lundi 30 mars 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

TP-LINK AC1750 A7 190726 tdpServer Service slave_mac privilege escalation

A vulnerability has been found in TP-LINK AC1750 A7 190726 and classified as critical. Affected by this vulnerability is an unknown code of the component tdpServer Service. Upgrading to version ZDI-CAN-9650 eliminates this vulnerability.
Auteur: VulDB

TP-LINK AC1750 A7 190726 DNS Response Stack-based memory corruption

A vulnerability, which was classified as very critical, was found in TP-LINK AC1750 A7 190726. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

openITCOCKPIT up to 3.7.2 GrafanaConfigurationController.php TCP Request Server-Side Request Forgery

A vulnerability, which was classified as critical, has been found in openITCOCKPIT up to 3.7.2. This issue affects some unknown functionality of the file app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php. Upgrading to version...
Auteur: VulDB

openITCOCKPIT up to 3.7.2 cross site scripting [CVE-2020-10790]

A vulnerability classified as problematic was found in openITCOCKPIT up to 3.7.2. This vulnerability affects an unknown functionality. Upgrading to version 3.7.3 eliminates this vulnerability.
Auteur: VulDB

openITCOCKPIT up to 3.7.2 Web-based Terminal SudoMessageInterface.php privilege escalation

A vulnerability classified as critical has been found in openITCOCKPIT up to 3.7.2. This affects an unknown function in the library app/Lib/SudoMessageInterface.php of the component Web-based Terminal. Upgrading to version 3.7.3 eliminates this...
Auteur: VulDB

openITCOCKPIT up to 3.7.2 API Key weak authentication

A vulnerability was found in openITCOCKPIT up to 3.7.2. It has been rated as critical. Affected by this issue is some unknown processing of the component API Key Handler. Upgrading to version 3.7.3 eliminates this vulnerability.
Auteur: VulDB

Asus Device Activation prior 1.0.7.0 on Windows DevActSvc.exe Code Execution

A vulnerability was found in Asus Device Activation on Windows. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file DevActSvc.exe. Upgrading to version 1.0.7.0 eliminates this vulnerability.
Auteur: VulDB

Gigabyte APP Center up to 19.0227.0 gdrv.sys Code Execution

A vulnerability was found in Gigabyte APP Center up to 19.0227.0. It has been classified as critical. Affected is an unknown code in the library gdrv.sys. Upgrading to version 19.0227.1 eliminates this vulnerability.
Auteur: VulDB

TechPowerUp GPU-Z up to 2.22.x GPU-Z.sys Code Execution

A vulnerability was found in TechPowerUp GPU-Z up to 2.22.x and classified as critical. This issue affects an unknown part in the library GPU-Z.sys. Upgrading to version 2.23.0 eliminates this vulnerability.
Auteur: VulDB

AIDA64 up to 5.98 kerneld.sys Code Execution

A vulnerability has been found in AIDA64 up to 5.98 and classified as critical. This vulnerability affects some unknown functionality in the library kerneld.sys. Upgrading to version 5.99 eliminates this vulnerability.
Auteur: VulDB

Moo0 System Monitor 1.83 WinRing0x64.sys Code Execution

A vulnerability, which was classified as critical, was found in Moo0 System Monitor 1.83. This affects an unknown functionality in the library WinRing0x64.sys. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

GNU Patch up to 2.7.6 Incomplete Fix CVE-2018-6952 pch.c another_hunk denial of service

A vulnerability, which was classified as problematic, has been found in GNU Patch up to 2.7.6. Affected by this issue is the function another_hunk of the file pch.c of the component Incomplete Fix CVE-2018-6952. There is no information about...
Auteur: VulDB

Tribal SITS:Vision 9.7.0 weak authentication [CVE-2019-19127]

A vulnerability classified as critical was found in Tribal SITS:Vision 9.7.0. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Harris Ormed Self Service up to 2019.1.3 RetrieveW2EntriesForEmployee information disclosure

A vulnerability classified as problematic has been found in Harris Ormed Self Service up to 2019.1.3. Affected is an unknown code block of the file ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee. Upgrading to version 2019.1.4...
Auteur: VulDB

Recherches sur le COVID-19 : la CNIL se mobilise

Dans le contexte de crise sanitaire actuelle, plusieurs acteurs de la santé souhaitent mettre en œuvre rapidement des projets de recherche portant sur le COVID-19.
Auteur: Cnil

CERTFR-2020-AVI-170 : Multiples vulnérabilités dans Apple (25 mars 2020)

De multiples vulnérabilités ont été découvertes dans Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Apple Releases Security Updates

Original release date: March 25, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

Adobe Releases Security Update for Creative Cloud Desktop Application

Original release date: March 25, 2020Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

KDE okular up to 1.9.x Action Link PDF Document Code Execution

A vulnerability was found in KDE okular up to 1.9.x. It has been rated as critical. This issue affects an unknown code of the component Action Link Handler. Upgrading to version 1.10.0 eliminates this vulnerability.
Auteur: VulDB

ZendTo up to 5.22-1 Session Cookie lib/NSSDropbox.php Request privilege escalation

A vulnerability was found in ZendTo up to 5.22-1. It has been declared as critical. This vulnerability affects an unknown part in the library lib/NSSDropbox.php of the component Session Cookie Handler. Upgrading to version 5.22-2 Beta eliminates...
Auteur: VulDB

ZendTo up to 5.22-1 Reflected cross site scripting

A vulnerability was found in ZendTo up to 5.22-1. It has been classified as problematic. This affects some unknown functionality. Upgrading to version 5.22-2 Beta eliminates this vulnerability.
Auteur: VulDB

ZendTo up to 5.22-1 lib/NSSDropbox.php X-Forwarded-For spoofing

A vulnerability was found in ZendTo up to 5.22-1 and classified as critical. Affected by this issue is an unknown functionality in the library lib/NSSDropbox.php. Upgrading to version 5.22-2 Beta eliminates this vulnerability.
Auteur: VulDB

Moxa EDS-G516E up to 5.2 Code Execution [CVE-2020-7007]

A vulnerability has been found in Moxa EDS-G516E up to 5.2 and classified as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Honeywell WIN-PAK up to 4.7.2 cross site request forgery [CVE-2020-7005]

A vulnerability, which was classified as problematic, was found in Honeywell WIN-PAK up to 4.7.2. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Moxa ioLogik 2500/IOxpress Configuration Utility weak encryption

A vulnerability, which was classified as problematic, has been found in Moxa ioLogik 2500 and IOxpress Configuration Utility (unknown version). This issue affects an unknown code block. There is no information about possible countermeasures...
Auteur: VulDB
First234567891011Last

Événements SSI