Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-424 : [SCADA] Multiples vulnérabilités dans Moxa MGate (10 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Moxa MGate. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Auteur: Cert FR

Serious MobileIron Vulnerabilities (CERT-EU Security Advisory 2020-033)

Recently, an independent security researcher reported to MobileIron that he had identified vulnerabilities in MobileIron Core that could allow an attacker to execute remote exploits without authentication. MobileIron has now issued patches for...
Auteur: Cert EU

CERTFR-2020-AVI-423 : Vulnérabilité dans PHP (10 juillet 2020)

Une vulnérabilité a été découverte dans PHP. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-422 : Vulnérabilité dans Mozilla Firefox (10 juillet 2020)

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

D-Link DIR-610 command.php cmd privilege escalation

A vulnerability was found in D-Link DIR-610 (Router Operating System) (version unknown). It has been classified as critical. Affected is an unknown functionality of the file command.php. The problem might be mitigated by replacing the product...
Auteur: VulDB

D-Link DIR-610 getcfg.php information disclosure

A vulnerability was found in D-Link DIR-610 (Router Operating System) (unknown version) and classified as problematic. This issue affects an unknown function of the file getcfg.php. There is no information about possible countermeasures known. It...
Auteur: VulDB

SockJS up to 0.3.19 Upgrade Header Crash denial of service

A vulnerability has been found in SockJS up to 0.3.19 and classified as problematic. This vulnerability affects some unknown processing of the component Upgrade Handler. Upgrading to version 0.3.20 eliminates this vulnerability.
Auteur: VulDB

google-oauth-java-client up to 1.30.x PKCE Request privilege escalation

A vulnerability, which was classified as critical, was found in google-oauth-java-client up to 1.30.x (Programming Language Software). This affects an unknown code block of the component PKCE Handler. Upgrading to version 1.31.0 eliminates this...
Auteur: VulDB

FreeBSD up to 11.4/12.1 PATH privilege escalation

A vulnerability, which was classified as critical, has been found in FreeBSD up to 11.4/12.1 (Operating System). Affected by this issue is an unknown code. Applying a patch is able to eliminate this problem.
Auteur: VulDB

FreeBSD 11.3/11.4/12.1 Synchronization Code Execution memory corruption

A vulnerability classified as critical was found in FreeBSD 11.3/11.4/12.1 (Operating System). Affected by this vulnerability is an unknown part of the component Synchronization. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Dell EMC iDRAC9 up to 4.20.20 Parameter directory traversal

A vulnerability classified as critical has been found in Dell EMC iDRAC9 up to 4.20.20. Affected is some unknown functionality. Upgrading to version 4.20.20.20 eliminates this vulnerability.
Auteur: VulDB

IBM InfoSphere Information Server 11.3/11.5/11.7 Deserialization privilege escalation

A vulnerability was found in IBM InfoSphere Information Server 11.3/11.5/11.7 (Reporting Software). It has been rated as critical. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may...
Auteur: VulDB

IBM Guardium Activity Insights 10.6/11.0 information disclosure

A vulnerability was found in IBM Guardium Activity Insights 10.6/11.0. It has been declared as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Redgate SQL Monitor up to 10.1.6 TLS Certificate Validation weak authentication

A vulnerability was found in Redgate SQL Monitor up to 10.1.6. It has been classified as problematic. This affects some unknown processing of the component TLS Certificate Validation. There is no information about possible countermeasures known....
Auteur: VulDB

kingcomposer Plugin up to 2.9.4 on WordPress kc-online-preset-data Reflected cross site scripting

A vulnerability was found in kingcomposer Plugin up to 2.9.4 on WordPress and classified as problematic. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

tough Library up to 0.7.0 Signature Validation weak authentication

A vulnerability has been found in tough Library up to 0.7.0 and classified as critical. Affected by this vulnerability is an unknown code of the component Signature Validation. Upgrading to version 0.7.1 eliminates this vulnerability.
Auteur: VulDB

TimelineJS up to 3.6.x Stored cross site scripting

A vulnerability, which was classified as problematic, was found in TimelineJS up to 3.6.x. Affected is an unknown part. Upgrading to version 3.7.0 eliminates this vulnerability.
Auteur: VulDB

Yubico YubiKey up to 5.2.6/5.3.1 OTP Application information disclosure

A vulnerability, which was classified as problematic, has been found in Yubico YubiKey up to 5.2.6/5.3.1. This issue affects some unknown functionality of the component OTP Application. There is no information about possible countermeasures...
Auteur: VulDB

Yubico YubiKey up to 5.2.6 PIN Management weak authentication

A vulnerability classified as problematic was found in Yubico YubiKey up to 5.2.6. This vulnerability affects an unknown functionality of the component PIN Management. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Atlassian Bitbucket Server up to 7.2.3 Man-in-the-Middle weak encryption

A vulnerability classified as problematic has been found in Atlassian Bitbucket Server up to 7.2.3. This affects an unknown function. Upgrading to version 7.2.4 eliminates this vulnerability.
Auteur: VulDB

Atlassian Bitbucket Server up to 5.3.x Webhooks Request Server-Side Request Forgery

A vulnerability was found in Atlassian Bitbucket Server up to 5.3.x. It has been rated as critical. Affected by this issue is some unknown processing of the component Webhooks. Upgrading to version 5.4.0 eliminates this vulnerability.
Auteur: VulDB

Mods for HESK up to 2019.1.0 Access Control Code Execution

A vulnerability was found in Mods for HESK up to 2019.1.0. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Access Control. There is no information about possible countermeasures known. It...
Auteur: VulDB

Mods for HESK up to 2019.1.0 Time-Based sql injection

A vulnerability was found in Mods for HESK up to 2019.1.0. It has been classified as critical. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Mods for HESK up to 2019.1.0 Stored cross site scripting

A vulnerability was found in Mods for HESK up to 2019.1.0 and classified as problematic. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Yubico libykpiv up to 2.1.0 Error lib/util.c ykpiv_util_generate_key denial of service

A vulnerability has been found in Yubico libykpiv up to 2.1.0 and classified as problematic. This vulnerability affects the function ykpiv_util_generate_key in the library lib/util.c of the component Error Handler. There is no information about...
Auteur: VulDB
First398399400401402403404405406407Last

Événements SSI