mardi 7 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

git-add-remote up to 1.0.0 name command injection

A vulnerability was found in git-add-remote up to 1.0.0. It has been classified as critical. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

install-package up to 0.4.0 options command injection

A vulnerability was found in install-package up to 0.4.0 and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

install-package up to 1.1.6 command injection [CVE-2020-7628]

A vulnerability has been found in install-package up to 1.1.6 and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

node-key-sender up to 1.0.11 execute() arrParams command injection

A vulnerability, which was classified as critical, was found in node-key-sender up to 1.0.11. This affects the function execute(). There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

karma-mojo up to 1.0.1 config command injection

A vulnerability, which was classified as critical, has been found in karma-mojo up to 1.0.1. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

op-browser up to 1.0.6 url command injection

A vulnerability classified as critical was found in op-browser up to 1.0.6. Affected by this vulnerability is the function url. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

effect up to 1.0.4 options command injection

A vulnerability classified as critical has been found in effect up to 1.0.4. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

jscover up to 1.0.0 source command injection

A vulnerability was found in jscover up to 1.0.0. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

strong-nginx-controller up to 1.0.2 _nginxCmd() command injection

A vulnerability was found in strong-nginx-controller up to 1.0.2 (Web Server). It has been declared as critical. This vulnerability affects the function _nginxCmd(). There is no information about possible countermeasures known. It may be...
Auteur: VulDB

pomelo-monitor up to 0.3.7 command injection [CVE-2020-7620]

A vulnerability was found in pomelo-monitor up to 0.3.7. It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

get-git-data up to 1.3.1 Argument command injection

A vulnerability was found in get-git-data up to 1.3.1 (Versioning Software) and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ini-parser up to 0.0.2 Object.prototype privilege escalation

A vulnerability has been found in ini-parser up to 0.0.2 and classified as critical. Affected by this vulnerability is the function Object.prototype. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 Telnet Service weak authentication

A vulnerability, which was classified as very critical, was found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 (Cloud Software). Affected is an unknown code block of the component Telnet Service. It is possible to mitigate...
Auteur: VulDB

ViewVC up to 1.1.27/1.2.0 CVS show_subdir_lastmod cross site scripting

A vulnerability, which was classified as problematic, has been found in ViewVC up to 1.1.27/1.2.0. This issue affects an unknown code of the component CVS show_subdir_lastmod. Upgrading to version 1.1.28 or 1.2.1 eliminates this vulnerability.
Auteur: VulDB

IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3 Global Teams REST API denial of service

A vulnerability classified as problematic was found in IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3. This vulnerability affects an unknown part of the component Global Teams REST API. There is no information about...
Auteur: VulDB

IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting

A vulnerability classified as problematic has been found in IBM WebSphere Application Server Liberty up to 20.0.0.3 (Application Server Software). This affects some unknown functionality of the component Web UI. There is no information about...
Auteur: VulDB

IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting

A vulnerability was found in IBM WebSphere Application Server Liberty up to 20.0.0.3 (Application Server Software). It has been rated as problematic. Affected by this issue is an unknown functionality of the component Web UI. There is no...
Auteur: VulDB

Firmware Analysis and Comparison Tool 3 mongo_task_conversion.py Web Request cross site scripting

A vulnerability was found in Firmware Analysis and Comparison Tool 3 (Firmware Software). It has been declared as problematic. Affected by this vulnerability is an unknown function of the file helperFunctions/mongo_task_conversion.py. There is no...
Auteur: VulDB

Slack Nebula up to 1.1.0 tun_darwin.go privilege escalation

A vulnerability was found in Slack Nebula up to 1.1.0 (Messaging Software). It has been classified as critical. Affected is some unknown processing of the file tun_darwin.go. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Linux Kernel up to 5.6.2 drivers/net/can/slcan.c slc_bump information disclosure

A vulnerability was found in Linux Kernel up to 5.6.2 (Operating System) and classified as problematic. This issue affects the function slc_bump of the file drivers/net/can/slcan.c. There is no information about possible countermeasures known. It...
Auteur: VulDB

Zen Load Balancer 3.10.1 index.cgi Monitoring::Logs filelog directory traversal

A vulnerability has been found in Zen Load Balancer 3.10.1 and classified as critical. This vulnerability affects the function Monitoring::Logs of the file index.cgi. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zen Load Balancer 3.10.1 index.cgi Manage::Certificates Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in Zen Load Balancer 3.10.1. This affects the function Manage::Certificates of the file index.cgi. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

MISP prior 2.4.124 app/Model/feed.php information disclosure

A vulnerability, which was classified as problematic, has been found in MISP. Affected by this issue is some unknown functionality of the file app/Model/feed.php. Upgrading to version 2.4.124 eliminates this vulnerability.
Auteur: VulDB

MicroStrategy Web 10.4 HTML Container Stored cross site scripting

A vulnerability classified as problematic was found in MicroStrategy Web 10.4. Affected by this vulnerability is an unknown functionality of the component HTML Container. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

MicroStrategy Web 10.4 Test Web Service /MicroStrategyWS/ Parameter Server-Side Request Forgery

A vulnerability classified as critical has been found in MicroStrategy Web 10.4. Affected is an unknown function of the file /MicroStrategyWS/ of the component Test Web Service. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI