Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

TP-LINK Archer C9 1.180125 symlink [CVE-2020-5797]

A vulnerability was found in TP-LINK Archer C9 1.180125. It has been rated as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Xpdf 4.02 SplashOutputDev.cc endType3Char use after free

A vulnerability was found in Xpdf 4.02 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is the function SplashOutputDev::endType3Char of the file SplashOutputDev.cc. There is no information about...
Auteur: VulDB

Paradox IP150 5.02.09 buffer overflow [CVE-2020-25185]

A vulnerability was found in Paradox IP150 5.02.09. It has been classified as critical. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Netis Korea D'live AP 1.1.10 Time Setting ntpServerlp1 command injection

A vulnerability was found in Netis Korea D'live AP 1.1.10 and classified as critical. This issue affects some unknown processing of the component Time Setting Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Sterling B2B Integrator Standard Edition up to 6.0.3.2 inadequate encryption

A vulnerability has been found in IBM Sterling B2B Integrator Standard Edition up to 6.0.3.2 (Business Process Management Software) and classified as problematic. This vulnerability affects an unknown code block.
Auteur: VulDB

IBM DB2 Accessories Suite/DB2/DB2 Connect Server 9.7/10.1/10.5/11.1/11.5 untrusted search path

A vulnerability, which was classified as critical, was found in IBM DB2 Accessories Suite, DB2 and DB2 Connect Server 9.7/10.1/10.5/11.1/11.5 (Database Software). This affects an unknown code.
Auteur: VulDB

VMware ESXi up to 6.4/6.5/6.6 System Call Remote Privilege Escalation

A vulnerability, which was classified as critical, has been found in VMware ESXi up to 6.4/6.5/6.6 (Virtualization Software). Affected by this issue is an unknown part of the component System Call Handler. Upgrading to version 6.5, 6.7 or 7.0...
Auteur: VulDB

VMware ESXi/Workstation/Fusion XHCI USB Controller use after free

A vulnerability classified as critical was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version unknown). Affected by this vulnerability is some unknown functionality of the component XHCI USB Controller....
Auteur: VulDB

Linux Kernel up to 5.9.6 fbcon drivers/tty/vt/vt.c KD_FONT_OP_COPY out-of-bounds read

A vulnerability classified as problematic has been found in Linux Kernel up to 5.9.6 (Operating System). Affected is the function KD_FONT_OP_COPY of the file drivers/tty/vt/vt.c of the component fbcon. Upgrading to version 5.9.7 eliminates this...
Auteur: VulDB

TP-LINK WDR7400 devDiscoverHandle Server copy_msg_element buffer overflow

A vulnerability was found in TP-LINK WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N and WR708N. It has been rated as critical. This issue affects the function...
Auteur: VulDB

Netskope 75.0 Admin Portal csv injection

A vulnerability was found in Netskope 75.0. It has been declared as critical. This vulnerability affects some unknown processing of the component Admin Portal. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ScratchVerifier improper authentication [CVE-2020-26236]

A vulnerability was found in ScratchVerifier (the affected version unknown). It has been classified as critical. This affects an unknown code block. Applying a patch is able to eliminate this problem. The bugfix is ready for download at...
Auteur: VulDB

NetIQ Identity Manager up to 4.8 SP2 injection [CVE-2020-25839]

A vulnerability was found in NetIQ Identity Manager up to 4.8 SP2 and classified as critical. Affected by this issue is an unknown code. Upgrading to version 4.8 SP2 HF1 eliminates this vulnerability.
Auteur: VulDB

PDFResurrect up to 0.19 Header Validation pdf_get_version heap-based buffer overflow

A vulnerability has been found in PDFResurrect up to 0.19 and classified as critical. Affected by this vulnerability is the function pdf_get_version of the component Header Validation Handler. Upgrading to version 0.20 eliminates this...
Auteur: VulDB

libvips up to 8.8.1 im_vips2dz.c im_vips2dz uninitialized pointer

A vulnerability, which was classified as critical, was found in libvips up to 8.8.1. Affected is the function im_vips2dz in the library /libvips/libvips/deprecated/im_vips2dz.c. Upgrading to version 8.8.2 eliminates this vulnerability. Applying a...
Auteur: VulDB

libsixel 1.8.6 fromgif.c gif_out_code array index

A vulnerability, which was classified as critical, has been found in libsixel 1.8.6. This issue affects the function gif_out_code of the file fromgif.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ImageMagick 7.0.10-7 coders/xpm.c ReadXPMImage buffer overflow

A vulnerability classified as critical was found in ImageMagick 7.0.10-7 (Image Processing Software). This vulnerability affects the function ReadXPMImage of the file coders/xpm.c. There is no information about possible countermeasures known. It...
Auteur: VulDB

Drupal up to 7.73/8.8.10/8.9.8/9.0.7 File unrestricted upload

A vulnerability classified as critical has been found in Drupal up to 7.73/8.8.10/8.9.8/9.0.7 (Content Management System). This affects some unknown processing of the component File Handler. Upgrading to version 7.74, 8.8.11, 8.9.9 or 9.0.8...
Auteur: VulDB

CERTFR-2020-AVI-768 : Multiples vulnérabilités dans F5 BIG-IP (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-767 : Multiples vulnérabilités dans les produits VMware (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans VMware les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-766 : Multiples vulnérabilités dans Microsoft Edge (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-765 : Vulnérabilité dans IBM Db2 (20 novembre 2020)

Une vulnérabilité a été découverte dans IBM Db2. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2020-AVI-764 : Multiples vulnérabilités dans le noyau Linux de SUSE (20 novembre 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des...
Auteur: Cert FR

Mitsubishi Electric MELSEC iQ-R resource consumption [CVE-2020-5668]

A vulnerability was found in Mitsubishi Electric MELSEC iQ-R (affected version not known). It has been rated as problematic. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Power9 L1 Cache information disclosure [CVE-2020-4788]

A vulnerability was found in IBM Power9 (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown code of the component L1 Cache Handler.
Auteur: VulDB
First45678910111213Last

Événements SSI