mardi 7 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Critical Vulnerabilities in Firefox (CERT-EU Security Advisory 2020-020)

On the 3rd of April 2020, Mozilla released an advisory concerning two critical vulnerabilities affecting Firefox browser. According to Mozilla, both vulnerabilities are related to "use-after-free" bugs and have been exploited in the wild in...
Auteur: Cert EU

Apache Web Server Vulnerability (CERT-EU Security Advisory 2020-019)

On the 1st of April 2020, a new vulnerability was made public related to Apache Web server. Apache HTTP Server is prone to an open-redirection vulnerability because it fails to properly validate the redirect URLs. Specifically, this issue affects...
Auteur: Cert EU

CERTFR-2020-ALE-010 : Multiples vulnérabilités dans Mozilla Firefox (06 avril 2020)

Le 3 avril 2020, Mozilla a publié des correctifs pour deux vulnérabilités affectant le navigateur Firefox. Mozilla annonce que ces deux vulnérabilités, qui permettent une exécution de code arbitraire à distance, sont activement exploitées dans le...
Auteur: Cert FR

CERTFR-2020-AVI-187 : Multiples vulnérabilités dans Mozilla Firefox (06 avril 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-186 : Multiples vulnérabilités dans le noyau Linux de SUSE (06 avril 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Auteur: Cert FR

Linux Kernel up to 5.6.2 mm/mempolicy.c mpol_parse_str memory corruption

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.6.2 (Operating System). This issue affects the function mpol_parse_str of the file mm/mempolicy.c. There is no information about possible countermeasures...
Auteur: VulDB

GPAC 0.8.0 MP4Box isomedia/box_code_base.c audio_sample_entry_Read memory corruption

A vulnerability classified as critical was found in GPAC 0.8.0. This vulnerability affects the function audio_sample_entry_Read of the file isomedia/box_code_base.c of the component MP4Box. There is no information about possible countermeasures...
Auteur: VulDB

VU#660597: Periscope BuySpeed is vulnerable to stored cross-site scripting

Periscope BuySpeed is a"tool to automate the full procure-to-pay process efficiently and intelligently". BuySpeed version 14.5 is vulnerable to stored cross-site scripting,which could allow a local,authenticated attacker to store arbitrary...
Auteur: US Cert

Search Meter Plugin up to 2.13.2 on WordPress Search Bar index.php privilege escalation

A vulnerability classified as critical has been found in Search Meter Plugin up to 2.13.2 on WordPress. This affects an unknown function of the file wp-admin/index.php?page=search-meter of the component Search Bar. There is no information about...
Auteur: VulDB

PRTG Network Monitor up to 20.1.57 login.htm type information disclosure

A vulnerability was found in PRTG Network Monitor up to 20.1.57. It has been rated as problematic. Affected by this issue is some unknown processing of the file login.htm. Upgrading to version 20.1.57.1745 eliminates this vulnerability.
Auteur: VulDB

3xLogic Infinias eIDC32 2.213 Web CMD.HTM CMD weak authentication

A vulnerability was found in 3xLogic Infinias eIDC32 2.213. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file CMD.HTM of the component Web. There is no information about possible countermeasures...
Auteur: VulDB

Ivanti Workspace Control up to 10.4 SCCM information disclosure

A vulnerability was found in Ivanti Workspace Control up to 10.4. It has been classified as problematic. Affected is an unknown code of the component SCCM Handler. Upgrading to version 10.4.30.0 eliminates this vulnerability.
Auteur: VulDB

Grav up to 1.6.22 Common/Grav.php Open Redirect

A vulnerability was found in Grav up to 1.6.22 and classified as problematic. This issue affects an unknown part of the file Common/Grav.php. Upgrading to version 1.6.23 eliminates this vulnerability.
Auteur: VulDB

bit2spr 1992-06-07 Bitmap File bit2spr.c conv_bitmap memory corruption

A vulnerability has been found in bit2spr 1992-06-07 and classified as critical. This vulnerability affects the function conv_bitmap of the file bit2spr.c of the component Bitmap File Handler. There is no information about possible...
Auteur: VulDB

Zoho ManageEngine ManageEngine OpManager up to 12.4 URI directory traversal

A vulnerability, which was classified as problematic, was found in Zoho ManageEngine ManageEngine OpManager up to 12.4. This affects an unknown functionality of the component URI Handler. Upgrading to version 12.4.181 eliminates this...
Auteur: VulDB

Zoho ManageEngine ADSelfService Plus up to 5814 Remote Code Execution

A vulnerability, which was classified as critical, has been found in Zoho ManageEngine ADSelfService Plus up to 5814. Affected by this issue is an unknown function. Upgrading to version 5815 eliminates this vulnerability.
Auteur: VulDB

TestLink 1.9.20 File Upload keywordsImport.php privilege escalation

A vulnerability classified as critical was found in TestLink 1.9.20. Affected by this vulnerability is some unknown processing of the file keywordsImport.php of the component File Upload. There is no information about possible countermeasures...
Auteur: VulDB

TestLink 1.9.20 planUrgency.php urgency sql injection

A vulnerability classified as critical has been found in TestLink 1.9.20. Affected is an unknown code block of the file planUrgency.php. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

TestLink 1.9.20 dragdroptreenodes.php node_id sql injection

A vulnerability was found in TestLink 1.9.20. It has been rated as critical. This issue affects an unknown code of the file dragdroptreenodes.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

utils-extend up to 1.0.8 on npm Remote Code Execution [CVE-2020-8147]

A vulnerability was found in utils-extend up to 1.0.8 on npm. It has been declared as critical. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Revive Adserver up to 5.0.4 CSRF Protection GET Parameter cross site request forgery

A vulnerability was found in Revive Adserver up to 5.0.4 (Advertising Software). It has been classified as problematic. This affects some unknown functionality of the component CSRF Protection. Upgrading to version 5.0.5 eliminates this...
Auteur: VulDB

Revive Adserver up to 5.0.4 User Interface privilege escalation

A vulnerability was found in Revive Adserver up to 5.0.4 (Advertising Software) and classified as critical. Affected by this issue is an unknown functionality of the component User Interface. Upgrading to version 5.0.5 eliminates this...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module up to 11.5.0.1 URL information disclosure

A vulnerability has been found in VISAM VBASE Editor and VBASE Web-Remote Module up to 11.5.0.1 and classified as problematic. Affected by this vulnerability is an unknown function of the component URL Handler. There is no information about...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module 11.5.0.2 privilege escalation

A vulnerability, which was classified as critical, was found in VISAM VBASE Editor and VBASE Web-Remote Module 11.5.0.2. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module 11.5.0.2 Key information disclosure

A vulnerability, which was classified as problematic, has been found in VISAM VBASE Editor and VBASE Web-Remote Module 11.5.0.2. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI