vendredi 10 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Wing FTP Server 6.2.3 Configuration File privilege escalation

A vulnerability, which was classified as critical, was found in Wing FTP Server 6.2.3 (File Transfer Software). This affects an unknown code of the component Configuration File. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Wing FTP Server 6.2.3 HTTP File Management Interface privilege escalation

A vulnerability, which was classified as critical, has been found in Wing FTP Server 6.2.3 (File Transfer Software). Affected by this issue is an unknown part of the component HTTP File Management Interface. There is no information about possible...
Auteur: VulDB

Monstra CMS up to 3.0.4 users/21/edit Parameter privilege escalation

A vulnerability classified as critical was found in Monstra CMS up to 3.0.4 (Content Management System). Affected by this vulnerability is some unknown functionality of the file users/21/edit. There is no information about possible...
Auteur: VulDB

GitLab up to 12.7.2 Access Control unknown vulnerability [CVE-2020-8113]

A vulnerability classified as critical has been found in GitLab up to 12.7.2 (Bug Tracking Software). Affected is an unknown functionality of the component Access Control. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

urllib3 Library up to 1.25.7 on Python util/url.py encode_invalid_chars denial of service

A vulnerability was found in urllib3 Library up to 1.25.7 on Python. It has been rated as problematic. This issue affects the function encode_invalid_chars of the file util/url.py. There is no information about possible countermeasures known. It...
Auteur: VulDB

Dell EMC Isilon OneFS up to 8.1.x SyncIQ weak authentication

A vulnerability was found in Dell EMC Isilon OneFS up to 8.1.x. It has been declared as very critical. This vulnerability affects some unknown processing of the component SyncIQ. Upgrading to version 8.2.0 eliminates this vulnerability.
Auteur: VulDB

Dell Security Management Server up to 10.2.9 Java RMI Deserialization RMI Request Remote Code Execution

A vulnerability was found in Dell Security Management Server up to 10.2.9. It has been classified as critical. This affects an unknown code block of the component Java RMI Deserialization. Upgrading to version 10.2.10 eliminates this...
Auteur: VulDB

D-Link DIR-825 Rev.B 2.10 system_time.cgi date privilege escalation

A vulnerability was found in D-Link DIR-825 Rev.B 2.10 and classified as critical. Affected by this issue is an unknown code of the file system_time.cgi. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

D-Link DIR-825 Rev.B 2.10 dns_query.cgi dns_query_name privilege escalation

A vulnerability has been found in D-Link DIR-825 Rev.B 2.10 and classified as critical. Affected by this vulnerability is an unknown part of the file dns_query.cgi. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

D-Link DIR-825 Rev.B 2.10 ntp_sync.cgi ntp_server memory corruption

A vulnerability, which was classified as critical, was found in D-Link DIR-825 Rev.B 2.10. Affected is some unknown functionality of the file ntp_sync.cgi. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

D-Link DIR-825 2.10 set_sta_enrollee_pin.cgi wps_sta_enrollee_pin privilege escalation

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects an unknown functionality of the file set_sta_enrollee_pin.cgi. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Responsive FileManager 9.13.4/9.14.0 Incomplete Fix upload.php url Server-Side Request Forgery

A vulnerability classified as critical was found in Responsive FileManager 9.13.4/9.14.0. This vulnerability affects an unknown function of the file upload.php of the component Incomplete Fix. There is no information about possible...
Auteur: VulDB

ESET Smart Security Premium Archive Support Module privilege escalation

A vulnerability classified as critical has been found in ESET Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro, Cyber Security, Mobile Security for Android, Smart TV Security and NOD32 Antivirus 4 for Linux Desktop...
Auteur: VulDB

Zoho ManageEngine Desktop Central CewolfServlet/MDMLogUploaderServlet getChartImage Remote Code Execution

A vulnerability was found in Zoho ManageEngine Desktop Central (affected version not known). It has been rated as critical. Affected by this issue is the function getChartImage of the component CewolfServlet/MDMLogUploaderServlet. There is no...
Auteur: VulDB

netkit Telnet up to 0.17 telnetd utility.c memory corruption

A vulnerability was found in netkit Telnet up to 0.17. It has been declared as very critical. Affected by this vulnerability is an unknown code of the file utility.c of the component telnetd. There is no information about possible countermeasures...
Auteur: VulDB

Citrix Gateway 11.1/12.0/12.1 Cache Cache Poisoning privilege escalation

A vulnerability was found in Citrix Gateway 11.1/12.0/12.1. It has been classified as critical. Affected is an unknown part of the component Cache Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Citrix Gateway 11.1/12.0/12.1 HTTP Requests unknown vulnerability

A vulnerability was found in Citrix Gateway 11.1/12.0/12.1 and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

Citrix Gateway 11.1/12.0/12.1 Cache information disclosure

A vulnerability has been found in Citrix Gateway 11.1/12.0/12.1 and classified as problematic. This vulnerability affects an unknown functionality of the component Cache Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

usrsctp sctp_load_addresses_from_init information disclosure

A vulnerability, which was classified as problematic, was found in usrsctp (the affected version unknown). This affects the function sctp_load_addresses_from_init. Upgrading eliminates this vulnerability.
Auteur: VulDB

Lexmark Product Embedded Web Server Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Lexmark Product (affected version not known). Affected by this issue is some unknown processing of the component Embedded Web Server. There is no information about possible...
Auteur: VulDB

Lexmark Product Embedded Web Server Reflected cross site scripting

A vulnerability classified as problematic was found in Lexmark Product (affected version unknown). Affected by this vulnerability is an unknown code block of the component Embedded Web Server. There is no information about possible...
Auteur: VulDB

Zoho Releases Security Update on ManageEngine Desktop Central

Original release date: March 6, 2020Zoho has released a security update on a vulnerability (CVE-2020-10189) affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

Critical PPP Daemon Vulnerability (CERT-EU Security Advisory 2020-013)

A new dangerous (and 17 years old!) remote code execution vulnerability has been discovered by Ilja Van Sprundel from IOActive. It affects the PPP daemon ("pppd") software that comes installed on almost all Linux-based operating systems and...
Auteur: Cert EU

Defending Against COVID-19 Cyber Scams

Original release date: March 6, 2020The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments...
Auteur: US Cert

Cisco Webex Players Vulnerabilities (CERT-EU Security Advisory 2020-012)

High serverity vulnerabilities were patched in Cisco Webex video conferencing platform. In particular they affect Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows. If exploited, these could...
Auteur: Cert EU
First274275276277278279280281282283Last

Événements SSI