mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

D-Link DCH-M225 up to 1.05b01 Media Renderer Name Shell Metacharacter OS Command Injection privilege escalation

A vulnerability, which was classified as critical, has been found in D-Link DCH-M225 up to 1.05b01. This issue affects an unknown part of the component Media Renderer Name Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

D-Link DCH-M225 up to 1.05b01 spotifyConnect.php userName privilege escalation

A vulnerability classified as critical was found in D-Link DCH-M225 up to 1.05b01. This vulnerability affects some unknown functionality of the file spotifyConnect.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Aterm WG2600HS up to 1.3.2 OS Command Injection privilege escalation

A vulnerability classified as critical has been found in Aterm WG2600HS up to 1.3.2. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Aterm WG2600HS up to 1.3.2 cross site scripting [CVE-2020-5533]

A vulnerability was found in Aterm WG2600HS up to 1.3.2. It has been rated as problematic. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Aterm WF1200C/WG1200CR/WG2600HS Management Screen OS Command Injection privilege escalation

A vulnerability was found in Aterm WF1200C, WG1200CR and WG2600HS (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component Management Screen. There is no information...
Auteur: VulDB

Aterm WF1200C/WG1200CR/WG2600HS UPnP OS Command Injection privilege escalation

A vulnerability was found in Aterm WF1200C, WG1200CR and WG2600HS (version unknown). It has been classified as critical. Affected is an unknown code block of the component UPnP. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Dell Client Platform BIOS Setup weak authentication [CVE-2020-5326]

A vulnerability was found in Dell Client Platform (unknown version) and classified as problematic. This issue affects an unknown code of the component BIOS Setup. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Dell Client Consumer and Commercial Platform Firmware Update Utility privilege escalation

A vulnerability has been found in Dell Client Consumer and Commercial Platform (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown part of the component Firmware Update Utility. There is no...
Auteur: VulDB

Atos Unify OpenScape UC Web Client 1.0 JSON API information disclosure

A vulnerability, which was classified as problematic, was found in Atos Unify OpenScape UC Web Client 1.0. This affects some unknown functionality of the component JSON API. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Atos Unify OpenScape UC Web Client 1.0 Profile Name Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Atos Unify OpenScape UC Web Client 1.0. Affected by this issue is an unknown functionality of the component Profile Name Handler. There is no information about possible...
Auteur: VulDB

Patriot Viper RGB up to 1.1 IoControlCode memory corruption

A vulnerability classified as critical was found in Patriot Viper RGB up to 1.1. Affected by this vulnerability is an unknown function of the component IoControlCode Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OX App Suite up to 7.10.2 Server-Side Request Forgery [CVE-2019-18846]

A vulnerability classified as critical has been found in OX App Suite up to 7.10.2. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Google Releases Security Updates for Chrome

Original release date: February 21, 2020Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although...
Auteur: US Cert

CERTFR-2020-AVI-109 : Multiples vulnérabilités dans Nagios XI (21 février 2020)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant déjà authentifié de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-108 : Multiples vulnérabilités dans Stormshield Network Security (21 février 2020)

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-107 : Multiples vulnérabilités dans PHP (21 février 2020)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Avira Antivirus for Endpoint AV Engine ISO Archive privilege escalation

A vulnerability was found in Avira Antivirus for Endpoint, Antivirus for Small Business, Exchange Security Gateway), Internet Security Suite for Windows, Security Suite for Windows and Cross Platform Anti-Malware SDK. It has been rated as...
Auteur: VulDB

Red Gate SQL Monitor up to 9.2.14 SNMP Alert sql injection

A vulnerability was found in Red Gate SQL Monitor up to 9.2.14. It has been declared as critical. This vulnerability affects an unknown code of the component SNMP Alert Handler. Upgrading to version 9.2.15 eliminates this vulnerability.
Auteur: VulDB

x-crypto prior 0.0.0-20200220183623-bac4c82f6975 on Go Signature Verification weak authentication

A vulnerability was found in x-crypto on Go. It has been classified as critical. This affects an unknown part of the component Signature Verification Handler. Upgrading to version 0.0.0-20200220183623-bac4c82f6975 eliminates this vulnerability.
Auteur: VulDB

ProFTPD 1.3.7 pool.c alloc_pool memory corruption

A vulnerability was found in ProFTPD 1.3.7 and classified as critical. Affected by this issue is the function alloc_pool of the file pool.c. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

ProFTPD 1.3.7 mod_cap cap_text.c cap_to_text memory corruption

A vulnerability has been found in ProFTPD 1.3.7 and classified as critical. Affected by this vulnerability is the function cap_to_text of the file cap_text.c of the component mod_cap. There is no information about possible countermeasures known....
Auteur: VulDB

Arista DCS-7050QX-32S-R TACACS+ Shell privilege escalation [CVE-2020-9015]

A vulnerability, which was classified as critical, was found in Arista DCS-7050QX-32S-R, DCS-7050CX3-32S-R and DCS-7280SRAM-48C6-R (version unknown). Affected is an unknown function of the component TACACS+ Shell. There is no information about...
Auteur: VulDB

Modula Image Gallery Plugin up to 2.2.4 on WordPress Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Modula Image Gallery Plugin up to 2.2.4 on WordPress. This issue affects some unknown processing. Upgrading to version 2.2.5 eliminates this vulnerability.
Auteur: VulDB

Western Digital My Cloud Home/ibi up to 3.5.x Session Fixation weak authentication

A vulnerability classified as critical was found in Western Digital My Cloud Home and ibi up to 3.5.x. This vulnerability affects an unknown code block. Upgrading to version 3.6.0 eliminates this vulnerability.
Auteur: VulDB

Western Digital mycloud.com up to 2.2.0 cross site scripting

A vulnerability classified as problematic has been found in Western Digital mycloud.com up to 2.2.0. This affects an unknown code. Upgrading to version 2.2.0-134 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI