mardi 25 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IrfanView 4.53 User Mode memory corruption

A vulnerability, which was classified as critical, was found in IrfanView 4.53. Affected is some unknown functionality of the component User Mode. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IrfanView 4.53 User Mode memory corruption

A vulnerability, which was classified as critical, has been found in IrfanView 4.53. This issue affects an unknown functionality of the component User Mode. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

FiberHome HG2201T 1.00.M5007_JS_201804 downloadfile.cgi directory traversal

A vulnerability classified as critical was found in FiberHome HG2201T 1.00.M5007_JS_201804. This vulnerability affects an unknown function of the file /var/WEB-GUI/cgi-bin/downloadfile.cgi. There is no information about possible countermeasures...
Auteur: VulDB

FiberHome HG2201T 1.00.M5007_JS_201804 telnet.cgi Code Execution

A vulnerability classified as critical has been found in FiberHome HG2201T 1.00.M5007_JS_201804. This affects some unknown processing of the file /var/WEB-GUI/cgi-bin/telnet.cgi. There is no information about possible countermeasures known. It...
Auteur: VulDB

OpenStack Octavia up to 2.1.1/3.1.x/4.0.x Amphora Image HTTP Requests weak authentication

A vulnerability was found in OpenStack Octavia up to 2.1.1/3.1.x/4.0.x (Cloud Software). It has been rated as critical. Affected by this issue is an unknown code block of the component Amphora Image Handler. Upgrading to version 2.1.2, 3.2.0 or...
Auteur: VulDB

Centreon Web up to 2.8.27 brokerPerformance.php cross site scripting

A vulnerability was found in Centreon Web up to 2.8.27. It has been declared as problematic. Affected by this vulnerability is an unknown code of the file brokerPerformance.php. Upgrading to version 2.8.28 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.26 minPlayCommand.php command_hostaddress privilege escalation

A vulnerability was found in Centreon Web up to 2.8.26. It has been classified as critical. Affected is an unknown part of the file minPlayCommand.php. Upgrading to version 2.8.27 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.29 privilege escalation [CVE-2019-17106]

A vulnerability was found in Centreon Web up to 2.8.29 and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Centreon Web up to 2.8.26 Token Generator index.php weak authentication

A vulnerability has been found in Centreon Web up to 2.8.26 and classified as critical. This vulnerability affects an unknown functionality of the file index.php of the component Token Generator. Upgrading to version 2.8.27 eliminates this...
Auteur: VulDB

Centreon VM up to 19.04.3 Apache HTTP Server httponly information disclosure

A vulnerability, which was classified as problematic, was found in Centreon VM up to 19.04.3. This affects an unknown function of the component Apache HTTP Server. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Auth0 up to 6.5.3 Access Control IdentityTokenValidator privilege escalation

A vulnerability, which was classified as critical, has been found in Auth0 up to 6.5.3. Affected by this issue is the function IdentityTokenValidator of the component Access Control. Upgrading to version 6.5.4 eliminates this vulnerability.
Auteur: VulDB

Hrworks Flow 3.36.9 Report cross site scripting

A vulnerability classified as problematic was found in Hrworks Flow 3.36.9. Affected by this vulnerability is an unknown code block of the component Report. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

HRworks 3.36.9 Report cross site scripting

A vulnerability classified as problematic has been found in HRworks 3.36.9. Affected is an unknown code of the component Report. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Ansible up to 2.x/3.5 Log Credentials information disclosure

A vulnerability was found in Ansible up to 2.x/3.5. It has been rated as problematic. This issue affects an unknown part of the component Log Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

openshift 4.1/4.2/4.3 TLS Hostname Verification Man-in-the-Middle weak authentication

A vulnerability was found in openshift 4.1/4.2/4.3. It has been declared as critical. This vulnerability affects some unknown functionality of the component TLS Hostname Verification. There is no information about possible countermeasures known....
Auteur: VulDB

Yealink Phone up to 2019-08-04 OpenVPN File Upload Code Execution directory traversal

A vulnerability was found in Yealink Phone up to 2019-08-04. It has been classified as critical. This affects an unknown functionality of the component OpenVPN File Upload Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Yealink Phone up to 2019-08-04 HTTP Service POST Request privilege escalation

A vulnerability was found in Yealink Phone up to 2019-08-04 and classified as critical. Affected by this issue is an unknown function of the component HTTP Service. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 Service Port 81 openlock.cgi loginuse/loginpass privilege escalation

A vulnerability has been found in Dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown processing of the file openlock.cgi of the component Service...
Auteur: VulDB

Moxa EDR 810 up to 5.1 Ping Remote Code Execution

A vulnerability, which was classified as critical, was found in Moxa EDR 810 up to 5.1. Affected is an unknown code block of the component Ping Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Moxa EDR 810 up to 5.1 Log File information disclosure

A vulnerability, which was classified as problematic, has been found in Moxa EDR 810 up to 5.1. This issue affects an unknown code of the component Log File. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

knex.js up to 0.19.4 MSSQL sql injection

A vulnerability classified as critical was found in knex.js up to 0.19.4 (JavaScript Library). This vulnerability affects an unknown part of the component MSSQL Handler. Upgrading to version 0.19.5 eliminates this vulnerability.
Auteur: VulDB

node-red-dashboard up to 2.16.x cross site scripting [CVE-2019-10756]

A vulnerability classified as problematic has been found in node-red-dashboard up to 2.16.x (Forum Software). This affects some unknown functionality. Upgrading to version 2.17.0 eliminates this vulnerability.
Auteur: VulDB

Bootstrap-3-Typeahead 4.0.2 highlighter() cross site scripting

A vulnerability was found in Bootstrap-3-Typeahead 4.0.2. It has been rated as problematic. Affected by this issue is the function highlighter(). There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SAP SQL Anywhere/IQ/Dynamic Tier privilege escalation [CVE-2019-0381]

A vulnerability was found in SAP SQL Anywhere, IQ and Dynamic Tier (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

SAP Landscape Management up to 2.x Log information disclosure

A vulnerability was found in SAP Landscape Management up to 2.x. It has been classified as problematic. Affected is some unknown processing of the component Log Handler. Upgrading to version 3.0 eliminates this vulnerability.
Auteur: VulDB
First269270271272273274275276277278Last

Événements SSI