samedi 4 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ABB eSOMS up to 6.0.3 HTTPS Response information disclosure

A vulnerability classified as problematic was found in ABB eSOMS up to 6.0.3. Affected by this vulnerability is an unknown code of the component HTTPS Response Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ABB eSOMS up to 6.0.2 Secure Flag HTTP Response Header weak encryption

A vulnerability classified as problematic has been found in ABB eSOMS up to 6.0.2. Affected is an unknown part of the component Secure Flag Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

ABB eSOMS up to 6.0.3 X-Content-Type-Options Header HTTP Response cross site scripting

A vulnerability was found in ABB eSOMS up to 6.0.3. It has been rated as problematic. This issue affects some unknown functionality of the component X-Content-Type-Options Header. There is no information about possible countermeasures known. It...
Auteur: VulDB

ABB eSOMS up to 6.0.2 httponly cross site scripting

A vulnerability was found in ABB eSOMS up to 6.0.2. It has been declared as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

ABB eSOMS up to 6.0.2 Content Security Policy HTTP Response Header cross site scripting

A vulnerability was found in ABB eSOMS up to 6.0.2. It has been classified as problematic. This affects an unknown function of the component Content Security Policy Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ABB eSOMS up to 6.0.2 X-Frame-Options HTTP Response Clickjacking privilege escalation

A vulnerability was found in ABB eSOMS up to 6.0.2 and classified as critical. Affected by this issue is some unknown processing of the component X-Frame-Options. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

ABB eSOMS up to 6.0.3 HTTP Header information disclosure

A vulnerability has been found in ABB eSOMS up to 6.0.3 and classified as problematic. Affected by this vulnerability is an unknown code block of the component HTTP Header Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

ksh 20120801 Environment Variable Command privilege escalation

A vulnerability, which was classified as critical, was found in ksh 20120801. Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

Fortinet FortiOS ZebOS privilege escalation [CVE-2018-13371]

A vulnerability, which was classified as critical, has been found in Fortinet FortiOS (Firewall Software) (unknown version). This issue affects an unknown part of the component ZebOS. There is no information about possible countermeasures known....
Auteur: VulDB

FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

Original release date: April 2, 2020The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform).  Many...
Auteur: US Cert

UniFi Video 3.10.1 on Windows DLL privilege escalation

A vulnerability was found in UniFi Video 3.10.1 on Windows. It has been classified as critical. Affected is an unknown code block of the component DLL Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

UniFi Video Server up to 3.9.3 on Windows Privilege Check privilege escalation

A vulnerability was found in UniFi Video Server up to 3.9.3 on Windows and classified as critical. This issue affects an unknown code of the component Privilege Check. Upgrading to version 3.9.6 eliminates this vulnerability.
Auteur: VulDB

UniFi Video Server up to 3.9.3 Web Interface Firmware Update version directory traversal

A vulnerability has been found in UniFi Video Server up to 3.9.3 and classified as critical. This vulnerability affects an unknown part of the component Web Interface Firmware Update. Upgrading to version 3.10.3 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress privilege escalation [CVE-2020-7948]

A vulnerability, which was classified as critical, was found in Auth0 Plugin up to 3.x on WordPress (WordPress Plugin). This affects some unknown functionality. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Export CSV Injection privilege escalation

A vulnerability, which was classified as critical, has been found in Auth0 Plugin up to 3.x on WordPress. Affected by this issue is an unknown functionality of the component Export. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

ENS on Windows Access Control ESConfigTool.exe privilege escalation

A vulnerability classified as critical was found in ENS on Windows (affected version unknown). Affected by this vulnerability is an unknown function of the file ESConfigTool.exe of the component Access Control. There is no information about...
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Login Stored cross site scripting

A vulnerability classified as problematic has been found in Auth0 Plugin up to 3.x on WordPress. Affected is some unknown processing of the component Login. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

GNU C Library 2.30.9000 Comparison memcpy() num memory corruption

A vulnerability was found in GNU C Library 2.30.9000. It has been rated as critical. This issue affects the function memcpy() of the component Comparison. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

LearnDash Plugin 3.1.6 on WordPress sql injection [CVE-2020-6009]

A vulnerability was found in LearnDash Plugin 3.1.6 on WordPress. It has been declared as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Yamaha FWX120 denial of service [CVE-2020-5548]

A vulnerability was found in Yamaha NVR700W, NVR510, RTX810, RTX830, RTX1200, RTX1210, RTX3500, RTX5000, NVR500 and FWX120. It has been classified as problematic. This affects an unknown part. There is no information about possible...
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Settings Page Stored cross site scripting

A vulnerability was found in Auth0 Plugin up to 3.x on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Settings Page. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress domain cross site request forgery

A vulnerability has been found in Auth0 Plugin up to 3.x on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

RedpwnCTF up to 2.2 Request Session Fixation weak authentication

A vulnerability, which was classified as critical, was found in RedpwnCTF up to 2.2. Affected is an unknown function. Upgrading to version 2.3 eliminates this vulnerability.
Auteur: VulDB

Apache Druid 0.17.0 LDAP Authentication privilege escalation

A vulnerability, which was classified as critical, has been found in Apache Druid 0.17.0. This issue affects some unknown processing of the component LDAP Authentication. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Apache CXF JMX Man-in-the-Middle unknown vulnerability

A vulnerability classified as critical was found in Apache CXF (the affected version is unknown). This vulnerability affects an unknown code block of the component JMX Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI