Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Group File Def.exe out-of-bounds write

A vulnerability was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). It has been rated as critical. Affected by this issue is an unknown functionality of the file Def.exe of the component Configuration Group File...
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Def.exe memory corruption

A vulnerability was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). It has been declared as critical. Affected by this vulnerability is an unknown function of the file Def.exe of the component Configuration Handler....
Auteur: VulDB

Schneider Electric IGSS Definition 14.0.0.20247 Configuration Def.exe memory corruption

A vulnerability was found in Schneider Electric IGSS Definition 14.0.0.20247 (SCADA Software). It has been classified as critical. Affected is some unknown processing of the file Def.exe of the component Configuration Handler. There is no...
Auteur: VulDB

Schneider Electric IGSS Definition up to 14.0.0.20247 Def.exe memory corruption

A vulnerability was found in Schneider Electric IGSS Definition up to 14.0.0.20247 (SCADA Software) and classified as critical. This issue affects an unknown code block of the file Def.exe. There is no information about possible countermeasures...
Auteur: VulDB

Schneider Electric EcoStruxure Operator Terminal Expert privileges management

A vulnerability has been found in Schneider Electric EcoStruxure Operator Terminal Expert (SCADA Software) (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code. There is no information about...
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator improper check for unusual conditions

A vulnerability, which was classified as problematic, was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (the affected version unknown). This affects an unknown part of the component PLC Simulator. There is no information...
Auteur: VulDB

BigBlueButton up to 2.2.28 Control Character ApiController.groovy unknown vulnerability

A vulnerability, which was classified as problematic, has been found in BigBlueButton up to 2.2.28. Affected by this issue is some unknown functionality of the file web/controllers/ApiController.groovy of the component Control Character Handler....
Auteur: VulDB

BigBlueButton up to 2.2.28 Poll unknown vulnerability [CVE-2020-28953]

A vulnerability classified as problematic was found in BigBlueButton up to 2.2.28. Affected by this vulnerability is an unknown functionality of the component Poll Handler. Upgrading to version 2.2.29 eliminates this vulnerability. The upgrade is...
Auteur: VulDB

Sokrates SOWA SowaSQL up to 5.6.1 OPAC sowacgi.php typ cross site scripting

A vulnerability classified as problematic has been found in Sokrates SOWA SowaSQL up to 5.6.1. Affected is an unknown function of the file sowacgi.php of the component OPAC. Upgrading to version 5.6.2 eliminates this vulnerability.
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator code download

A vulnerability was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (unknown version). It has been rated as problematic. This issue affects some unknown processing of the component PLC Simulator. There is no information...
Auteur: VulDB

Schneider Electric EcoStruxure Control Expert PLC Simulator excessive authentication

A vulnerability was found in Schneider Electric EcoStruxure Control Expert (SCADA Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown code block of the component PLC Simulator....
Auteur: VulDB

EcoStruxure Control Expert PLC Simulator authorization [CVE-2020-28211]

A vulnerability was found in EcoStruxure Control Expert (the affected version unknown). It has been classified as critical. This affects an unknown code of the component PLC Simulator. There is no information about possible countermeasures known....
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation WebStation up to 3.1 Web Page Generation cross site scripting

A vulnerability was found in Schneider Electric EcoStruxure Building Operation WebStation up to 3.1 (SCADA Software) and classified as problematic. Affected by this issue is an unknown part of the component Web Page Generation Handler. There is...
Auteur: VulDB

Schneider Electric EcoStruxure Building Operation Enterprise Server Installer unquoted search path

A vulnerability has been found in Schneider Electric EcoStruxure Building Operation Enterprise Server Installer and EcoStruxure Enterprise Central Installer up to 3.1 on Windows (SCADA Software) and classified as critical. Affected by this...
Auteur: VulDB

Pritunl Electron Client up to 1.2.2550.20 access control [CVE-2020-25989]

A vulnerability, which was classified as critical, was found in Pritunl Electron Client up to 1.2.2550.20. Affected is an unknown functionality. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

OpenWrt up to 18.06.8/19.07.4 libuci file.c uci_parse_package use after free

A vulnerability, which was classified as critical, has been found in OpenWrt up to 18.06.8/19.07.4. This issue affects the function uci_parse_package of the file file.c of the component libuci. Upgrading to version 18.06.9 or 19.07.5 eliminates...
Auteur: VulDB

Archive_Tar up to 1.4.10 Filename unknown vulnerability [CVE-2020-28949]

A vulnerability classified as critical was found in Archive_Tar up to 1.4.10. This vulnerability affects some unknown processing of the component Filename Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Archive_Tar up to 1.4.10 PHAR deserialization

A vulnerability classified as critical has been found in Archive_Tar up to 1.4.10. This affects an unknown code block of the component PHAR Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Linux Kernel up to 5.9.9 Speakup Driver spk_ttyio.c denial of service

A vulnerability was found in Linux Kernel up to 5.9.9 (Operating System). It has been rated as problematic. Affected by this issue is an unknown code of the file drivers/accessibility/speakup/spk_ttyio.c of the component Speakup Driver. Applying...
Auteur: VulDB

Rclone up to 1.53.2 entropy [CVE-2020-28924]

A vulnerability was found in Rclone up to 1.53.2. It has been declared as problematic. Affected by this vulnerability is an unknown part. Upgrading to version 1.53.3 eliminates this vulnerability.
Auteur: VulDB

ZTE ZXHN Z500/ZXHN F670L Rule Configuration tamper input validation

A vulnerability was found in ZTE ZXHN Z500 and ZXHN F670L (version unknown). It has been classified as problematic. Affected is some unknown functionality of the component Rule Configuration Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

MISP 2.4.134 Template Element id cross site scripting

A vulnerability was found in MISP 2.4.134 and classified as problematic. This issue affects an unknown functionality of the component Template Element Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download...
Auteur: VulDB

PrimeKey EJBCA up to 7.4.2 EJBCA Enrollment improper authorization

A vulnerability has been found in PrimeKey EJBCA up to 7.4.2 and classified as critical. This vulnerability affects an unknown function of the component EJBCA Enrollment. Upgrading to version 7.4.3 eliminates this vulnerability.
Auteur: VulDB

Moodle up to 3.7.7/3.8.4/3.9.1 Participants Table Download insertion of sensitive information into sent data

A vulnerability, which was classified as problematic, was found in Moodle up to 3.7.7/3.8.4/3.9.1 (Learning Management Software). This affects some unknown processing of the component Participants Table Download. Upgrading to version 3.9.3,...
Auteur: VulDB

Moodle up to 3.9.0/3.9.1/3.9.2 cross site scripting [CVE-2020-25702]

A vulnerability, which was classified as problematic, has been found in Moodle up to 3.9.0/3.9.1/3.9.2 (Learning Management Software). Affected by this issue is an unknown code block. There is no information about possible countermeasures known....
Auteur: VulDB
12345678910Last

Événements SSI