Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

NEC UM8000/UM4730 Telephone User Interface Bruteforce weak authentication

A vulnerability, which was classified as problematic, was found in NEC UM8000 and UM4730 (version unknown). Affected is an unknown code block of the component Telephone User Interface. There is no information about possible countermeasures known....
Auteur: VulDB

NEC UM8000 privilege escalation [CVE-2019-20030]

A vulnerability, which was classified as critical, has been found in NEC UM8000 (unknown version). This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

NEC SV8100/SV9100/SL1100/SL2100 WebPro privilege escalation [CVE-2019-20029]

A vulnerability classified as critical was found in NEC SV8100, SV9100, SL1100 and SL2100 (the affected version is unknown). This vulnerability affects an unknown part of the component WebPro. There is no information about possible...
Auteur: VulDB

NEC SV8100/SV9100/SL1100/SL2100 Administration Interface information disclosure

A vulnerability classified as problematic has been found in NEC SV8100, SV9100, SL1100 and SL2100 (the affected version unknown). This affects some unknown functionality of the component Administration Interface. There is no information about...
Auteur: VulDB

NEC SV8100/SV9100/SL1100/SL2100 7.0 weak authentication [CVE-2019-20027]

A vulnerability was found in NEC SV8100, SV9100, SL1100 and SL2100 7.0. It has been rated as critical. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

NEC SV9100 7.0 WebPro Interface Request Credentials denial of service

A vulnerability was found in NEC SV9100 7.0. It has been declared as critical. Affected by this vulnerability is an unknown function of the component WebPro Interface. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

NEC SV9100 Default Credentials weak authentication [CVE-2019-20025]

A vulnerability was found in NEC SV9100 (version unknown). It has been classified as critical. Affected is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Critical Vulnerabilities in Cisco Products (CERT-EU Security Advisory 2020-039)

On 29th of July, Cisco released several security updates to address security vulnerabilities including three critical ones: an authentication bypass (CVE-2020-3382), a buffer overflow (CVE-2020-3375), and an authorization bypass (CVE-2020-3374)....
Auteur: Cert EU

Critical Wordpress Plugin Vulnerability (CERT-EU Security Advisory 2020-038)

On 19th of June, Wordfence Threat Intelligence team discovered a vulnerability that affects Wordpress plugin Comments – wpDiscuz. This flaw gives unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve...
Auteur: Cert EU

CERTFR-2020-AVI-476 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (30 juillet 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-475 : Multiples vulnérabilités dans le noyau Linux de SUSE (30 juillet 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-474 : Multiples vulnérabilités dans le noyau Linux de Red Hat (30 juillet 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2020-AVI-473 : Multiples vulnérabilités dans Google Chrome OS (30 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-472 : Multiples vulnérabilités dans les produits Cisco (30 juillet 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

grub2 Config File Parser grub.cfg memory corruption

A vulnerability was found in grub2 (unknown version) and classified as critical. This issue affects an unknown code block of the file grub.cfg of the component Config File Parser. Upgrading eliminates this vulnerability.
Auteur: VulDB

Magento up to 2.3.5-p1 DOM-Based cross site scripting

A vulnerability, which was classified as problematic, was found in Magento up to 2.3.5-p1. This affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Magento up to 2.3.5-p1 Signature Verification Timing information disclosure

A vulnerability, which was classified as problematic, has been found in Magento up to 2.3.5-p1. Affected by this issue is some unknown functionality of the component Signature Verification Handler. There is no information about possible...
Auteur: VulDB

Magento up to 2.3.5-p1 Code Execution directory traversal

A vulnerability classified as critical was found in Magento up to 2.3.5-p1. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Kubernetes up to 0.27.x ingress-nginx privilege escalation

A vulnerability classified as problematic has been found in Kubernetes up to 0.27.x (Virtualization Software). Affected is an unknown function of the component ingress-nginx. Upgrading to version 0.28.0 eliminates this vulnerability.
Auteur: VulDB

Gerapy up to 0.9.2 popen unknown vulnerability

A vulnerability was found in Gerapy up to 0.9.2. It has been rated as critical. Upgrading to version 0.9.3 eliminates this vulnerability.
Auteur: VulDB

mock2easy _data command injection

A vulnerability was found in mock2easy (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

freeDiameter 1.3.2 Request denial of service

A vulnerability was found in freeDiameter 1.3.2. It has been classified as problematic. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

KonaWiki up to 3.1.0 directory traversal [CVE-2020-5614]

A vulnerability was found in KonaWiki up to 3.1.0 (Content Management System) and classified as critical. Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

KonaWiki up to 3.1.0 URL cross site scripting

A vulnerability has been found in KonaWiki up to 3.1.0 and classified as problematic. Affected by this vulnerability is some unknown functionality of the component URL Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

KonaWiki up to 2.2.0 URL cross site scripting

A vulnerability, which was classified as problematic, was found in KonaWiki up to 2.2.0. Affected is an unknown functionality of the component URL Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB
First3456789101112Last

Événements SSI