jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-316 : [SCADA] Multiples vulnérabilités dans Schneider EcoStruxure Operator Terminal (25 mai 2020)

De multiples vulnérabilités ont été découvertes dans Schneider EcoStruxure Operator Terminal. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2020-AVI-315 : Vulnérabilité dans Apache Tomcat (25 mai 2020)

Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

ffjpeg up to 2020-02-24 bmp.c bmp_load memory corruption

A vulnerability was found in ffjpeg up to 2020-02-24. It has been rated as critical. Affected by this issue is the function bmp_load of the file bmp.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ffjpeg up to 2020-02-24 jfif.c jfif_decode memory corruption

A vulnerability was found in ffjpeg up to 2020-02-24. It has been declared as critical. Affected by this vulnerability is the function jfif_decode of the file jfif.c. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ffjpeg up to 2020-02-24 jfif.c jfif_encode information disclosure

A vulnerability was found in ffjpeg up to 2020-02-24. It has been classified as problematic. Affected is the function jfif_encode of the file jfif.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SQLite up to 3.32.0 expr.c sqlite3ExprCodeTarget memory corruption

A vulnerability was found in SQLite up to 3.32.0 and classified as critical. This issue affects the function sqlite3ExprCodeTarget of the file expr.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

SQLite up to 3.32.0 printf.c sqlite3_str_vappendf Integer memory corruption

A vulnerability has been found in SQLite up to 3.32.0 and classified as critical. This vulnerability affects the function sqlite3_str_vappendf of the file printf.c. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Jason2605 AdminPanel 4.0 editPlayer.php hidden sql injection

A vulnerability, which was classified as critical, was found in Jason2605 AdminPanel 4.0. This affects some unknown functionality of the file editPlayer.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Grafana up to 6.x OpenTSDB Datasource cross site scripting

A vulnerability, which was classified as problematic, has been found in Grafana up to 6.x. Affected by this issue is an unknown functionality of the component OpenTSDB Datasource Handler. Upgrading to version 7.0.0 eliminates this vulnerability.
Auteur: VulDB

piechart-panel up to 1.4.x on Grafana Values cross site scripting

A vulnerability classified as problematic was found in piechart-panel up to 1.4.x on Grafana. Affected by this vulnerability is an unknown function. Upgrading to version 1.5.0 eliminates this vulnerability.
Auteur: VulDB

TrackR up to 2020-05-06 Alarm denial of service

A vulnerability classified as problematic has been found in TrackR up to 2020-05-06. Affected is some unknown processing of the component Alarm Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

XCloner up to 3.5.3 on Joomla Local File Inclusion privilege escalation

A vulnerability was found in XCloner up to 3.5.3 on Joomla (Joomla Component). It has been rated as critical. This issue affects an unknown code block. Upgrading to version 3.5.4 eliminates this vulnerability.
Auteur: VulDB

meinheld up to 1.0.1 Header Parsing Content-Length Request Smuggling privilege escalation

A vulnerability was found in meinheld up to 1.0.1. It has been declared as critical. This vulnerability affects an unknown code of the component Header Parsing. Upgrading to version 1.0.2 eliminates this vulnerability.
Auteur: VulDB

Aviatrix VPN Client up to 2.10.6 Incomplete Fix CVE-2020-7224 Parameter privilege escalation

A vulnerability was found in Aviatrix VPN Client up to 2.10.6 (Network Encryption Software). It has been classified as critical. This affects an unknown part of the component Incomplete Fix CVE-2020-7224. Upgrading to version 2.10.7 eliminates...
Auteur: VulDB

Aviatrix Controller prior 5.4.1066 Web Interface cross site request forgery

A vulnerability was found in Aviatrix Controller and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. Upgrading to version 5.4.1066 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller up to 5.1 SAML SAML Assertion privilege escalation

A vulnerability has been found in Aviatrix Controller up to 5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SAML Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Aviatrix Controller. Affected is an unknown function. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 API Response Brute Force information disclosure

A vulnerability, which was classified as problematic, has been found in Aviatrix Controller. This issue affects some unknown processing of the component API. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 Web Interface cross site request forgery

A vulnerability classified as problematic was found in Aviatrix Controller. This vulnerability affects an unknown code block of the component Web Interface. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 crypto.c crypto_rsa_common memory corruption

A vulnerability classified as critical has been found in FreeRDP up to 2.1.0. This affects the function crypto_rsa_common of the file libfreerdp/crypto/crypto.c. Upgrading to version 2.1.1 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 security.c security_fips_decrypt information disclosure

A vulnerability was found in FreeRDP up to 2.1.0. It has been rated as problematic. Affected by this issue is the function security_fips_decrypt of the file libfreerdp/core/security.c. Upgrading to version 2.1.1 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 ntlm_message.c ntlm_read_ChallengeMessage information disclosure

A vulnerability was found in FreeRDP up to 2.1.0. It has been declared as problematic. Affected by this vulnerability is the function ntlm_read_ChallengeMessage in the library winpr/libwinpr/sspi/NTLM/ntlm_message.c. Upgrading to version 2.1.1...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd SetNetControlList list memory corruption

A vulnerability was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. It has been classified as critical. Affected is an unknown functionality of the file /goform/SetNetControlList of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd saveParentControlInfo deviceId/time memory corruption

A vulnerability was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05 and classified as critical. This issue affects an unknown function of the file /goform/saveParentControlInfo of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/setcfm funcpara1 memory corruption

A vulnerability has been found in Tenda AC6, AC9, AC15 and AC118 V15.03.05 and classified as critical. This vulnerability affects some unknown processing of the file /goform/setcfm of the component httpd. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI