dimanche 5 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VISAM VBASE Editor/VBASE Web-Remote Module up to 11.5.0.2 Password Hash weak encryption

A vulnerability, which was classified as problematic, has been found in VISAM VBASE Editor and VBASE Web-Remote Module up to 11.5.0.2. Affected by this issue is an unknown part of the component Password Hash Handler. There is no information about...
Auteur: VulDB

VISAM VBASE Editor/VBASE Web-Remote Module ActiveX memory corruption

A vulnerability classified as critical was found in VISAM VBASE Editor and VBASE Web-Remote Module (affected version unknown). Affected by this vulnerability is some unknown functionality of the component ActiveX. There is no information about...
Auteur: VulDB

SuSE Linux Enterprise Server autoyast2 privilege escalation [CVE-2019-18905]

A vulnerability classified as critical has been found in SuSE Linux Enterprise Server (version unknown). Affected is an unknown functionality of the component autoyast2. Applying a patch is able to eliminate this problem.
Auteur: VulDB

SuSE Linux Enterprise Server Resource Exhaustion denial of service

A vulnerability was found in SuSE Linux Enterprise Server, Linux Enterprise High Performance Computing, Linux Enterprise Module for Public Cloud and Linux Enterprise Module for Server Applications (unknown version). It has been rated as...
Auteur: VulDB

OneTone Theme up to 3.0.6 on WordPress theme-functions.php cross site scripting

A vulnerability was found in OneTone Theme up to 3.0.6 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects some unknown processing of the file includes/theme-functions.php. There is no information...
Auteur: VulDB

OneTone Theme up to 3.0.6 on WordPress Options theme-functions.php privilege escalation

A vulnerability was found in OneTone Theme up to 3.0.6 on WordPress (WordPress Plugin). It has been classified as critical. This affects an unknown code block of the file includes/theme-functions.php of the component Options Handler. There is no...
Auteur: VulDB

SuSE Openstack Cloud/OpenStack Cloud Crowbar privilege escalation

A vulnerability was found in SuSE Openstack Cloud and OpenStack Cloud Crowbar (Cloud Software) (affected version not known) and classified as critical. Affected by this issue is an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR

Original release date: April 3, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have...
Auteur: US Cert

Serious PHP Vulnerability (CERT-EU Security Advisory 2020-018)

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using "mb_strtolower()" function with "UTF-32LE" encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption,...
Auteur: Cert EU

CERTFR-2020-AVI-185 : Vulnérabilité dans HAProxy (03 avril 2020)

Une vulnérabilité a été découverte dans HAProxy. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 RTSP Service weak authentication

A vulnerability has been found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 and classified as critical. Affected by this vulnerability is an unknown part of the component RTSP Service. There is no information about possible...
Auteur: VulDB

Huawei SmartAX MA5600T/SmartAX MA5800/SmartAX EA5800 Code Execution memory corruption

A vulnerability, which was classified as critical, was found in Huawei SmartAX MA5600T, SmartAX MA5800 and SmartAX EA5800 (version unknown). Affected is some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Linux Kernel up to 5.4.28/5.5.13/5.6.0 BPF Verifier kernel/bpf/verifier.c) memory corruption

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.28/5.5.13/5.6.0. This issue affects an unknown functionality of the file kernel/bpf/verifier.c) of the component BPF Verifier. Upgrading to version...
Auteur: VulDB

TP-LINK TL-WR841N V10 3.16.9 GET Request memory corruption

A vulnerability classified as critical was found in TP-LINK TL-WR841N V10 3.16.9. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications Cron Job race condition

A vulnerability classified as problematic has been found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (the affected version unknown). This affects some unknown processing of...
Auteur: VulDB

SuSE/openSUSE Linux Enterprise Module for Desktop Applications texlive-filesystem privilege escalation

A vulnerability was found in SuSE/openSUSE Linux Enterprise Module for Desktop Applications, Linux Enterprise Software Development Kit and Leap (affected version not known). It has been rated as critical. Affected by this issue is an unknown code...
Auteur: VulDB

Exim up to 4.93.0.4-3.0 on openSUSE Symlink privilege escalation

A vulnerability was found in Exim up to 4.93.0.4-3.0 on openSUSE. It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 4.93.0.4-3.1 eliminates this vulnerability.
Auteur: VulDB

git-add-remote up to 1.0.0 name command injection

A vulnerability was found in git-add-remote up to 1.0.0. It has been classified as critical. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

install-package up to 0.4.0 options command injection

A vulnerability was found in install-package up to 0.4.0 and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

install-package up to 1.1.6 command injection [CVE-2020-7628]

A vulnerability has been found in install-package up to 1.1.6 and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

node-key-sender up to 1.0.11 execute() arrParams command injection

A vulnerability, which was classified as critical, was found in node-key-sender up to 1.0.11. This affects the function execute(). There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

karma-mojo up to 1.0.1 config command injection

A vulnerability, which was classified as critical, has been found in karma-mojo up to 1.0.1. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

op-browser up to 1.0.6 url command injection

A vulnerability classified as critical was found in op-browser up to 1.0.6. Affected by this vulnerability is the function url. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

effect up to 1.0.4 options command injection

A vulnerability classified as critical has been found in effect up to 1.0.4. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

jscover up to 1.0.0 source command injection

A vulnerability was found in jscover up to 1.0.0. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB
12345678910Last

Événements SSI