Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2021-AVI-256 : [SCADA] Multiples vulnérabilités dans les produits Siemens SCALANCE (14 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Siemens SCALANCE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2021-AVI-255 : [SCADA] Multiples vulnérabilités dans les produits Siemens (14 avril 2021)

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de...
Auteur: Cert FR

Lenovo XClarity Controller XCC Configuration Backup backup/restore cleartext transmission

A vulnerability classified as problematic has been found in Lenovo XClarity Controller (version unknown). Affected is an unknown code of the file backup/restore of the component XCC Configuration Backup Handler. There is no information about...
Auteur: VulDB

Lenovo Power Management Driver prior 1.67.17.54 on Windows null pointer dereference

A vulnerability was found in Lenovo Power Management Driver on Windows (Hardware Driver Software). It has been rated as problematic. This issue affects an unknown part. Upgrading to version 1.67.17.54 eliminates this vulnerability.
Auteur: VulDB

Lenovo Power Management Driver prior 1.67.17.54 on Windows Device Object default permission

A vulnerability was found in Lenovo Power Management Driver on Windows (Hardware Driver Software). It has been declared as critical. This vulnerability affects some unknown functionality of the component Device Object Handler. Upgrading to...
Auteur: VulDB

Motorola MH702x prior 2.0.0.301 Communication Channel certificate validation

A vulnerability was found in Motorola MH702x. It has been classified as problematic. This affects an unknown functionality of the component Communication Channel Handler. Upgrading to version 2.0.0.301 eliminates this vulnerability.
Auteur: VulDB

Grav up to 1.7.10 Twig Processing code injection

A vulnerability was found in Grav up to 1.7.10 and classified as critical. Affected by this issue is an unknown function of the component Twig Processing. Upgrading to version 1.7.11 eliminates this vulnerability.
Auteur: VulDB

Grav Admin Plugin up to 1.10.10 /admin authorization

A vulnerability has been found in Grav Admin Plugin up to 1.10.10 and classified as critical. Affected by this vulnerability is some unknown processing of the file /admin. Upgrading to version 1.10.11 eliminates this vulnerability.
Auteur: VulDB

Nextcloud Dialogs Library up to 3.1.1 on npm Toast cross site scripting

A vulnerability, which was classified as problematic, was found in Nextcloud Dialogs Library up to 3.1.1 on npm (Software Library). Affected is an unknown code block of the component Toast Handler. Upgrading to version 3.1.2 eliminates this...
Auteur: VulDB

ScratchOAuth2 authorization [CVE-2021-29437]

A vulnerability, which was classified as critical, has been found in ScratchOAuth2 (unknown version). This issue affects an unknown code. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
Auteur: VulDB

Anuko Time Tracker prior 1.19.27.5431 common.php.lib ttMitigateCSRF cross-site request forgery

A vulnerability classified as problematic was found in Anuko Time Tracker. This vulnerability affects the function ttMitigateCSRF in the library /WEB-INF/lib/common.php.lib. Upgrading to version 1.19.27.5431 eliminates this vulnerability....
Auteur: VulDB

trestle-auth 0.4.0/0.4.1 cross-site request forgery [CVE-2021-29435]

A vulnerability classified as problematic has been found in trestle-auth 0.4.0/0.4.1. This affects some unknown functionality. Upgrading to version 0.4.2 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The...
Auteur: VulDB

Gradle up to 6.x on Unix temp file [CVE-2021-29428]

A vulnerability was found in Gradle up to 6.x on Unix. It has been rated as critical. Affected by this issue is an unknown functionality. Upgrading to version 7.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Gradle up to 6.x unknown vulnerability [CVE-2021-29427]

A vulnerability was found in Gradle up to 6.x. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 7.0 eliminates this vulnerability. The upgrade is hosted for download at...
Auteur: VulDB

Thanos-Soft Cheetah Browser 1.2.0 on Android Intent Scheme cross site scripting

A vulnerability was found in Thanos-Soft Cheetah Browser 1.2.0 on Android (Android App Software). It has been classified as problematic. Affected is some unknown processing of the component Intent Scheme Handler. There is no information about...
Auteur: VulDB

mongo-express Collection Exception denial of service [CVE-2021-23372]

A vulnerability was found in mongo-express (unknown version) and classified as problematic. This issue affects an unknown code block of the component Collection Exception Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Ampache up to 4.4.0 Subsonic API access control

A vulnerability has been found in Ampache up to 4.4.0 and classified as critical. This vulnerability affects an unknown code of the component Subsonic API. Upgrading to version 4.4.1 eliminates this vulnerability.
Auteur: VulDB

Xerox AltaLink C8070 prior 103.xxx.030.32000 hard-coded password

A vulnerability, which was classified as critical, was found in Xerox AltaLink B8045, AltaLink B8055, AltaLink B8065, AltaLink B8075, AltaLink B8090, AltaLink C8030, AltaLink C8035, AltaLink C8045, AltaLink C8055 and AltaLink C8070. This affects...
Auteur: VulDB

HEUR.Hoax.Win32.FrauDrop.gen C:\newdnswatch\ permission

A vulnerability, which was classified as critical, has been found in HEUR.Hoax.Win32.FrauDrop.gen (affected version not known). Affected by this issue is some unknown functionality of the file C:\newdnswatch\. There is no information about...
Auteur: VulDB

Trojan.Win32.Agent.zfgh C:\drv\ permission

A vulnerability classified as critical was found in Trojan.Win32.Agent.zfgh (affected version unknown). Affected by this vulnerability is an unknown functionality of the file C:\drv\. There is no information about possible countermeasures known....
Auteur: VulDB

Trojan.Win32.Jorik.qje C:\oDetnlQD\ permission

A vulnerability classified as critical has been found in Trojan.Win32.Jorik.qje (version unknown). Affected is an unknown function of the file C:\oDetnlQD\. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SAP Focused RUN 200/300 oData Service improper authorization

A vulnerability was found in SAP Focused RUN 200/300. It has been rated as critical. This issue affects some unknown processing of the component oData Service. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SAP HCM Travel Management Fiori Apps 608 information disclosure

A vulnerability was found in SAP HCM Travel Management Fiori Apps 608 (Human Capital Management Software). It has been declared as problematic. This vulnerability affects an unknown code block. There is no information about possible...
Auteur: VulDB

SAP NetWeaver AS ABAP 731/740/750 SPI_WAIT_MILLIS denial of service

A vulnerability was found in SAP NetWeaver AS ABAP 731/740/750 (Solution Stack Software). It has been classified as problematic. This affects an unknown code of the component SPI_WAIT_MILLIS. There is no information about possible countermeasures...
Auteur: VulDB

SAP Commerce 1808/1811/1905/2005/2011 Backoffice Application injection

A vulnerability was found in SAP Commerce 1808/1811/1905/2005/2011 and classified as critical. Affected by this issue is an unknown part of the component Backoffice Application. There is no information about possible countermeasures known. It may...
Auteur: VulDB
First45678910111213Last

Événements SSI