mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Spectrum Protect Plus 10.1.0/10.1.5 HTTP Command privilege escalation

A vulnerability has been found in IBM Spectrum Protect Plus 10.1.0/10.1.5 and classified as very critical. This vulnerability affects an unknown functionality of the component HTTP Handler. There is no information about possible countermeasures...
Auteur: VulDB

Kylin REST API privilege escalation [CVE-2020-1937]

A vulnerability, which was classified as critical, was found in Kylin (the affected version unknown). This affects an unknown function of the component REST API. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Apache Tomcat up to 7.0.99/8.5.50/9.0.30 Header Parsing HTTP Request Request Smuggling privilege escalation

A vulnerability, which was classified as critical, has been found in Apache Tomcat up to 7.0.99/8.5.50/9.0.30. Affected by this issue is some unknown processing of the component Header Parsing. There is no information about possible...
Auteur: VulDB

IBM Maximo Asset Management 7.6.1.0 information disclosure [CVE-2019-4745]

A vulnerability classified as problematic was found in IBM Maximo Asset Management 7.6.1.0. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Spectrum Protect Plus 10.1.0/10.5.0 information disclosure

A vulnerability classified as problematic has been found in IBM Spectrum Protect Plus 10.1.0/10.5.0. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

IBM Sterling B2B Integrator Standard Edition up to 5.2.6.5 Open Redirect

A vulnerability was found in IBM Sterling B2B Integrator Standard Edition up to 5.2.6.5. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

McAfee Web Advisor up to 8.0.34745 Web Interface Code Execution cross site scripting

A vulnerability was found in McAfee Web Advisor up to 8.0.34745. It has been declared as problematic. This vulnerability affects some unknown functionality of the component Web Interface. There is no information about possible countermeasures...
Auteur: VulDB

Miele XGW 3000 ZigBee Gateway up to 2.3.x Change privilege escalation

A vulnerability was found in Miele XGW 3000 ZigBee Gateway up to 2.3.x. It has been classified as critical. This affects an unknown functionality of the component Change Handler. Upgrading to version 2.4.0 eliminates this vulnerability.
Auteur: VulDB

Miele XGW 3000 ZigBee Gateway up to 2.3.x Admin Panel cross site request forgery

A vulnerability was found in Miele XGW 3000 ZigBee Gateway up to 2.3.x and classified as problematic. Affected by this issue is an unknown function of the component Admin Panel. Upgrading to version 2.4.0 eliminates this vulnerability.
Auteur: VulDB

zsh up to 5.7 setuid() MODULE_PATH privilege escalation

A vulnerability has been found in zsh up to 5.7 and classified as critical. Affected by this vulnerability is the function setuid(). Upgrading to version 5.8 eliminates this vulnerability.
Auteur: VulDB

Pacman up to 5.1 lib/libalpm/sync.c apply_deltas() command injection

A vulnerability, which was classified as critical, was found in Pacman up to 5.1. Affected is the function apply_deltas() in the library lib/libalpm/sync.c. Upgrading to version 5.2 eliminates this vulnerability.
Auteur: VulDB

Pacman up to 5.1 conf.c download_with_xfercommand() command injection

A vulnerability, which was classified as critical, has been found in Pacman up to 5.1. This issue affects the function download_with_xfercommand() of the file conf.c. Upgrading to version 5.2 eliminates this vulnerability.
Auteur: VulDB

Apache Tomcat up to 9.0.30 Header Transfer-Encoding Request Smuggling privilege escalation

A vulnerability classified as critical was found in Apache Tomcat up to 9.0.30 (Application Server Software). This vulnerability affects an unknown part of the component Header Handler. There is no information about possible countermeasures...
Auteur: VulDB

motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress includes/options.php cross site scripting

A vulnerability classified as problematic has been found in motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress (WordPress Plugin). This affects some unknown functionality of the file includes/options.php. There is no...
Auteur: VulDB

motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress includes/options.php privilege escalation

A vulnerability was found in motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress (WordPress Plugin). It has been rated as critical. Affected by this issue is an unknown functionality of the file includes/options.php. There...
Auteur: VulDB

Centreon Web up to 19.04.3 contact_autologin_key weak authentication

A vulnerability was found in Centreon Web up to 19.04.3. It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.23 hostname Stored cross site scripting

A vulnerability was found in Netgear Nighthawk X10-R900 up to 1.0.4.23. It has been classified as problematic. Affected is some unknown processing. Upgrading to version 1.0.4.24 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.23 HTTP Header X-Forwarded-For Stored cross site scripting

A vulnerability was found in Netgear Nighthawk X10-R900 up to 1.0.4.23 and classified as problematic. This issue affects an unknown code block of the component HTTP Header Handler. Upgrading to version 1.0.4.24 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.25 SOAP Endpoint Environment Variable privilege escalation

A vulnerability has been found in Netgear Nighthawk X10-R900 up to 1.0.4.25 and classified as critical. This vulnerability affects an unknown code of the component SOAP Endpoint. Upgrading to version 1.0.4.26 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.25 SOAP API /soap/server_sa X-Forwarded-For weak authentication

A vulnerability, which was classified as critical, was found in Netgear Nighthawk X10-R900 up to 1.0.4.25. This affects an unknown part of the file /soap/server_sa of the component SOAP API. Upgrading to version 1.0.4.26 eliminates this...
Auteur: VulDB

compile-sass up to 1.0.4 dist/index.js setupCleanupOnExit(cssPath) privilege escalation

A vulnerability, which was classified as critical, has been found in compile-sass up to 1.0.4. Affected by this issue is the function setupCleanupOnExit(cssPath) of the file dist/index.js. Upgrading to version 1.0.5 eliminates this vulnerability.
Auteur: VulDB

rdf-graph-array up to 0.3.0-rc6 rdf.Graph.prototype.add privilege escalation

A vulnerability classified as critical was found in rdf-graph-array up to 0.3.0-rc6. Affected by this vulnerability is the function rdf.Graph.prototype.add. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

rpi up to 0.0.3 src/lib/gpio.js GPIO pinNumbver privilege escalation

A vulnerability classified as critical has been found in rpi up to 0.0.3. Affected is the function GPIO in the library src/lib/gpio.js. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Drobo 5N2 4.0.5 weak authentication [CVE-2018-14705]

A vulnerability was found in Drobo 5N2 4.0.5. It has been rated as critical. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

TOTOLINK A3002RU up to 1.0.7 password.htm information disclosure

A vulnerability was found in TOTOLINK A3002RU up to 1.0.7. It has been declared as problematic. This vulnerability affects an unknown code block of the file password.htm. Upgrading to version 1.0.8 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI