Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Western Digital iNAND up to 2020-06-03 authentication replay

A vulnerability, which was classified as critical, has been found in Western Digital iNAND up to 2020-06-03. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

GitLab Enterprise Edition up to 13.3.8/13.4.4/13.5.1 Schedule denial of service

A vulnerability classified as problematic was found in GitLab Enterprise Edition up to 13.3.8/13.4.4/13.5.1 (Bug Tracking Software). This vulnerability affects an unknown functionality of the component Schedule Handler. Upgrading to version...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 13.3.8/13.4.4/13.5.1 Project Maintainer state issue

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 13.3.8/13.4.4/13.5.1 (Bug Tracking Software). This affects an unknown function of the component Project Maintainer Handler....
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 13.3.8/13.4.4/13.5.1 Multipart Protection information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.3.8/13.4.4/13.5.1 (Bug Tracking Software). It has been rated as problematic. Affected by this issue is some unknown processing of the component Multipart...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 13.3.8/13.4.4/13.5.1 LFS Upload CE/EE path traversal

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.3.8/13.4.4/13.5.1 (Bug Tracking Software). It has been declared as critical. Affected by this vulnerability is an unknown code block of the file CE/EE of the...
Auteur: VulDB

Symantec Endpoint Detection & Response up to 4.4 information disclosure

A vulnerability was found in Symantec Endpoint Detection & Response up to 4.4. It has been classified as problematic. Affected is an unknown code. Upgrading to version 4.5 eliminates this vulnerability.
Auteur: VulDB

Libapreq2 up to 2.13 Multipart Parser denial of service

A vulnerability was found in Libapreq2 up to 2.13 and classified as problematic. This issue affects an unknown part of the component Multipart Parser. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Valve Game Networking Sockets up to 1.1.x Negative Offset SNP_ReceiveUnreliableSegment memory corruption

A vulnerability has been found in Valve Game Networking Sockets up to 1.1.x and classified as critical. This vulnerability affects the function SNP_ReceiveUnreliableSegment of the component Negative Offset Handler. Upgrading to version 1.2.0...
Auteur: VulDB

IBM MQ Appliance 9.1.CD/9.1.LTS Segmented Message denial of service

A vulnerability, which was classified as problematic, was found in IBM MQ Appliance 9.1.CD/9.1.LTS. This affects an unknown functionality of the component Segmented Message Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Cisco IoT Field Network Director API missing authentication [CVE-2020-3392]

A vulnerability, which was classified as critical, has been found in Cisco IoT Field Network Director (affected version not known). Affected by this issue is an unknown function of the component API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Secure Web Appliance Log Subscription Subsystem os command injection

A vulnerability classified as critical was found in Cisco Secure Web Appliance (affected version unknown). Affected by this vulnerability is some unknown processing of the component Log Subscription Subsystem. Upgrading eliminates this...
Auteur: VulDB

Werkzeug up to 0.11.5 URL redirect

A vulnerability classified as problematic has been found in Werkzeug up to 0.11.5. Affected is an unknown code block of the component URL Handler. Upgrading to version 0.11.6 eliminates this vulnerability.
Auteur: VulDB

Google Go up to 1.14.11/1.15.4 allows argument injection

A vulnerability was found in Google Go up to 1.14.11/1.15.4 (Programming Language Software). It has been rated as critical. This issue affects an unknown code. Upgrading to version 1.14.12 or 1.15.5 eliminates this vulnerability.
Auteur: VulDB

Google Go up to 1.14.11/1.15.4 code injection [CVE-2020-28366]

A vulnerability was found in Google Go up to 1.14.11/1.15.4 (Programming Language Software). It has been declared as critical. This vulnerability affects an unknown part. Upgrading to version 1.14.12 or 1.15.5 eliminates this vulnerability. The...
Auteur: VulDB

Google Go up to 1.14.11/1.15.3 certificate validation [CVE-2020-28362]

A vulnerability was found in Google Go up to 1.14.11/1.15.3 (Programming Language Software). It has been classified as critical. This affects some unknown functionality. Upgrading to version 1.14.12 or 1.15.4 eliminates this vulnerability. The...
Auteur: VulDB

cxuucms 3 search.php keywords sql injection

A vulnerability was found in cxuucms 3 and classified as critical. Affected by this issue is an unknown functionality of the file search.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

TP-LINK TL-WPA4220 2/3/4 POST Request /admin/syslog denial of service

A vulnerability has been found in TP-LINK TL-WPA4220 2/3/4 (Router Operating System) and classified as problematic. Affected by this vulnerability is an unknown function of the file /admin/syslog of the component POST Request Handler. Upgrading...
Auteur: VulDB

Cisco Webex Meeting API cross site scriting [CVE-2020-27126]

A vulnerability, which was classified as problematic, was found in Cisco Webex Meeting (Unified Communication Software) (version unknown). Affected is some unknown processing of the component API. Upgrading eliminates this vulnerability.
Auteur: VulDB

Trusted Computing Group Trusted Platform Module Library Family up to 1.59 initialization

A vulnerability, which was classified as critical, has been found in Trusted Computing Group Trusted Platform Module Library Family up to 1.59 (Software Library). There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

RSA Archer up to 6.8.0.3/6.9 URL cross site scripting

A vulnerability classified as problematic was found in RSA Archer up to 6.8.0.3/6.9 (Risk Management System). This vulnerability affects an unknown code of the component URL Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Planet Technology Corp NVR-915/NVR-1615 Telnet Server hard-coded credentials

A vulnerability classified as very critical has been found in Planet Technology Corp NVR-915 and NVR-1615 (the affected version unknown). This affects an unknown part of the component Telnet Server. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director Web UI cross site scripting

A vulnerability was found in Cisco IoT Field Network Director (affected version not known). It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web UI. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director JSON access control [CVE-2020-26080]

A vulnerability was found in Cisco IoT Field Network Director (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component JSON Handler. Upgrading eliminates this...
Auteur: VulDB

Cisco IoT Field Network Director credentials storage [CVE-2020-26079]

A vulnerability was found in Cisco IoT Field Network Director (version unknown). It has been classified as problematic. Affected is an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco IoT Field Network Director API file inclusion [CVE-2020-26078]

A vulnerability was found in Cisco IoT Field Network Director (unknown version) and classified as critical. This issue affects some unknown processing of the component API. Upgrading eliminates this vulnerability.
Auteur: VulDB
First45678910111213Last

Événements SSI