lundi 6 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

strong-nginx-controller up to 1.0.2 _nginxCmd() command injection

A vulnerability was found in strong-nginx-controller up to 1.0.2 (Web Server). It has been declared as critical. This vulnerability affects the function _nginxCmd(). There is no information about possible countermeasures known. It may be...
Auteur: VulDB

pomelo-monitor up to 0.3.7 command injection [CVE-2020-7620]

A vulnerability was found in pomelo-monitor up to 0.3.7. It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

get-git-data up to 1.3.1 Argument command injection

A vulnerability was found in get-git-data up to 1.3.1 (Versioning Software) and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ini-parser up to 0.0.2 Object.prototype privilege escalation

A vulnerability has been found in ini-parser up to 0.0.2 and classified as critical. Affected by this vulnerability is the function Object.prototype. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 Telnet Service weak authentication

A vulnerability, which was classified as very critical, was found in CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP 3.4.2.0919 (Cloud Software). Affected is an unknown code block of the component Telnet Service. It is possible to mitigate...
Auteur: VulDB

ViewVC up to 1.1.27/1.2.0 CVS show_subdir_lastmod cross site scripting

A vulnerability, which was classified as problematic, has been found in ViewVC up to 1.1.27/1.2.0. This issue affects an unknown code of the component CVS show_subdir_lastmod. Upgrading to version 1.1.28 or 1.2.1 eliminates this vulnerability.
Auteur: VulDB

IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3 Global Teams REST API denial of service

A vulnerability classified as problematic was found in IBM Process Federation Server 18.0.0.1/18.0.0.2/19.0.0.1/19.0.0.2/19.0.0.3. This vulnerability affects an unknown part of the component Global Teams REST API. There is no information about...
Auteur: VulDB

IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting

A vulnerability classified as problematic has been found in IBM WebSphere Application Server Liberty up to 20.0.0.3 (Application Server Software). This affects some unknown functionality of the component Web UI. There is no information about...
Auteur: VulDB

IBM WebSphere Application Server Liberty up to 20.0.0.3 Web UI cross site scripting

A vulnerability was found in IBM WebSphere Application Server Liberty up to 20.0.0.3 (Application Server Software). It has been rated as problematic. Affected by this issue is an unknown functionality of the component Web UI. There is no...
Auteur: VulDB

Firmware Analysis and Comparison Tool 3 mongo_task_conversion.py Web Request cross site scripting

A vulnerability was found in Firmware Analysis and Comparison Tool 3 (Firmware Software). It has been declared as problematic. Affected by this vulnerability is an unknown function of the file helperFunctions/mongo_task_conversion.py. There is no...
Auteur: VulDB

Slack Nebula up to 1.1.0 tun_darwin.go privilege escalation

A vulnerability was found in Slack Nebula up to 1.1.0 (Messaging Software). It has been classified as critical. Affected is some unknown processing of the file tun_darwin.go. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Linux Kernel up to 5.6.2 drivers/net/can/slcan.c slc_bump information disclosure

A vulnerability was found in Linux Kernel up to 5.6.2 (Operating System) and classified as problematic. This issue affects the function slc_bump of the file drivers/net/can/slcan.c. There is no information about possible countermeasures known. It...
Auteur: VulDB

Zen Load Balancer 3.10.1 index.cgi Monitoring::Logs filelog directory traversal

A vulnerability has been found in Zen Load Balancer 3.10.1 and classified as critical. This vulnerability affects the function Monitoring::Logs of the file index.cgi. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zen Load Balancer 3.10.1 index.cgi Manage::Certificates Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in Zen Load Balancer 3.10.1. This affects the function Manage::Certificates of the file index.cgi. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

MISP prior 2.4.124 app/Model/feed.php information disclosure

A vulnerability, which was classified as problematic, has been found in MISP. Affected by this issue is some unknown functionality of the file app/Model/feed.php. Upgrading to version 2.4.124 eliminates this vulnerability.
Auteur: VulDB

MicroStrategy Web 10.4 HTML Container Stored cross site scripting

A vulnerability classified as problematic was found in MicroStrategy Web 10.4. Affected by this vulnerability is an unknown functionality of the component HTML Container. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

MicroStrategy Web 10.4 Test Web Service /MicroStrategyWS/ Parameter Server-Side Request Forgery

A vulnerability classified as critical has been found in MicroStrategy Web 10.4. Affected is an unknown function of the file /MicroStrategyWS/ of the component Test Web Service. There is no information about possible countermeasures known. It may...
Auteur: VulDB

MicroStrategy Web 10.4 Import Server-Side Request Forgery

A vulnerability was found in MicroStrategy Web 10.4. It has been rated as critical. This issue affects some unknown processing of the component Import Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

MicroStrategy Web 10.4 Admin Panel ZIP Archive Server-Side Request Forgery

A vulnerability was found in MicroStrategy Web 10.4. It has been declared as critical. This vulnerability affects an unknown code block of the component Admin Panel. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

MicroStrategy Web 10.4 happyaxis.jsp information disclosure

A vulnerability was found in MicroStrategy Web 10.4. It has been classified as problematic. This affects an unknown code of the file /MicroStrategyWS/happyaxis.jsp. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Sonatype Nexus Repository Manager up to 3.21.2 Access Control privilege escalation

A vulnerability was found in Sonatype Nexus Repository Manager up to 3.21.2 and classified as critical. Affected by this issue is an unknown part of the component Access Control. There is no information about possible countermeasures known. It...
Auteur: VulDB

XAMPP up to 7.2.28/7.3.15/7.4.3 on Windows xampp-contol.ini privilege escalation

A vulnerability has been found in XAMPP up to 7.2.28/7.3.15/7.4.3 on Windows and classified as critical. Affected by this vulnerability is some unknown functionality of the file xampp-contol.ini. Upgrading to version 7.2.29, 7.3.16 or 7.4.4...
Auteur: VulDB

HAProxy up to 2.1.3 HPACK Decoder hpack-tbl.c hpack_dht_insert Request memory corruption

A vulnerability, which was classified as critical, was found in HAProxy up to 2.1.3 (Firewall Software). Affected is the function hpack_dht_insert of the file hpack-tbl.c of the component HPACK Decoder. Upgrading to version 2.1.4 eliminates this...
Auteur: VulDB

STARFACE UCC Client up to 6.7.1 on Windows privilege escalation

A vulnerability, which was classified as critical, has been found in STARFACE UCC Client up to 6.7.1 on Windows. This issue affects an unknown function. Upgrading to version 6.7.1.204 eliminates this vulnerability.
Auteur: VulDB

codeBeamer up to 9.5.0-RC2 privilege escalation [CVE-2019-20635]

A vulnerability classified as critical was found in codeBeamer up to 9.5.0-RC2. This vulnerability affects some unknown processing. Upgrading to version 9.5.0-RC3 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI