mardi 25 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apache Tomcat up to 7.0.99/8.5.50/9.0.30 AJP Connector Ghostcat privilege escalation

A vulnerability was found in Apache Tomcat up to 7.0.99/8.5.50/9.0.30 (Application Server Software). It has been classified as critical. This affects an unknown code of the component AJP Connector. Upgrading to version 7.0.100, 8.5.51 or 9.0.31...
Auteur: VulDB

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter...
Auteur: US Cert

danfruehauf NetworkManager-ssh up to 1.2.10 privilege escalation

A vulnerability was found in danfruehauf NetworkManager-ssh up to 1.2.10 (SSH Server Software) and classified as critical. Affected by this issue is an unknown part. Upgrading to version 1.2.11 eliminates this vulnerability.
Auteur: VulDB

SmartClient 12.0 Remote Procedure Call developerConsoleOperations.jsp directory traversal

A vulnerability has been found in SmartClient 12.0 and classified as critical. Affected by this vulnerability is some unknown functionality of the file /tools/developerConsoleOperations.jsp of the component Remote Procedure Call. There is no...
Auteur: VulDB

SmartClient 12.0 Remote Procedure Call developerConsoleOperations.jsp _transaction Local File Inclusion

A vulnerability, which was classified as critical, was found in SmartClient 12.0. Affected is an unknown functionality of the file /tools/developerConsoleOperations.jsp of the component Remote Procedure Call. There is no information about...
Auteur: VulDB

SmartClient 12.0 developerConsoleOperations.jsp _transaction XML External Entity

A vulnerability, which was classified as critical, has been found in SmartClient 12.0. This issue affects an unknown function of the file /tools/developerConsoleOperations.jsp. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SmartClient 12.0 developerConsoleOperations.jsp _transaction information disclosure

A vulnerability classified as problematic was found in SmartClient 12.0. This vulnerability affects some unknown processing of the file /tools/developerConsoleOperations.jsp. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SAS Visual Analytics 8.5 Graph Builder cross site scripting

A vulnerability classified as problematic has been found in SAS Visual Analytics 8.5. This affects an unknown code block of the component Graph Builder. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

F-Secure Cloud Protection For Salesforce prior 17.0.605.474 AV Parsing Engine GZIP Archive privilege escalation

A vulnerability was found in F-Secure Cloud Protection For Salesforce, Email, Server Security and Internet GateKeeper (Cloud Software). It has been rated as critical. Affected by this issue is an unknown code of the component AV Parsing Engine....
Auteur: VulDB

CandidATS 2.1.0 index.php cross site request forgery

A vulnerability was found in CandidATS 2.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown part of the file index.php?m=settings&a=addUser. There is no information about possible countermeasures known. It may...
Auteur: VulDB

fauzantrif eLection 2.0 op_kandidat.php id sql injection

A vulnerability was found in fauzantrif eLection 2.0. It has been classified as critical. Affected is some unknown functionality of the file admin/ajax/op_kandidat.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Soplanning 1.45 status.php Name/Comment cross site scripting

A vulnerability was found in Soplanning 1.45 and classified as problematic. This issue affects an unknown functionality of the file status.php. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Soplanning 1.45 cross site scripting [CVE-2020-9338]

A vulnerability has been found in Soplanning 1.45 and classified as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

fauzantrif eLection 2.0 Admin Dashboard cross site scripting

A vulnerability, which was classified as problematic, was found in fauzantrif eLection 2.0. This affects some unknown processing of the component Admin Dashboard. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Xerox WorkCentre Printer prior 073.xxx.000.02300 LDAP Default Credentials privilege escalation

A vulnerability, which was classified as critical, has been found in Xerox WorkCentre Printer (Printing Software). Affected by this issue is an unknown code block of the component LDAP Handler. Upgrading to version 073.xxx.000.02300 eliminates...
Auteur: VulDB

Gogs up to 0.11.91 internal/db/repo.go privilege escalation

A vulnerability classified as critical was found in Gogs up to 0.11.91. Affected by this vulnerability is an unknown code of the file internal/db/repo.go. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SQLite 3.31.1 Column NULL Pointer Dereference denial of service

A vulnerability classified as problematic has been found in SQLite 3.31.1. Affected is an unknown part of the component Column Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Couchbase Server up to 5.x REST Endpoint privilege escalation

A vulnerability was found in Couchbase Server up to 5.x. It has been rated as critical. This issue affects some unknown functionality of the component REST Endpoint. Upgrading to version 6.0.0 eliminates this vulnerability.
Auteur: VulDB

D-Link DAP-2610 v2.01RC067 weak authentication [CVE-2020-8862]

A vulnerability was found in D-Link DAP-2610 v2.01RC067. It has been declared as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

D-Link DAP-1330 1.10B01 HNAP Login Request weak authentication

A vulnerability was found in D-Link DAP-1330 1.10B01. It has been classified as critical. This affects an unknown function of the component HNAP Login Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Samsung Galaxy S10 G973FXXS3ASJA/O(8.x)/P(9.0)/Q(10.0) Exynos Chipset Messages Stack-based memory corruption

A vulnerability was found in Samsung Galaxy S10 G973FXXS3ASJA/O(8.x)/P(9.0)/Q(10.0) and classified as critical. Affected by this issue is some unknown processing of the component Exynos Chipset. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cacti 1.2.8 Cooikie graph_realtime.php privilege escalation

A vulnerability has been found in Cacti 1.2.8 and classified as critical. Affected by this vulnerability is an unknown code block of the file graph_realtime.php of the component Cooikie Handler. There is no information about possible...
Auteur: VulDB

JetBrains Scala Plugin prior 2019.2.1 weak encryption [CVE-2020-7907]

A vulnerability, which was classified as critical, was found in JetBrains Scala Plugin. Affected is an unknown code. Upgrading to version 2019.2.1 eliminates this vulnerability.
Auteur: VulDB

D-Link DCH-M225 up to 1.05b01 Media Renderer Name Shell Metacharacter OS Command Injection privilege escalation

A vulnerability, which was classified as critical, has been found in D-Link DCH-M225 up to 1.05b01. This issue affects an unknown part of the component Media Renderer Name Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

D-Link DCH-M225 up to 1.05b01 spotifyConnect.php userName privilege escalation

A vulnerability classified as critical was found in D-Link DCH-M225 up to 1.05b01. This vulnerability affects some unknown functionality of the file spotifyConnect.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI