dimanche 24 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

TrackR up to 2020-05-06 Alarm denial of service

A vulnerability classified as problematic has been found in TrackR up to 2020-05-06. Affected is some unknown processing of the component Alarm Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

XCloner up to 3.5.3 on Joomla Local File Inclusion privilege escalation

A vulnerability was found in XCloner up to 3.5.3 on Joomla (Joomla Component). It has been rated as critical. This issue affects an unknown code block. Upgrading to version 3.5.4 eliminates this vulnerability.
Auteur: VulDB

meinheld up to 1.0.1 Header Parsing Content-Length Request Smuggling privilege escalation

A vulnerability was found in meinheld up to 1.0.1. It has been declared as critical. This vulnerability affects an unknown code of the component Header Parsing. Upgrading to version 1.0.2 eliminates this vulnerability.
Auteur: VulDB

Aviatrix VPN Client up to 2.10.6 Incomplete Fix CVE-2020-7224 Parameter privilege escalation

A vulnerability was found in Aviatrix VPN Client up to 2.10.6 (Network Encryption Software). It has been classified as critical. This affects an unknown part of the component Incomplete Fix CVE-2020-7224. Upgrading to version 2.10.7 eliminates...
Auteur: VulDB

Aviatrix Controller prior 5.4.1066 Web Interface cross site request forgery

A vulnerability was found in Aviatrix Controller and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. Upgrading to version 5.4.1066 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller up to 5.1 SAML SAML Assertion privilege escalation

A vulnerability has been found in Aviatrix Controller up to 5.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SAML Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Aviatrix Controller. Affected is an unknown function. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 API Response Brute Force information disclosure

A vulnerability, which was classified as problematic, has been found in Aviatrix Controller. This issue affects some unknown processing of the component API. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

Aviatrix Controller prior 5.4.1204 Web Interface cross site request forgery

A vulnerability classified as problematic was found in Aviatrix Controller. This vulnerability affects an unknown code block of the component Web Interface. Upgrading to version 5.4.1204 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 crypto.c crypto_rsa_common memory corruption

A vulnerability classified as critical has been found in FreeRDP up to 2.1.0. This affects the function crypto_rsa_common of the file libfreerdp/crypto/crypto.c. Upgrading to version 2.1.1 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 security.c security_fips_decrypt information disclosure

A vulnerability was found in FreeRDP up to 2.1.0. It has been rated as problematic. Affected by this issue is the function security_fips_decrypt of the file libfreerdp/core/security.c. Upgrading to version 2.1.1 eliminates this vulnerability.
Auteur: VulDB

FreeRDP up to 2.1.0 ntlm_message.c ntlm_read_ChallengeMessage information disclosure

A vulnerability was found in FreeRDP up to 2.1.0. It has been declared as problematic. Affected by this vulnerability is the function ntlm_read_ChallengeMessage in the library winpr/libwinpr/sspi/NTLM/ntlm_message.c. Upgrading to version 2.1.1...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd SetNetControlList list memory corruption

A vulnerability was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. It has been classified as critical. Affected is an unknown functionality of the file /goform/SetNetControlList of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd saveParentControlInfo deviceId/time memory corruption

A vulnerability was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05 and classified as critical. This issue affects an unknown function of the file /goform/saveParentControlInfo of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/setcfm funcpara1 memory corruption

A vulnerability has been found in Tenda AC6, AC9, AC15 and AC118 V15.03.05 and classified as critical. This vulnerability affects some unknown processing of the file /goform/setcfm of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/SetSpeedWan speed_dir memory corruption

A vulnerability, which was classified as critical, was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. This affects an unknown code block of the file /goform/SetSpeedWan of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/addressNat entrys/mitInterface memory corruption

A vulnerability, which was classified as critical, has been found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. Affected by this issue is an unknown code of the file /goform/addressNat of the component httpd. There is no information about possible...
Auteur: VulDB

Tenda AC6/AC9/AC15/AC118 V15.03.05 httpd /goform/openSchedWifi schedStartTime/schedEndTime memory corruption

A vulnerability classified as critical was found in Tenda AC6, AC9, AC15 and AC118 V15.03.05. Affected by this vulnerability is an unknown part of the file /goform/openSchedWifi of the component httpd. There is no information about possible...
Auteur: VulDB

jw.util Package up to 2.2 on Python YAML OS Command Injection privilege escalation

A vulnerability classified as critical has been found in jw.util Package up to 2.2 on Python. Affected is some unknown functionality of the component YAML Handler. Upgrading to version 2.3 eliminates this vulnerability.
Auteur: VulDB

Mozilla Thunderbird up to 68.7.x Unicode Encoding Email Address spoofing

A vulnerability was found in Mozilla Thunderbird up to 68.7.x (Mail Client Software). It has been rated as critical. This issue affects an unknown functionality of the component Unicode Encoding. Upgrading to version 68.8.0 eliminates this...
Auteur: VulDB

Composr 10.0.30 Security Configuration Persistent cross site scripting

A vulnerability was found in Composr 10.0.30. It has been declared as problematic. This vulnerability affects an unknown function of the component Security Configuration. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Kaoni ezHTTPTrans up to 1.0.0.70 ActiveX Control Ezhttptrans.ocx Argument Remote Code Execution

A vulnerability was found in Kaoni ezHTTPTrans up to 1.0.0.70. It has been classified as critical. This affects some unknown processing of the file Ezhttptrans.ocx of the component ActiveX Control. There is no information about possible...
Auteur: VulDB

Epson EB-1470Ui HTTP Requests weak authentication [CVE-2020-6091]

A vulnerability was found in Epson EB-1470Ui (affected version not known) and classified as critical. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Kylin REST API OS Command Injection privilege escalation

A vulnerability has been found in Kylin (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown code of the component REST API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Puma Gem up to 3.12.4/4.3.3 on Ruby HTTP Smuggling privilege escalation

A vulnerability, which was classified as critical, has been found in Puma Gem up to 3.12.4/4.3.3 on Ruby. This issue affects some unknown functionality. Upgrading to version 3.12.5 or 4.3.4 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI