, has been found in Inductive Automation Ignition up to 8.0.12 (Automation Software). This issue affects an unknown part. Upgrading to version 8.0.13) eliminates this vulnerability.
Auteur: VulDB

Ansible Tower API Mail Address User information disclosure

A vulnerability classified as problematic was found in Ansible Tower (the affected version is unknown). This vulnerability affects some unknown functionality of the component API. There is no information about possible countermeasures known. It...
Auteur: VulDB

Red Hat Satellite 6 Cache File information disclosure

A vulnerability classified as problematic has been found in Red Hat Satellite 6. This affects an unknown functionality of the component Cache File Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Red Hat OpenStack Platform 16 Virtual Machine nova_libvirt privilege escalation

A vulnerability was found in Red Hat OpenStack Platform 16. It has been rated as critical. Affected by this issue is an unknown function in the library nova_libvirt of the component Virtual Machine. There is no information about possible...
Auteur: VulDB

Qualcomm PLC Firmware HPAV2 privilege escalation [CVE-2020-3681]

A vulnerability was found in Qualcomm PLC Firmware (Firmware Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component HPAV2 Handler. Upgrading eliminates...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface sql injection

A vulnerability was found in Cisco Data Center Network Manager (version unknown). It has been classified as critical. Affected is an unknown code block of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface Request information disclosure

A vulnerability was found in Cisco Data Center Network Manager (unknown version) and classified as problematic. This issue affects an unknown code of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface HTTP Header cross site scripting

A vulnerability has been found in Cisco Data Center Network Manager (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown part of the component Web-based Management Interface. Upgrading eliminates...
Auteur: VulDB

CERTFR-2020-AVI-480 : [SCADA] Mul​tiples vulnérabilités dans Schneider Electric Triconex (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Schneider Electric Triconex. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

Cisco Data Center Network Manager REST API Endpoint privilege escalation

A vulnerability, which was classified as critical, was found in Cisco Data Center Network Manager (the affected version unknown). This affects some unknown functionality of the component REST API Endpoint. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Endpoint command injection

A vulnerability, which was classified as critical, has been found in Cisco Data Center Network Manager (affected version not known). Affected by this issue is an unknown functionality of the component REST API Endpoint. Upgrading eliminates this...
Auteur: VulDB

Cisco Data Center Network Manager Archive Utility Archive File directory traversal

A vulnerability classified as critical was found in Cisco Data Center Network Manager (affected version unknown). Affected by this vulnerability is an unknown function of the component Archive Utility. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Session Token weak encryption

A vulnerability classified as critical has been found in Cisco Data Center Network Manager (version unknown). Affected is some unknown processing of the component REST API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application command injection

A vulnerability was found in Cisco Data Center Network Manager (unknown version). It has been rated as critical. This issue affects an unknown code block of the component Device Manager Application. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application weak authentication

A vulnerability was found in Cisco Data Center Network Manager (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code of the component Device Manager Application. Upgrading eliminates this...
Auteur: VulDB

Cisco SD-WAN Solution memory corruption [CVE-2020-3375]

A vulnerability was found in Cisco SD-WAN Solution (the affected version unknown). It has been classified as critical. This affects an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN vManage Web-based Management Interface HTTP Requests weak authentication

A vulnerability was found in Cisco SD-WAN vManage (affected version not known) and classified as critical. Affected by this issue is some unknown functionality of the component Web-based Management Interface. Upgrading eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-479 : Multiples vulnérabilités dans Mozilla Thunderbird (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2020-AVI-478 : Multiples vulnérabilités dans Foxit Reader et PhantomPDF (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Foxit Reader et PhantomPDF. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR
12345678910Last

Événements SSI