jeudi 27 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SugarCRM up to 8.0.3/9.0.1 Administration PHP Code Execution privilege escalation

A vulnerability classified as critical has been found in SugarCRM up to 8.0.3/9.0.1. Affected is an unknown code of the component Administration. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 Administration sql injection

A vulnerability was found in SugarCRM up to 8.0.3/9.0.1. It has been rated as critical. This issue affects an unknown part of the component Administration. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 Quotes sql injection

A vulnerability was found in SugarCRM up to 8.0.3/9.0.1. It has been declared as critical. This vulnerability affects some unknown functionality of the component Quotes. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 Contacts sql injection

A vulnerability was found in SugarCRM up to 8.0.3/9.0.1. It has been classified as critical. This affects an unknown functionality of the component Contacts. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 History sql injection

A vulnerability was found in SugarCRM up to 8.0.3/9.0.1 and classified as critical. Affected by this issue is an unknown function of the component History. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 Export sql injection

A vulnerability has been found in SugarCRM up to 8.0.3/9.0.1 and classified as critical. Affected by this vulnerability is some unknown processing of the component Export Handler. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 pmse_Project sql injection

A vulnerability, which was classified as critical, was found in SugarCRM up to 8.0.3/9.0.1. Affected is an unknown code block of the component pmse_Project. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

SugarCRM up to 8.0.3/9.0.1 pmse_Inbox sql injection

A vulnerability, which was classified as critical, has been found in SugarCRM up to 8.0.3/9.0.1. This issue affects an unknown code of the component pmse_Inbox. Upgrading to version 8.0.4 or 9.0.2 eliminates this vulnerability.
Auteur: VulDB

download-plugins-dashboard plugin up to 1.5.0 on WordPress class-alg-download-plugins-settings.php cross site scripting

A vulnerability classified as problematic was found in download-plugins-dashboard plugin up to 1.5.0 on WordPress (WordPress Plugin). This vulnerability affects an unknown part of the file...
Auteur: VulDB

ultimate-faqs Plugin up to 1.8.24 on WordPress EWD_UFAQ_Import.php cross site scripting

A vulnerability classified as problematic has been found in ultimate-faqs Plugin up to 1.8.24 on WordPress (WordPress Plugin). This affects some unknown functionality of the file Functions/EWD_UFAQ_Import.php. There is no information about...
Auteur: VulDB

ultimate-faqs Plugin up to 1.8.24 on WordPress Option Import EWD_UFAQ_Import.php unknown vulnerability

A vulnerability was found in ultimate-faqs Plugin up to 1.8.24 on WordPress (WordPress Plugin). It has been rated as critical. Affected by this issue is an unknown functionality of the file Functions/EWD_UFAQ_Import.php of the component Option...
Auteur: VulDB

rsyslog 8.1908.0 Cisco Log Message pmcisconames.c lenMsg memory corruption

A vulnerability was found in rsyslog 8.1908.0. It has been declared as critical. Affected by this vulnerability is an unknown function of the file contrib/pmcisconames/pmcisconames.c of the component Cisco Log Message Handler. There is no...
Auteur: VulDB

CERTFR-2019-AVI-493 : Multiples vulnérabilités dans le noyau Linux de SUSE (09 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité...
Auteur: Cert FR

rsyslog 8.1908.0 AIX Log Message pmaixforwardedfrom.c lenMsg memory corruption

A vulnerability was found in rsyslog 8.1908.0. It has been classified as critical. Affected is some unknown processing of the file contrib/pmaixforwardedfrom/pmaixforwardedfrom.c of the component AIX Log Message Handler. There is no information...
Auteur: VulDB

PCProtect Antivirus 4.14.31 Folder Permission privilege escalation

A vulnerability was found in PCProtect Antivirus 4.14.31 and classified as critical. This issue affects an unknown code block of the file %PROGRAMFILES(X86)%\PCProtect of the component Folder Permission. There is no information about possible...
Auteur: VulDB

Twitter Kit Framework up to 3.4.2 on iOS Hostname Verification SSL Certificate weak authentication

A vulnerability has been found in Twitter Kit Framework up to 3.4.2 on iOS (Social Network Software) and classified as critical. This vulnerability affects an unknown code of the component Hostname Verification. There is no information about...
Auteur: VulDB

Espressif ESP-IDF up to 2.x/3.0.9/3.1.6/3.2.3/3.3.1 Secure Boot Code Execution

A vulnerability, which was classified as critical, was found in Espressif ESP-IDF up to 2.x/3.0.9/3.1.6/3.2.3/3.3.1. This affects an unknown part of the component Secure Boot. There is no information about possible countermeasures known. It may...
Auteur: VulDB

CERTFR-2019-AVI-492 : Multiples vulnérabilités dans les produits Magento (09 octobre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Magento. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

Sitos Six 6.2.1 SCORM File File Upload privilege escalation

A vulnerability, which was classified as critical, has been found in Sitos Six 6.2.1. Affected by this issue is some unknown functionality of the component SCORM File Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Sitos Six 6.2.1 Blog id cross site scripting

A vulnerability classified as problematic was found in Sitos Six 6.2.1. Affected by this vulnerability is an unknown functionality of the component Blog. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Sitos Six 6.2.1 Password Reset privilege escalation

A vulnerability classified as critical has been found in Sitos Six 6.2.1. Affected is an unknown function of the component Password Reset. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

CERTFR-2019-AVI-491 : Multiples vulnérabilités dans OpenSSH (09 octobre 2019)

De multiples vulnérabilités ont été découvertes dans OpenSSH. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-490 : Vulnérabilité dans Citrix Application Delivery Management (09 octobre 2019)

Une vulnérabilité a été découverte dans Citrix Application Delivery Management. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

Sitos Six 6.2.1 Import PHP File PHP Code Execution privilege escalation

A vulnerability was found in Sitos Six 6.2.1. It has been rated as critical. This issue affects some unknown processing of the component Import. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Sitos Six 6.2.1 privilege escalation

A vulnerability was found in Sitos Six 6.2.1. It has been declared as critical. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB
First274275276277278279280281282283Last

Événements SSI