Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Red Hat Satellite 6 Cache File information disclosure

A vulnerability classified as problematic has been found in Red Hat Satellite 6. This affects an unknown functionality of the component Cache File Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Red Hat OpenStack Platform 16 Virtual Machine nova_libvirt privilege escalation

A vulnerability was found in Red Hat OpenStack Platform 16. It has been rated as critical. Affected by this issue is an unknown function in the library nova_libvirt of the component Virtual Machine. There is no information about possible...
Auteur: VulDB

Qualcomm PLC Firmware HPAV2 privilege escalation [CVE-2020-3681]

A vulnerability was found in Qualcomm PLC Firmware (Firmware Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component HPAV2 Handler. Upgrading eliminates...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface sql injection

A vulnerability was found in Cisco Data Center Network Manager (version unknown). It has been classified as critical. Affected is an unknown code block of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface Request information disclosure

A vulnerability was found in Cisco Data Center Network Manager (unknown version) and classified as problematic. This issue affects an unknown code of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface HTTP Header cross site scripting

A vulnerability has been found in Cisco Data Center Network Manager (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown part of the component Web-based Management Interface. Upgrading eliminates...
Auteur: VulDB

CERTFR-2020-AVI-480 : [SCADA] Mul​tiples vulnérabilités dans Schneider Electric Triconex (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Schneider Electric Triconex. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

Cisco Data Center Network Manager REST API Endpoint privilege escalation

A vulnerability, which was classified as critical, was found in Cisco Data Center Network Manager (the affected version unknown). This affects some unknown functionality of the component REST API Endpoint. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Endpoint command injection

A vulnerability, which was classified as critical, has been found in Cisco Data Center Network Manager (affected version not known). Affected by this issue is an unknown functionality of the component REST API Endpoint. Upgrading eliminates this...
Auteur: VulDB

Cisco Data Center Network Manager Archive Utility Archive File directory traversal

A vulnerability classified as critical was found in Cisco Data Center Network Manager (affected version unknown). Affected by this vulnerability is an unknown function of the component Archive Utility. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager REST API Session Token weak encryption

A vulnerability classified as critical has been found in Cisco Data Center Network Manager (version unknown). Affected is some unknown processing of the component REST API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application command injection

A vulnerability was found in Cisco Data Center Network Manager (unknown version). It has been rated as critical. This issue affects an unknown code block of the component Device Manager Application. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Data Center Network Manager Device Manager Application weak authentication

A vulnerability was found in Cisco Data Center Network Manager (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code of the component Device Manager Application. Upgrading eliminates this...
Auteur: VulDB

Cisco SD-WAN Solution memory corruption [CVE-2020-3375]

A vulnerability was found in Cisco SD-WAN Solution (the affected version unknown). It has been classified as critical. This affects an unknown part. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco SD-WAN vManage Web-based Management Interface HTTP Requests weak authentication

A vulnerability was found in Cisco SD-WAN vManage (affected version not known) and classified as critical. Affected by this issue is some unknown functionality of the component Web-based Management Interface. Upgrading eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-479 : Multiples vulnérabilités dans Mozilla Thunderbird (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2020-AVI-478 : Multiples vulnérabilités dans Foxit Reader et PhantomPDF (31 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Foxit Reader et PhantomPDF. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability has been found in DaviewIndy up to 8.98.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file Daview.exe. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

DaviewIndy up to 8.98.4 Daview.exe Heap-based memory corruption

A vulnerability, which was classified as critical, was found in DaviewIndy up to 8.98.4. Affected is an unknown function of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

DaviewIndy up to 8.98.7 Daview.exe Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in DaviewIndy up to 8.98.7. This issue affects some unknown processing of the file Daview.exe. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

HPE Intelligent Provisioning grub2 Code Execution [CVE-2020-7205]

A vulnerability classified as critical was found in HPE Intelligent Provisioning, Service Pack for ProLiant and HPE Scripting ToolKit (the affected version is unknown). This vulnerability affects an unknown code block of the component grub2....
Auteur: VulDB

Linux Kernel up to 5.7.11 RNG drivers/char/random.c information disclosure

A vulnerability classified as problematic has been found in Linux Kernel up to 5.7.11 (Operating System). This affects an unknown code of the file drivers/char/random.c of the component RNG. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

SpringBlade up to 2.7.1 DAO/DTO /api/blade-log/api/list asc/desc sql injection

A vulnerability was found in SpringBlade up to 2.7.1. It has been rated as critical. Affected by this issue is an unknown part of the file /api/blade-log/api/list of the component DAO/DTO. There is no information about possible countermeasures...
Auteur: VulDB

RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28 Access Restriction privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator up to 3.1-2020.07.06.14.28. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Access Restriction. There is no information about...
Auteur: VulDB

RIPE NCC RPKI Validator prior 3.1-2020.07.06.14.28 RRDP Fetch privilege escalation [Disputed]

A vulnerability was found in RIPE NCC RPKI Validator. It has been classified as critical. Affected is an unknown functionality of the component RRDP Fetch Handler. Upgrading to version 3.1-2020.07.06.14.28 eliminates this vulnerability.
Auteur: VulDB
First3456789101112Last

Événements SSI