Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

iSmartgate Pro 1.5.9 /index.php cross site request forgery

A vulnerability was found in iSmartgate Pro 1.5.9. It has been classified as problematic. This affects some unknown functionality of the file /index.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SOAP FavoritesService.asmx HTTP Request sql injection

A vulnerability was found in AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 and classified as critical. Affected by this issue is an unknown functionality of the file FavoritesService.asmx of the component SOAP Handler. There is no...
Auteur: VulDB

Check Point Security Management CA Web Management privilege escalation

A vulnerability has been found in Check Point Security Management (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function of the component CA Web Management. Upgrading eliminates this...
Auteur: VulDB

Linux Kernel up to 5.8.1 NFC Socket net/nfc/rawsock.c privilege escalation

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.8.1 (Operating System). Affected is some unknown processing of the file net/nfc/rawsock.c of the component NFC Socket Handler. Upgrading to version 5.8.2...
Auteur: VulDB

Gemtek WRTM-127ACN/WRTM-127x9 Monitor Diagnostic Network Page privilege escalation

A vulnerability, which was classified as critical, has been found in Gemtek WRTM-127ACN and WRTM-127x9 (unknown version). This issue affects an unknown code block of the component Monitor Diagnostic Network Page. There is no information about...
Auteur: VulDB

Untis WebUntis up to 2020.9.5 cross site scripting [CVE-2020-22453]

A vulnerability classified as problematic was found in Untis WebUntis up to 2020.9.5. This vulnerability affects an unknown code. Upgrading to version 2020.9.6 eliminates this vulnerability.
Auteur: VulDB

Telmat AccessLog up to 6.0 Administration Panel Code Injection privilege escalation

A vulnerability classified as very critical has been found in Telmat AccessLog up to 6.0. This affects an unknown part of the component Administration Panel. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Telmat AccessLog up to 6.0 Login Page Code Injection privilege escalation

A vulnerability was found in Telmat AccessLog up to 6.0. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Login Page. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Liferay Portal URL Encoding privilege escalation [CVE-2020-15840]

A vulnerability was found in Liferay Portal, Liferay Portal EE and Liferay Portal DXP (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component URL Encoding Handler....
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx psAttribute sql injection

A vulnerability was found in AVEVA eDNA Enterprise Data Historian (version unknown). It has been classified as critical. Affected is an unknown function of the file ednareporting.asmx of the component SOAP Handler. There is no information about...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Web Service Alias.asmx AliasName sql injection

A vulnerability was found in AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 and classified as critical. This issue affects some unknown processing of the file Alias.asmx of the component Web Service. There is no information about...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Web Service Alias.asmx HTTP Requests sql injection

A vulnerability has been found in AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 and classified as critical. This vulnerability affects an unknown code block of the file Alias.asmx of the component Web Service. There is no...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx psClass sql injection

A vulnerability, which was classified as critical, was found in AVEVA eDNA Enterprise Data Historian (the affected version unknown). This affects an unknown code of the file ednareporting.asmx of the component SOAP Handler. There is no...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx AttFilterValue sql injection

A vulnerability, which was classified as critical, has been found in AVEVA eDNA Enterprise Data Historian (affected version not known). Affected by this issue is an unknown part of the file ednareporting.asmx of the component SOAP Handler. There...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian SOAP ednareporting.asmx AttFilterName sql injection

A vulnerability classified as critical was found in AVEVA eDNA Enterprise Data Historian (affected version unknown). Affected by this vulnerability is some unknown functionality of the file ednareporting.asmx of the component SOAP Handler. There...
Auteur: VulDB

AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 Web Service DNAPoints.asmx HTTP Request sql injection

A vulnerability classified as critical has been found in AVEVA eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Affected is an unknown functionality of the file DNAPoints.asmx of the component Web Service. There is no information about...
Auteur: VulDB

Fortinet FortiGate up to 6.4.0 Log privilege escalation

A vulnerability was found in Fortinet FortiGate up to 6.4.0 (Firewall Software). It has been rated as critical. This issue affects an unknown function of the component Log Handler. Upgrading to version 6.4.1 eliminates this vulnerability.
Auteur: VulDB

Fortinet FortiAnalyzer up to 6.2.4/6.4.0 Name cross site scripting

A vulnerability was found in Fortinet FortiAnalyzer up to 6.2.4/6.4.0. It has been declared as problematic. This vulnerability affects some unknown processing. Upgrading to version 6.2.5 or 6.4.1 eliminates this vulnerability.
Auteur: VulDB

Fortinet FortiNAC up to 8.7.1 Stored cross site scripting

A vulnerability was found in Fortinet FortiNAC up to 8.7.1. It has been classified as problematic. This affects an unknown code block. Upgrading to version 8.7.2 eliminates this vulnerability.
Auteur: VulDB

iSmartgate Pro 1.5.9 /isg/opendoor.php cross site request forgery

A vulnerability was found in iSmartgate Pro 1.5.9 and classified as problematic. Affected by this issue is an unknown code of the file /isg/opendoor.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

CERTFR-2020-AVI-598 : Multiples vulnérabilités dans Apple Safari (24 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Apple Safari. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-597 : Multiples vulnérabilités dans Wireshark (24 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-596 : Vulnérabilité dans le noyau Linux de Red Hat (24 septembre 2020)

Une vulnérabilité a été découverte dans le noyau Linux de Red Hat. Elle permet à un attaquant de provoquer un déni de service et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-595 : Multiples vulnérabilités dans les produits Fortinet (24 septembre 2020)

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-594 : Multiples vulnérabilités dans Citrix Hypervisor (XenServer) (24 septembre 2020)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor (XenServer). Elles permettent à un attaquant de provoquer un déni de service.

Auteur: Cert FR
12345678910Last

Événements SSI