lundi 6 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-399 : Multiples vulnérabilités dans F5 BIG-IP (01 juillet 2020)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la...
Auteur: Cert FR

Apache SkyWalking up to 6.6.0/7.0.0 H2/MySQL/TiDB Parameter sql injection

A vulnerability was found in Apache SkyWalking up to 6.6.0/7.0.0. It has been declared as critical. Affected by this vulnerability is an unknown function of the component H2/MySQL/TiDB. There is no information about possible countermeasures...
Auteur: VulDB

DaView Indy/DaVa+/DaOffice JPEG Image Parser Stack-based memory corruption

A vulnerability was found in DaView Indy, DaVa+ and DaOffice (version unknown). It has been classified as critical. Affected is some unknown processing of the component JPEG Image Parser. There is no information about possible countermeasures...
Auteur: VulDB

Nozomi Networks OS up to 19.0.3 network privilege escalation

A vulnerability was found in Nozomi Networks OS up to 19.0.3 and classified as critical. This issue affects an unknown code block of the file /#/network?tab=network_node_list.html. Upgrading to version 19.0.4 eliminates this vulnerability.
Auteur: VulDB

xrdp-sesman Service up to 0.9.13.0 Service Port 3350 Crash denial of service

A vulnerability has been found in xrdp-sesman Service up to 0.9.13.0 and classified as problematic. This vulnerability affects an unknown code of the component Service Port 3350. Upgrading to version 0.9.13.1 eliminates this vulnerability.
Auteur: VulDB

DrayTek Vigor3900/Vigor2960/Vigor300B up to 1.5.0 cvmcfgupload Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in DrayTek Vigor3900, Vigor2960 and Vigor300B up to 1.5.0 (Router Operating System). This affects an unknown part of the file cgi-bin/mainfunction.cgi/cvmcfgupload. Upgrading to version...
Auteur: VulDB

MISP 2.4.128 ACL Check EventsController.php privilege escalation

A vulnerability, which was classified as critical, has been found in MISP 2.4.128. Affected by this issue is some unknown functionality of the file app/Controller/EventsController.php of the component ACL Check Handler. Upgrading to version...
Auteur: VulDB

MISP 2.4.128 ACL Check AttributesController.php privilege escalation

A vulnerability classified as critical was found in MISP 2.4.128. Affected by this vulnerability is an unknown functionality of the file app/Controller/AttributesController.php of the component ACL Check Handler. There is no information about...
Auteur: VulDB

IObit Malware Fighter Pro 8.0.2.547 Object Manager privilege escalation

A vulnerability classified as critical has been found in IObit Malware Fighter Pro 8.0.2.547 (Anti-Malware Software). Affected is an unknown function of the component Object Manager. There is no information about possible countermeasures known....
Auteur: VulDB

CakePHP up to 4.0.5 CSRF Token Generator cross site request forgery

A vulnerability was found in CakePHP up to 4.0.5. It has been rated as problematic. This issue affects some unknown processing of the component CSRF Token Generator. Upgrading to version 4.0.6 eliminates this vulnerability.
Auteur: VulDB

HylaFAX+/HylaFAX Enterprise up to 7.0.2 /var/spool/hylafax privilege escalation

A vulnerability was found in HylaFAX+ and HylaFAX Enterprise up to 7.0.2. It has been declared as critical. This vulnerability affects an unknown code block of the file /var/spool/hylafax. There is no information about possible countermeasures...
Auteur: VulDB

HylaFAX+/HylaFAX Enterprise up to 7.0.2 faxsetup Utility race condition privilege escalation

A vulnerability was found in HylaFAX+ and HylaFAX Enterprise up to 7.0.2. It has been classified as critical. This affects an unknown code of the component faxsetup Utility. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Nozomi Guardian up to 19.0.3 Web Front End Stored cross site scripting

A vulnerability was found in Nozomi Guardian up to 19.0.3 and classified as problematic. Affected by this issue is an unknown part of the component Web Front End. Upgrading to version 19.0.4 eliminates this vulnerability.
Auteur: VulDB

Presto up to 336 Internal API weak authentication

A vulnerability has been found in Presto up to 336 and classified as critical. Affected by this vulnerability is some unknown functionality of the component Internal API. Upgrading to version 337 eliminates this vulnerability.
Auteur: VulDB

Saleor Storefront up to 2.10.2 Cache privilege escalation

A vulnerability, which was classified as critical, was found in Saleor Storefront up to 2.10.2. Affected is an unknown functionality of the component Cache Handler. Upgrading to version 2.10.3 eliminates this vulnerability.
Auteur: VulDB

express-jwt up to 5.3.3 on npm privilege escalation [CVE-2020-15084]

A vulnerability, which was classified as critical, has been found in express-jwt up to 5.3.3 on npm. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Squid Web Proxy up to 4.11/5.0.2 ContentLengthInterpreter.cc HTTP Request privilege escalation

A vulnerability classified as critical was found in Squid Web Proxy up to 4.11/5.0.2 (Firewall Software). This vulnerability affects some unknown processing of the file http/ContentLengthInterpreter.cc. Upgrading to version 4.12 or 5.0.3...
Auteur: VulDB

Windows Cleaning Assistant 3.2 Driver AtpKrnl.sys memory corruption

A vulnerability classified as critical has been found in Windows Cleaning Assistant 3.2. This affects an unknown code block in the library AtpKrnl.sys of the component Driver. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Windows Cleaning Assistant 3.2 Driver AtpKrnl.sys memory corruption

A vulnerability was found in Windows Cleaning Assistant 3.2. It has been rated as critical. Affected by this issue is an unknown code in the library AtpKrnl.sys of the component Driver. There is no information about possible countermeasures...
Auteur: VulDB

Delta Industrial Automation DOPSoft up to 4.00.08.15 Project File Heap-based memory corruption

A vulnerability was found in Delta Industrial Automation DOPSoft up to 4.00.08.15 (Automation Software). It has been declared as critical. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures...
Auteur: VulDB

Cellebrite UFED Physical Device up to 7.5.0.845 Default Key weak encryption

A vulnerability was found in Cellebrite UFED Physical Device up to 7.5.0.845. It has been classified as problematic. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Squid Web Proxy up to 5.2 Synchronization Ipc::Mem::PageStack::pop denial of service

A vulnerability was found in Squid Web Proxy up to 5.2 (Firewall Software) and classified as problematic. This issue affects the function Ipc::Mem::PageStack::pop of the component Synchronization. Upgrading to version 5.3 eliminates this...
Auteur: VulDB

Squid Web Proxy up to 4.11/5.0.2 Certificate Validation Helper TLS Connection denial of service

A vulnerability has been found in Squid Web Proxy up to 4.11/5.0.2 (Firewall Software) and classified as problematic. This vulnerability affects an unknown function of the component Certificate Validation Helper. Upgrading to version 4.12 or...
Auteur: VulDB

Little Snitch up to 4.5.1 Code Execution [CVE-2020-13095]

A vulnerability, which was classified as critical, was found in Little Snitch up to 4.5.1. This affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Activision Infinity Ward Call of Duty Modern Warfare 2 up to 2019-12-11 PartyHost_HandleJoinPartyRequest memory corruption

A vulnerability, which was classified as critical, has been found in Activision Infinity Ward Call of Duty Modern Warfare 2 up to 2019-12-11. Affected by this issue is the function PartyHost_HandleJoinPartyRequest. There is no information about...
Auteur: VulDB
First3456789101112Last

Événements SSI