Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

OpenClinic GA 5.09.02/5.89.05b privilege escalation [CVE-2020-14486]

A vulnerability has been found in OpenClinic GA 5.09.02/5.89.05b and classified as critical. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Shopware up to 6.2.2 Error Password information disclosure

A vulnerability, which was classified as problematic, was found in Shopware up to 6.2.2. This affects some unknown functionality of the component Error Handler. Upgrading to version 6.2.3 eliminates this vulnerability.
Auteur: VulDB

Shopware up to 6.2.2 Mediabrowser File Upload SVG Image Persistent cross site scripting

A vulnerability, which was classified as problematic, has been found in Shopware up to 6.2.2. Affected by this issue is an unknown functionality of the component Mediabrowser File Upload. Upgrading to version 6.2.3 eliminates this vulnerability.
Auteur: VulDB

Shopware up to 6.2.2 Mediabrowser upload by URL Request Server-Side Request Forgery

A vulnerability classified as critical was found in Shopware up to 6.2.2. Affected by this vulnerability is an unknown function of the component Mediabrowser upload by URL. Upgrading to version 6.2.3 eliminates this vulnerability.
Auteur: VulDB

concrete5 up to 8.5.2 File Upload privilege escalation

A vulnerability classified as critical has been found in concrete5 up to 8.5.2. Affected is some unknown processing of the component File Upload. Upgrading to version 8.5.3 eliminates this vulnerability.
Auteur: VulDB

NCP Secure Enterprise Client up to 10.14 Support Assistant enumusb.reg privilege escalation

A vulnerability was found in NCP Secure Enterprise Client up to 10.14. It has been rated as critical. This issue affects an unknown code block of the file enumusb.reg of the component Support Assistant. Upgrading to version 10.15 eliminates this...
Auteur: VulDB

Gambio GX up to 4.0 admin/coupon_admin.php cross site scripting

A vulnerability was found in Gambio GX up to 4.0. It has been declared as problematic. This vulnerability affects an unknown code of the file admin/coupon_admin.php. Upgrading to version 4.0.1.0 eliminates this vulnerability.
Auteur: VulDB

Gambio GX up to 4.0 admin/admin.php cross site request forgery

A vulnerability was found in Gambio GX up to 4.0. It has been classified as problematic. This affects an unknown part of the file admin/admin.php. Upgrading to version 4.0.1.0 eliminates this vulnerability.
Auteur: VulDB

Gambio GX up to 4.0 admin/mobile.php sql injection

A vulnerability was found in Gambio GX up to 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/mobile.php. Upgrading to version 4.0.1.0 eliminates this vulnerability.
Auteur: VulDB

Gambio GX up to 4.0 admin/gv_mail.php sql injection

A vulnerability has been found in Gambio GX up to 4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/gv_mail.php. Upgrading to version 4.0.1.0 eliminates this vulnerability.
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 URL Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Netgear R6700 1.0.4.84_10.0.58. Affected is an unknown function of the component URL Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 File Upload Integer Overflow memory corruption

A vulnerability, which was classified as critical, has been found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). This issue affects some unknown processing of the component File Upload Handler. There is no information about possible...
Auteur: VulDB

Magento up to 2.3.5-p1 Remote Code Execution [CVE-2020-9692]

A vulnerability has been found in Magento up to 2.3.5-p1 and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 File Upload Heap-based memory corruption

A vulnerability classified as critical was found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). This vulnerability affects an unknown code block of the component File Upload Handler. There is no information about possible...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 Firmware Update weak encryption

A vulnerability classified as critical has been found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). This affects an unknown code of the component Firmware Update Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 Firmware Update privilege escalation

A vulnerability was found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). It has been rated as critical. Affected by this issue is an unknown part of the component Firmware Update Handler. There is no information about possible...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 File Download weak authentication

A vulnerability was found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component File Download. There is no information about...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 Service Port 5000 Stack-based memory corruption

A vulnerability was found in Netgear R6700 1.0.4.84_10.0.58 (Wireless LAN Software). It has been classified as critical. Affected is an unknown functionality of the component Service Port 5000. There is no information about possible...
Auteur: VulDB

Netgear R6700 1.0.4.84_10.0.58 Service Port 5000 UPnP Message weak authentication

A vulnerability was found in Netgear R6700 1.0.4.84_10.0.58 and classified as critical. This issue affects an unknown function of the component Service Port 5000. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

CERTFR-2020-AVI-471 : Multiples vulnérabilités dans Mozilla Thunderbird (29 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un...
Auteur: Cert FR

CERTFR-2020-AVI-470 : Multiples vulnérabilités dans Mozilla Firefox (29 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un...
Auteur: Cert FR

CERTFR-2020-AVI-469 : Vulnérabilité dans Juniper Junos OS (29 juillet 2020)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-468 : Multiples vulnérabilités dans les produits Kaspersky (29 juillet 2020)

De multiples vulnérabilités ont été découvertes dans les produits Kaspersky. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-467 : Multiples vulnérabilités dans Magento (29 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Magento. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

UmbracoForms File Upload privilege escalation [CVE-2020-7685]

A vulnerability has been found in UmbracoForms (the affected version is unknown) and classified as critical. This vulnerability affects some unknown processing of the component File Upload Handler. The best possible mitigation is suggested to be...
Auteur: VulDB
First567891011121314Last

Événements SSI

Article does not exist or Permission Denied.