vendredi 3 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Android 9.0 Permission SliceProvider.java privilege escalation

A vulnerability classified as critical has been found in Google Android 9.0. Affected is an unknown part of the file SliceProvider.java of the component Permission. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Google Android 8.0/8.1/9.0 HidHostService.java okToConnect privilege escalation

A vulnerability was found in Google Android 8.0/8.1/9.0. It has been rated as critical. This issue affects the function okToConnect of the file HidHostService.java. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Pomelo 2.2.5 State entryHandler.js privilege escalation

A vulnerability was found in Pomelo 2.2.5. It has been declared as critical. This vulnerability affects an unknown functionality of the file template/game-server/app/servers/connector/handler/entryHandler.js of the component State Handler. There...
Auteur: VulDB

SibSoft Xfilesharing up to 2.5.1 cgi-bin/up.cgi HTML File Remote Code Execution

A vulnerability was found in SibSoft Xfilesharing up to 2.5.1. It has been classified as critical. This affects an unknown function of the file cgi-bin/up.cgi. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SibSoft Xfilesharing up to 2.5.1 tmpl directory traversal

A vulnerability was found in SibSoft Xfilesharing up to 2.5.1 and classified as problematic. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Western Digital My Cloud EX2 Ultra 2.31.195 Instruction Pointer POST Parameter memory corruption

A vulnerability has been found in Western Digital My Cloud EX2 Ultra 2.31.195 and classified as critical. Affected by this vulnerability is an unknown code block of the component Instruction Pointer. There is no information about possible...
Auteur: VulDB

Western Digital My Cloud EX2 Ultra 2.31.183 libscheddl.so f_idx memory corruption

A vulnerability, which was classified as critical, was found in Western Digital My Cloud EX2 Ultra 2.31.183. Affected is an unknown code of the file libscheddl.so. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Western Digital My Cloud EX2 Ultra 2.31.183 download_mgr.cgi memory corruption

A vulnerability, which was classified as critical, has been found in Western Digital My Cloud EX2 Ultra 2.31.183. This issue affects an unknown part of the file download_mgr.cgi. There is no information about possible countermeasures known. It...
Auteur: VulDB

go-camo up to 2.1.0 privilege escalation [CVE-2019-18923]

A vulnerability classified as critical was found in go-camo up to 2.1.0. This vulnerability affects some unknown functionality. Upgrading to version 2.1.1 eliminates this vulnerability.
Auteur: VulDB

Rise Ultimate Project Manager 2.3 add_team_member cross site request forgery

A vulnerability classified as problematic has been found in Rise Ultimate Project Manager 2.3. This affects an unknown functionality of the file index.php/team_members/add_team_member. There is no information about possible countermeasures known....
Auteur: VulDB

Lavalite CMS 5.7 designation cross site scripting

A vulnerability was found in Lavalite CMS 5.7 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

ACRN prior 2019w25.5-140000p Device Model core.c denial of service

A vulnerability was found in ACRN. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the file devicemodel/hw/pci/core.c of the component Device Model. Upgrading to version 2019w25.5-140000p...
Auteur: VulDB

FUDForum 3.0.9 nlogin Stored cross site scripting

A vulnerability was found in FUDForum 3.0.9. It has been classified as problematic. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

crun up to 0.10.4 Image libcrun/linux.c privilege escalation

A vulnerability was found in crun up to 0.10.4 and classified as critical. This issue affects an unknown code of the file libcrun/linux.c of the component Image Handler. Upgrading to version 0.10.5 eliminates this vulnerability.
Auteur: VulDB

Parallels Plesk Panel 9.5 index.htm fileName cross site scripting

A vulnerability has been found in Parallels Plesk Panel 9.5 and classified as problematic. This vulnerability affects an unknown part of the file target/locales/tr-TR/help/index.htm. There is no information about possible countermeasures known....
Auteur: VulDB

GNU FriBidi up to 1.0.7 lib/fribidi-bidi.c fribidi_get_par_embedding_levels_ex() memory corruption

A vulnerability, which was classified as critical, was found in GNU FriBidi up to 1.0.7. This affects the function fribidi_get_par_embedding_levels_ex() in the library lib/fribidi-bidi.c. There is no information about possible countermeasures...
Auteur: VulDB

Phoenix SCT WinFlash up to 1.5.74.0 Driver privilege escalation

A vulnerability, which was classified as critical, has been found in Phoenix SCT WinFlash up to 1.5.74.0. Affected by this issue is an unknown functionality of the component Driver. Upgrading eliminates this vulnerability.
Auteur: VulDB

Fuji Electric V-Server up to 4.0.6 Heap-based memory corruption

A vulnerability classified as critical was found in Fuji Electric V-Server up to 4.0.6. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Blog2Social Plugin up to 5.8.x on WordPress post.calendar.php b2s_id cross site scripting

A vulnerability classified as problematic has been found in Blog2Social Plugin up to 5.8.x on WordPress. Affected is some unknown processing of the file views/b2s/post.calendar.php. Upgrading to version 5.9.0 eliminates this vulnerability.
Auteur: VulDB

Technicolor TC7300 STFA.51.20 /wlanAccess.asp Connected Clients cross site scripting

A vulnerability was found in Technicolor TC7300 STFA.51.20. It has been rated as problematic. This issue affects an unknown code block of the file /wlanAccess.asp. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Technicolor TC7300 STFA.51.20 /FTPDiag.asp FileName cross site scripting

A vulnerability was found in Technicolor TC7300 STFA.51.20. It has been declared as problematic. This vulnerability affects an unknown code of the file /FTPDiag.asp. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CleanTalk cleantalk-spam-protect Plugin up to 5.127.3 on WordPress inc/cleantalk-users.php till cross site scripting

A vulnerability was found in CleanTalk cleantalk-spam-protect Plugin up to 5.127.3 on WordPress. It has been classified as problematic. This affects an unknown part of the file inc/cleantalk-users.php. Upgrading to version 5.127.4 eliminates this...
Auteur: VulDB

Enghouse Web Chat 6.2.284.34 POST Request Remote File Inclusion privilege escalation

A vulnerability was found in Enghouse Web Chat 6.2.284.34 and classified as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Enghouse Web Chat 6.1.300.31/6.2.284.34 QueueName cross site scripting

A vulnerability has been found in Enghouse Web Chat 6.1.300.31/6.2.284.34 and classified as problematic. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Enghouse Web Chat 6.1.300.31/6.2.284.34 Chat Log privilege escalation

A vulnerability, which was classified as critical, was found in Enghouse Web Chat 6.1.300.31/6.2.284.34. Affected is an unknown function of the component Chat Log Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First279280281282283284285286287288Last

Événements SSI