samedi 4 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

CERTFR-2020-AVI-185 : Vulnérabilité dans HAProxy (03 avril 2020)

Une vulnérabilité a été découverte dans HAProxy. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 RTSP Service weak authentication

A vulnerability has been found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 and classified as critical. Affected by this vulnerability is an unknown part of the component RTSP Service. There is no information about possible...
Auteur: VulDB

Huawei SmartAX MA5600T/SmartAX MA5800/SmartAX EA5800 Code Execution memory corruption

A vulnerability, which was classified as critical, was found in Huawei SmartAX MA5600T, SmartAX MA5800 and SmartAX EA5800 (version unknown). Affected is some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Linux Kernel up to 5.4.28/5.5.13/5.6.0 BPF Verifier kernel/bpf/verifier.c) memory corruption

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.28/5.5.13/5.6.0. This issue affects an unknown functionality of the file kernel/bpf/verifier.c) of the component BPF Verifier. Upgrading to version...
Auteur: VulDB

TP-LINK TL-WR841N V10 3.16.9 GET Request memory corruption

A vulnerability classified as critical was found in TP-LINK TL-WR841N V10 3.16.9. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications Cron Job race condition

A vulnerability classified as problematic has been found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (the affected version unknown). This affects some unknown processing of...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications texlive-filesystem privilege escalation

A vulnerability was found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (affected version not known). It has been rated as critical. Affected by this issue is an unknown code...
Auteur: VulDB

Exim up to 4.93.0.4-3.0 on openSUSE Symlink privilege escalation

A vulnerability was found in Exim up to 4.93.0.4-3.0 on openSUSE. It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 4.93.0.4-3.1 eliminates this vulnerability.
Auteur: VulDB

git-add-remote up to 1.0.0 name command injection

A vulnerability was found in git-add-remote up to 1.0.0. It has been classified as critical. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

install-package up to 0.4.0 options command injection

A vulnerability was found in install-package up to 0.4.0 and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

install-package up to 1.1.6 command injection [CVE-2020-7628]

A vulnerability has been found in install-package up to 1.1.6 and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

node-key-sender up to 1.0.11 execute() arrParams command injection

A vulnerability, which was classified as critical, was found in node-key-sender up to 1.0.11. This affects the function execute(). There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

karma-mojo up to 1.0.1 config command injection

A vulnerability, which was classified as critical, has been found in karma-mojo up to 1.0.1. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

op-browser up to 1.0.6 url command injection

A vulnerability classified as critical was found in op-browser up to 1.0.6. Affected by this vulnerability is the function url. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

effect up to 1.0.4 options command injection

A vulnerability classified as critical has been found in effect up to 1.0.4. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

jscover up to 1.0.0 source command injection

A vulnerability was found in jscover up to 1.0.0. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

strong-nginx-controller up to 1.0.2 _nginxCmd() command injection

A vulnerability was found in strong-nginx-controller up to 1.0.2 (Web Server). It has been declared as critical. This vulnerability affects the function _nginxCmd(). There is no information about possible countermeasures known. It may be...
Auteur: VulDB

pomelo-monitor up to 0.3.7 command injection [CVE-2020-7620]

A vulnerability was found in pomelo-monitor up to 0.3.7. It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

get-git-data up to 1.3.1 Argument command injection

A vulnerability was found in get-git-data up to 1.3.1 (Versioning Software) and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ini-parser up to 0.0.2 Object.prototype privilege escalation

A vulnerability has been found in ini-parser up to 0.0.2 and classified as critical. Affected by this vulnerability is the function Object.prototype. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 Telnet Service weak authentication

A vulnerability, which was classified as very critical, was found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 (Cloud Software). Affected is an unknown code block of the component Telnet Service. It is possible to mitigate...
Auteur: VulDB

ViewVC up to 1.1.27/1.2.0 CVS show_subdir_lastmod cross site scripting

A vulnerability, which was classified as problematic, has been found in ViewVC up to 1.1.27/1.2.0. This issue affects an unknown code of the component CVS show_subdir_lastmod. Upgrading to version 1.1.28 or 1.2.1 eliminates this vulnerability.
Auteur: VulDB

IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3 Global Teams REST API denial of service

A vulnerability classified as problematic was found in IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3. This vulnerability affects an unknown part of the component Global Teams REST API. There is no information about...
Auteur: VulDB

IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting

A vulnerability classified as problematic has been found in IBM WebSphere Application Server Liberty up to 20.0.0.3 (Application Server Software). This affects some unknown functionality of the component Web UI. There is no information about...
Auteur: VulDB
12345678910Last

Événements SSI