Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-499 : Multiples vulnérabilités dans Microsoft Edge (12 août 2020)

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une élévation de privilèges et une exécution de code à distance.

Auteur: Cert FR

Critical Vulnerabilities in Citrix XenMobile (CERT-EU Security Advisory 2020-040)

On 11th of August, Citrix released a blog post and Security Update about critical vulnerabilities affected XenMobile servers products. No technical details were shared by Citrix, however some sources indicate that by combining some of those...
Auteur: Cert EU

CERTFR-2020-AVI-497 : Multiples vulnérabilités dans les produits Intel (12 août 2020)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

PACTware prior 4.1 SP6/5.0.5.31 Password privilege escalation

A vulnerability classified as critical has been found in PACTware. Affected is an unknown code. Upgrading to version 4.1 SP6 or 5.0.5.31 eliminates this vulnerability.
Auteur: VulDB

PACTware prior 4.1 SP6/5.0.5.31 Password information disclosure

A vulnerability was found in PACTware. It has been rated as problematic. This issue affects an unknown part. Upgrading to version 4.1 SP6 or 5.0.5.31 eliminates this vulnerability.
Auteur: VulDB

Huawei HonorV20 up to 10.1.0. Encrypted File privilege escalation

A vulnerability was found in Huawei Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Mate 20 RS, HonorMagic2, Honor20, Honor20 Pro and HonorV20 up to 10.1.0. (Smartphone Operating System). It has been declared as critical. This vulnerability...
Auteur: VulDB

Google go-tpm TPM1.2 Library up to 0.2.x migrationAuth information disclosure

A vulnerability was found in Google go-tpm TPM1.2 Library up to 0.2.x. It has been classified as problematic. This affects an unknown functionality. Upgrading to version 0.3.0 eliminates this vulnerability.
Auteur: VulDB

AWS S3 Crypto SDK for GoLang prior V2 AES-GCM Key weak encryption

A vulnerability was found in AWS S3 Crypto SDK for GoLang and classified as problematic. Affected by this issue is an unknown function of the component AES-GCM. Upgrading to version V2 eliminates this vulnerability.
Auteur: VulDB

AWS S3 Crypto SDK for GoLang prior V2 AES-CBC weak encryption

A vulnerability has been found in AWS S3 Crypto SDK for GoLang and classified as problematic. Affected by this vulnerability is some unknown processing of the component AES-CBC. Upgrading to version V2 eliminates this vulnerability.
Auteur: VulDB

Avaya Aura Communication Manager/Aura Messaging System Management Interface cross site request forgery

A vulnerability, which was classified as problematic, was found in Avaya Aura Communication Manager and Aura Messaging (version unknown). Affected is an unknown code block of the component System Management Interface. Upgrading eliminates this...
Auteur: VulDB

django-celery-results up to 1.2.1 Cleartext information disclosure

A vulnerability, which was classified as problematic, has been found in django-celery-results up to 1.2.1 (Content Management System). This issue affects an unknown code. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GNOME gnome-shell up to 3.36.4 Password Box information disclosure

A vulnerability classified as problematic was found in GNOME gnome-shell up to 3.36.4. This vulnerability affects an unknown part of the component Password Box Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

radare2 4.5.0 Signature libr/util/x509.c IMAGE_DIRECTORY_ENTRY_SECURITY Segmentation Fault memory corruption

A vulnerability classified as critical has been found in radare2 4.5.0. This affects some unknown functionality of the file libr/util/x509.c of the component Signature Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Turcom TRCwifiZone up to 2020-08-10 Redirect manage/control.php weak authentication

A vulnerability was found in Turcom TRCwifiZone up to 2020-08-10. It has been rated as critical. Affected by this issue is an unknown functionality of the file manage/control.php of the component Redirect Handler. There is no information about...
Auteur: VulDB

Telegram Desktop up to 2.1.13 Protection Mechanism Filename spoofing

A vulnerability was found in Telegram Desktop up to 2.1.13. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Protection Mechanism. There is no information about possible countermeasures...
Auteur: VulDB

Firejail up to 0.9.62 command injection [CVE-2020-17368]

A vulnerability was found in Firejail up to 0.9.62. It has been classified as critical. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Firejail up to 0.9.62 command injection [CVE-2020-17367]

A vulnerability was found in Firejail up to 0.9.62 and classified as critical. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Temi Application up to 1.3.7931 on Android Default Credentials weak authentication

A vulnerability has been found in Temi Application up to 1.3.7931 on Android and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

QEMU up to 5.0.0 hw/net/net_tx_pkt.c net_tx_pkt_add_raw_fragment Network Packet Assertion denial of service

A vulnerability, which was classified as problematic, was found in QEMU up to 5.0.0. This affects the function net_tx_pkt_add_raw_fragment of the file hw/net/net_tx_pkt.c. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Soplanning 1.46.01 Persistent cross site scripting

A vulnerability, which was classified as problematic, has been found in Soplanning 1.46.01. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Symphony CMS 3.0.0 content.blueprintsevents.php appendSubheading fields['name'] cross site scripting

A vulnerability classified as problematic was found in Symphony CMS 3.0.0. Affected by this vulnerability is the function appendSubheading of the file content/content.blueprintsevents.php. There is no information about possible countermeasures...
Auteur: VulDB

Teradici PCoIP Standard Agent/Graphics Agent prior 20.04.1 Broker Protocol Message Crash denial of service

A vulnerability classified as problematic has been found in Teradici PCoIP Standard Agent and Graphics Agent. Affected is an unknown function of the component Broker Protocol Message Handler. Upgrading to version 20.04.1 eliminates this...
Auteur: VulDB

Teradici PCoIP Standard Agent/Graphics Agent prior 20.04.1 on Windows Signature Validation privilege escalation

A vulnerability was found in Teradici PCoIP Standard Agent and Graphics Agent on Windows. It has been rated as critical. This issue affects some unknown processing of the component Signature Validation. Upgrading to version 20.04.1 eliminates...
Auteur: VulDB

Teradici PCoIP Standard Agent/Graphics Agent prior 20.04.0/20.07.0 on Windows Support Bundler privilege escalation

A vulnerability was found in Teradici PCoIP Standard Agent and Graphics Agent on Windows. It has been declared as critical. This vulnerability affects an unknown code block of the component Support Bundler. Upgrading to version 20.04.0 or 20.07.0...
Auteur: VulDB

Teradici Cloud Access Connector up to 16 Management Interface Stored cross site scripting

A vulnerability was found in Teradici Cloud Access Connector and Cloud Access Connector Legacy up to 16 (Cloud Software). It has been classified as problematic. This affects an unknown code of the component Management Interface. There is no...
Auteur: VulDB
12345678910Last

Événements SSI