Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cisco Data Center Network Manager Web-based Management Interface Request information disclosure

A vulnerability was found in Cisco Data Center Network Manager (unknown version) and classified as problematic. This issue affects an unknown code of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface HTTP Header cross site scripting

A vulnerability has been found in Cisco Data Center Network Manager (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown part of the component Web-based Management Interface. Upgrading eliminates...
Auteur: VulDB

CERTFR-2020-AVI-480 : [SCADA] Mul​tiples vulnérabilités dans Schneider Electric Triconex (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Schneider Electric Triconex. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

Cisco Data Center Network Manager REST API Endpoint privilege escalation

A vulnerability, which was classified as critical, was found in Cisco Data Center Network Manager (the affected version unknown). This affects some unknown functionality of the component REST API Endpoint. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Endpoint command injection

A vulnerability, which was classified as critical, has been found in Cisco Data Center Network Manager (affected version not known). Affected by this issue is an unknown functionality of the component REST API Endpoint. Upgrading eliminates this...
Auteur: VulDB

Cisco Data Center Network Manager Archive Utility Archive File directory traversal

A vulnerability classified as critical was found in Cisco Data Center Network Manager (affected version unknown). Affected by this vulnerability is an unknown function of the component Archive Utility. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Session Token weak encryption

A vulnerability classified as critical has been found in Cisco Data Center Network Manager (version unknown). Affected is some unknown processing of the component REST API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application command injection

A vulnerability was found in Cisco Data Center Network Manager (unknown version). It has been rated as critical. This issue affects an unknown code block of the component Device Manager Application. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application weak authentication

A vulnerability was found in Cisco Data Center Network Manager (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code of the component Device Manager Application. Upgrading eliminates this...
Auteur: VulDB

Cisco SD-WAN Solution memory corruption [CVE-2020-3375]

A vulnerability was found in Cisco SD-WAN Solution (the affected version unknown). It has been classified as critical. This affects an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN vManage Web-based Management Interface HTTP Requests weak authentication

A vulnerability was found in Cisco SD-WAN vManage (affected version not known) and classified as critical. Affected by this issue is some unknown functionality of the component Web-based Management Interface. Upgrading eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-479 : Multiples vulnérabilités dans Mozilla Thunderbird (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2020-AVI-478 : Multiples vulnérabilités dans Foxit Reader et PhantomPDF (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Foxit Reader et PhantomPDF. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability has been found in DaviewIndy up to 8.98.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file Daview.exe. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability, which was classified as critical, was found in DaviewIndy up to 8.98.4. Affected is an unknown function of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

DaviewIndy up to 8.98.7 Daview.exe Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in DaviewIndy up to 8.98.7. This issue affects some unknown processing of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

HPE Intelligent Provisioning grub2 Code Execution [CVE-2020-7205]

A vulnerability classified as critical was found in HPE Intelligent Provisioning, Service Pack for ProLiant and HPE Scripting ToolKit (the affected version is unknown). This vulnerability affects an unknown code block of the component grub2....
Auteur: VulDB

Linux Kernel up to 5.7.11 RNG drivers/char/random.c information disclosure

A vulnerability classified as problematic has been found in Linux Kernel up to 5.7.11 (Operating System). This affects an unknown code of the file drivers/char/random.c of the component RNG. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

SpringBlade up to 2.7.1 DAO/DTO /api/blade-log/api/list asc/desc sql injection

A vulnerability was found in SpringBlade up to 2.7.1. It has been rated as critical. Affected by this issue is an unknown part of the file /api/blade-log/api/list of the component DAO/DTO. There is no information about possible countermeasures...
Auteur: VulDB

RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 Access Restriction privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Access Restriction. There is no information about...
Auteur: VulDB

RIPE NCC RPKI Validator prior 3.1-2020.07.06.14.28 RRDP Fetch privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator. It has been classified as critical. Affected is an unknown functionality of the component RRDP Fetch Handler. Upgrading to version 3.1-2020.07.06.14.28 eliminates this vulnerability.
Auteur: VulDB

RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 CRL Revoked Certificate weak authentication [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 and classified as critical. This issue affects an unknown function of the component CRL Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Nagios Log Server up to 2.1.6 Notification Methods Stored cross site scripting

A vulnerability has been found in Nagios Log Server up to 2.1.6 (Log Management Software) and classified as problematic. This vulnerability affects some unknown processing of the component Notification Methods Handler. Upgrading to version 2.1.7...
Auteur: VulDB

DP3T-Backend-SDK up to 1.1.0 JWT alg DP3T privilege escalation

A vulnerability, which was classified as problematic, was found in DP3T-Backend-SDK up to 1.1.0. This affects an unknown code block of the component JWT Handler. Upgrading to version 1.1.1 eliminates this vulnerability. A possible mitigation has...
Auteur: VulDB

Hashicorp Terraform Enterprise up to 202006-1 Signup Page privilege escalation

A vulnerability, which was classified as critical, has been found in Hashicorp Terraform Enterprise up to 202006-1. Affected by this issue is an unknown code of the component Signup Page. Upgrading to version 202007-1 eliminates this...
Auteur: VulDB
First234567891011Last

Événements SSI