jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/SetSpeedWan speed_dir memory corruption

A vulnerability, which was classified as critical, was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. This affects an unknown code block of the file /goform/SetSpeedWan of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/addressNat entrys/mitInterface memory corruption

A vulnerability, which was classified as critical, has been found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. Affected by this issue is an unknown code of the file /goform/addressNat of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/openSchedWifi schedStartTime/schedEndTime memory corruption

A vulnerability classified as critical was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. Affected by this vulnerability is an unknown part of the file /goform/openSchedWifi of the component httpd. There is no information about possible...
Auteur: VulDB

jw.util Package up to 2.2 on Python YAML OS Command Injection privilege escalation

A vulnerability classified as critical has been found in jw.util Package up to 2.2 on Python. Affected is some unknown functionality of the component YAML Handler. Upgrading to version 2.3 eliminates this vulnerability.
Auteur: VulDB

Mozilla Thunderbird up to 68.7.x Unicode Encoding Email Address spoofing

A vulnerability was found in Mozilla Thunderbird up to 68.7.x (Mail Client Software). It has been rated as critical. This issue affects an unknown functionality of the component Unicode Encoding. Upgrading to version 68.8.0 eliminates this...
Auteur: VulDB

Composr 10.0.30 Security Configuration Persistent cross site scripting

A vulnerability was found in Composr 10.0.30. It has been declared as problematic. This vulnerability affects an unknown function of the component Security Configuration. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Kaoni ezHTTPTrans up to 1.0.0.70 ActiveX Control Ezhttptrans.ocx Argument Remote Code Execution

A vulnerability was found in Kaoni ezHTTPTrans up to 1.0.0.70. It has been classified as critical. This affects some unknown processing of the file Ezhttptrans.ocx of the component ActiveX Control. There is no information about possible...
Auteur: VulDB

Epson EB-1470Ui HTTP Requests weak authentication [CVE-2020-6091]

A vulnerability was found in Epson EB-1470Ui (affected version not known) and classified as critical. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Kylin REST API OS Command Injection privilege escalation

A vulnerability has been found in Kylin (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown code of the component REST API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Puma Gem up to 3.12.4/4.3.3 on Ruby HTTP Smuggling privilege escalation

A vulnerability, which was classified as critical, has been found in Puma Gem up to 3.12.4/4.3.3 on Ruby. This issue affects some unknown functionality. Upgrading to version 3.12.5 or 4.3.4 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel up to 5.6 SELinux Subsystem ebitmap_netlbl_import denial of service

A vulnerability classified as problematic was found in Linux Kernel up to 5.6. This vulnerability affects the function ebitmap_netlbl_import of the component SELinux Subsystem. Upgrading to version 5.7 eliminates this vulnerability.
Auteur: VulDB

Puma Gem up to 3.12.5/4.3.4 on Ruby privilege escalation [CVE-2020-11077]

A vulnerability, which was classified as critical, was found in Puma Gem up to 3.12.5/4.3.4 on Ruby. Affected is an unknown part. Upgrading to version 3.12.6 or 4.3.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-314 : Vulnérabilité dans Microsoft Edge (22 mai 2020)

Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-313 : Multiples vulnérabilités dans les produits Cisco (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-312 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-311 : Multiples vulnérabilités dans le noyau Linux de Red Hat (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-310 : Multiples vulnérabilités dans Drupal (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans Drupal. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-309 : Vulnérabilité dans Apple Xcode (22 mai 2020)

Une vulnérabilité a été découverte dans Apple Xcode. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

Cisco AMP for Endpoints Linux Crafted Packet memory corruption

A vulnerability classified as critical has been found in Cisco AMP for Endpoints Linux and AMP for Endpoints Mac Connector (the affected version unknown). This affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco AMP for Endpoints Linux Crafted Packet memory corruption

A vulnerability was found in Cisco AMP for Endpoints Linux and AMP for Endpoints Mac Connector (affected version not known). It has been rated as critical. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco AMP for Endpoints Mac Connector Scan Engine Crash denial of service

A vulnerability was found in Cisco AMP for Endpoints Mac Connector (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component Scan Engine. Upgrading eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-308 : Vulnérabilité dans Fortinet FortiAnalyzer et FortiManager (22 mai 2020)

Une vulnérabilité a été découverte dans Fortinet FortiAnalyzer et FortiManager. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Cisco Unified Contact Center Express Java Remote Management Interface Serialized Java Object privilege escalation

A vulnerability was found in Cisco Unified Contact Center Express (version unknown). It has been classified as critical. Affected is an unknown code of the component Java Remote Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Prime Network Registrar DHCP Server DHCP Request Restart denial of service

A vulnerability was found in Cisco Prime Network Registrar (unknown version) and classified as problematic. This issue affects an unknown part of the component DHCP Server. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Prime Collaboration Provisioning Web-based Management Interface sql injection

A vulnerability has been found in Cisco Prime Collaboration Provisioning (Groupware Software) (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component Web-based...
Auteur: VulDB
12345678910Last

Événements SSI