lundi 6 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Solarwinds Serv-U FTP Server up to 15.2.0 Argument Path unknown vulnerability

A vulnerability was found in Solarwinds Serv-U FTP Server up to 15.2.0 and classified as problematic. This issue affects some unknown processing of the component Argument Path Handler. Upgrading to version 15.2.1 eliminates this vulnerability.
Auteur: VulDB

Solarwinds Serv-U FTP Server up to 15.2.0 CHMOD Command unknown vulnerability

A vulnerability has been found in Solarwinds Serv-U FTP Server up to 15.2.0 and classified as problematic. This vulnerability affects an unknown code block of the component CHMOD Command Handler. Upgrading to version 15.2.1 eliminates this...
Auteur: VulDB

Solarwinds Serv-U FTP Server up to 15.2.0 Command privilege escalation

A vulnerability, which was classified as critical, was found in Solarwinds Serv-U FTP Server up to 15.2.0. This affects an unknown code. Upgrading to version 15.2.1 eliminates this vulnerability.
Auteur: VulDB

We-com OpenData CMS 2.0 Administrator Login Page username sql injection

A vulnerability, which was classified as critical, has been found in We-com OpenData CMS 2.0. Affected by this issue is an unknown part of the component Administrator Login Page. There is no information about possible countermeasures known. It...
Auteur: VulDB

We-com Municipality Portal CMS 2.1.x cerca/ keywords sql injection

A vulnerability classified as critical was found in We-com Municipality Portal CMS 2.1.x. Affected by this vulnerability is some unknown functionality of the file cerca/. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

We-com Municipality Portal CMS 2.1.x Search Bar cerca/ cross site scripting

A vulnerability classified as problematic has been found in We-com Municipality Portal CMS 2.1.x. Affected is an unknown functionality of the file cerca/ of the component Search Bar. There is no information about possible countermeasures known....
Auteur: VulDB

Vanguard Plugin 2.1 on WordPress Search Box mails/new cross site scripting

A vulnerability was found in Vanguard Plugin 2.1 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown function of the component Search Box. There is no information about possible countermeasures known....
Auteur: VulDB

Bestsoft Hotel Booking System Pro Plugin up to 1.1 on WordPress Persistent cross site scripting

A vulnerability was found in Bestsoft Hotel Booking System Pro Plugin up to 1.1 on WordPress (Hospitality Software). It has been declared as problematic. This vulnerability affects some unknown processing. There is no information about possible...
Auteur: VulDB

Bestsoft Car Rental System Plugin up to 1.3 on WordPress Persistent cross site scripting

A vulnerability was found in Bestsoft Car Rental System Plugin up to 1.3 on WordPress (WordPress Plugin). It has been classified as problematic. This affects an unknown code block. There is no information about possible countermeasures known. It...
Auteur: VulDB

Valve Steam Client 2.10.91.91 Permission privilege escalation

A vulnerability was found in Valve Steam Client 2.10.91.91 and classified as critical. Affected by this issue is an unknown code of the file %PROGRAMFILES(X86)%\Steam of the component Permission. There is no information about possible...
Auteur: VulDB

GOG Galaxy 2.0.17 File Permission privilege escalation

A vulnerability has been found in GOG Galaxy 2.0.17 and classified as critical. Affected by this vulnerability is an unknown part of the component File Permission. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

GOG Galaxy 2.0.17 File Permission privilege escalation

A vulnerability, which was classified as critical, was found in GOG Galaxy 2.0.17. Affected is some unknown functionality of the component File Permission. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Python up to 3.6.10/3.7.8/3.8.4rc1/3.9.0b4 on Windows python3.dll Search Path privilege escalation

A vulnerability, which was classified as critical, has been found in Python up to 3.6.10/3.7.8/3.8.4rc1/3.9.0b4 on Windows. This issue affects an unknown functionality in the library python3.dll. There is no information about possible...
Auteur: VulDB

Wireshark 3.2.0/3.2.1/3.2.2/3.2.3/3.2.4 GVCP Dissector packet-gvcp.c denial of service

A vulnerability classified as problematic was found in Wireshark 3.2.0/3.2.1/3.2.2/3.2.3/3.2.4. This vulnerability affects an unknown function of the file epan/dissectors/packet-gvcp.c of the component GVCP Dissector. There is no information...
Auteur: VulDB

CERTFR-2020-ALE-015 : Vulnérabilité dans F5 BIG-IP (05 juillet 2020)

Le 1er juillet 2020, F5 Networks a publié un avis de sécurité [1] concernant la vulnérabilité CVE-2020-5902. Cette vulnérabilité permet à un attaquant non authentifié (ou un utilisateur authentifié) ayant un accès réseau à l'interface...
Auteur: Cert FR

F5 Critical Vulnerability (CERT-EU Security Advisory 2020-031)

A new vulnerability has been discovered in the configuration interface of the BIG-IP application delivery controller (ADC) used by some of the world's biggest companies. Attackers can run commands as an unauthorized user and completely compromise...
Auteur: Cert EU

McAfee Network Security Management up to 10.1.7 Command Line Interface information disclosure

A vulnerability classified as problematic has been found in McAfee Network Security Management up to 10.1.7. This affects some unknown processing of the component Command Line Interface. Upgrading to version 10.1.7.7 eliminates this vulnerability.
Auteur: VulDB

McAfee Total Protection up to 16.0.R25 Symbolic Link privilege escalation

A vulnerability was found in McAfee Total Protection up to 16.0.R25. It has been rated as critical. Affected by this issue is an unknown code block of the component Symbolic Link Handler. Upgrading to version 16.0.R26 eliminates this...
Auteur: VulDB

McAfee Total Protection up to 16.0.R25 Symbolic Link privilege escalation

A vulnerability was found in McAfee Total Protection up to 16.0.R25. It has been declared as critical. Affected by this vulnerability is an unknown code of the component Symbolic Link Handler. Upgrading to version 16.0.R26 eliminates this...
Auteur: VulDB

McAfee Total Protection up to 16.0.R25 Symbolic Link privilege escalation

A vulnerability was found in McAfee Total Protection up to 16.0.R25. It has been classified as critical. Affected is an unknown part of the component Symbolic Link Handler. Upgrading to version 16.0.R26 eliminates this vulnerability.
Auteur: VulDB

Veeam Availability Suite/Backup & Replication up to 9.x VeeamFSR.sys privilege escalation

A vulnerability was found in Veeam Availability Suite and Backup & Replication up to 9.x (Backup Software) and classified as critical. This issue affects some unknown functionality in the library VeeamFSR.sys. Upgrading to version 10.0 eliminates...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.5.3/8.6.1/8.7.0 File Upload cross site scripting

A vulnerability has been found in Atlassian JIRA Server and Data Center up to 8.5.3/8.6.1/8.7.0 (Bug Tracking Software) and classified as problematic. This vulnerability affects an unknown functionality of the component File Upload. Upgrading to...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.8.0 Web Resources Manager Injection privilege escalation

A vulnerability, which was classified as critical, was found in Atlassian JIRA Server and Data Center up to 8.8.0 (Bug Tracking Software). This affects an unknown function of the component Web Resources Manager. Upgrading to version 8.8.1...
Auteur: VulDB

MAVLink 1.0 weak authentication [CVE-2020-10282]

A vulnerability, which was classified as critical, has been found in MAVLink 1.0. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

MAVLink 1.0 weak encryption [CVE-2020-10281]

A vulnerability classified as problematic was found in MAVLink 1.0. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB
12345678910Last

Événements SSI