mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

zsh up to 5.7 setuid() MODULE_PATH privilege escalation

A vulnerability has been found in zsh up to 5.7 and classified as critical. Affected by this vulnerability is the function setuid(). Upgrading to version 5.8 eliminates this vulnerability.
Auteur: VulDB

Pacman up to 5.1 lib/libalpm/sync.c apply_deltas() command injection

A vulnerability, which was classified as critical, was found in Pacman up to 5.1. Affected is the function apply_deltas() in the library lib/libalpm/sync.c. Upgrading to version 5.2 eliminates this vulnerability.
Auteur: VulDB

Pacman up to 5.1 conf.c download_with_xfercommand() command injection

A vulnerability, which was classified as critical, has been found in Pacman up to 5.1. This issue affects the function download_with_xfercommand() of the file conf.c. Upgrading to version 5.2 eliminates this vulnerability.
Auteur: VulDB

Apache Tomcat up to 9.0.30 Header Transfer-Encoding Request Smuggling privilege escalation

A vulnerability classified as critical was found in Apache Tomcat up to 9.0.30 (Application Server Software). This vulnerability affects an unknown part of the component Header Handler. There is no information about possible countermeasures...
Auteur: VulDB

motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress includes/options.php cross site scripting

A vulnerability classified as problematic has been found in motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress (WordPress Plugin). This affects some unknown functionality of the file includes/options.php. There is no...
Auteur: VulDB

motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress includes/options.php privilege escalation

A vulnerability was found in motors-car-dealership-classified-listings Plugin up to 1.4.0 on WordPress (WordPress Plugin). It has been rated as critical. Affected by this issue is an unknown functionality of the file includes/options.php. There...
Auteur: VulDB

Centreon Web up to 19.04.3 contact_autologin_key weak authentication

A vulnerability was found in Centreon Web up to 19.04.3. It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.23 hostname Stored cross site scripting

A vulnerability was found in Netgear Nighthawk X10-R900 up to 1.0.4.23. It has been classified as problematic. Affected is some unknown processing. Upgrading to version 1.0.4.24 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.23 HTTP Header X-Forwarded-For Stored cross site scripting

A vulnerability was found in Netgear Nighthawk X10-R900 up to 1.0.4.23 and classified as problematic. This issue affects an unknown code block of the component HTTP Header Handler. Upgrading to version 1.0.4.24 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.25 SOAP Endpoint Environment Variable privilege escalation

A vulnerability has been found in Netgear Nighthawk X10-R900 up to 1.0.4.25 and classified as critical. This vulnerability affects an unknown code of the component SOAP Endpoint. Upgrading to version 1.0.4.26 eliminates this vulnerability.
Auteur: VulDB

Netgear Nighthawk X10-R900 up to 1.0.4.25 SOAP API /soap/server_sa X-Forwarded-For weak authentication

A vulnerability, which was classified as critical, was found in Netgear Nighthawk X10-R900 up to 1.0.4.25. This affects an unknown part of the file /soap/server_sa of the component SOAP API. Upgrading to version 1.0.4.26 eliminates this...
Auteur: VulDB

compile-sass up to 1.0.4 dist/index.js setupCleanupOnExit(cssPath) privilege escalation

A vulnerability, which was classified as critical, has been found in compile-sass up to 1.0.4. Affected by this issue is the function setupCleanupOnExit(cssPath) of the file dist/index.js. Upgrading to version 1.0.5 eliminates this vulnerability.
Auteur: VulDB

rdf-graph-array up to 0.3.0-rc6 rdf.Graph.prototype.add privilege escalation

A vulnerability classified as critical was found in rdf-graph-array up to 0.3.0-rc6. Affected by this vulnerability is the function rdf.Graph.prototype.add. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

rpi up to 0.0.3 src/lib/gpio.js GPIO pinNumbver privilege escalation

A vulnerability classified as critical has been found in rpi up to 0.0.3. Affected is the function GPIO in the library src/lib/gpio.js. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Drobo 5N2 4.0.5 weak authentication [CVE-2018-14705]

A vulnerability was found in Drobo 5N2 4.0.5. It has been rated as critical. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

TOTOLINK A3002RU up to 1.0.7 password.htm information disclosure

A vulnerability was found in TOTOLINK A3002RU up to 1.0.7. It has been declared as problematic. This vulnerability affects an unknown code block of the file password.htm. Upgrading to version 1.0.8 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-112 : Vulnérabilité dans Apache Tomcat (24 février 2020)

Une vulnérabilité a été découverte dans le connecteur AJP de Apache Tomcat, qui est activé par défaut. Elle permet à un attaquant ayant la capacité de se connecter directement sur le connecteur AJP de Tomcat de provoquer une atteinte à la...
Auteur: Cert FR

CERTFR-2020-AVI-111 : Multiples vulnérabilités dans IBM WebSphere Liberty (24 février 2020)

De multiples vulnérabilités ont été découvertes dans IBM WebSphere Liberty. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-110 : [SCADA] Multiples vulnérabilités dans Moxa AWK-3131A (24 février 2020)

De multiples vulnérabilités ont été découvertes dans Moxa AWK-3131A. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

Apache Tomcat up to 7.0.99/8.5.50/9.0.30 AJP Connector Ghostcat privilege escalation

A vulnerability was found in Apache Tomcat up to 7.0.99/8.5.50/9.0.30 (Application Server Software). It has been classified as critical. This affects an unknown code of the component AJP Connector. Upgrading to version 7.0.100, 8.5.51 or 9.0.31...
Auteur: VulDB

VU#498544: ZyXEL NAS pre-authentication command injection in weblogin.cgi

CWE-78:Improper Neutralization of Special Elements used in an OS Command('OS Command Injection') ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter...
Auteur: US Cert

danfruehauf NetworkManager-ssh up to 1.2.10 privilege escalation

A vulnerability was found in danfruehauf NetworkManager-ssh up to 1.2.10 (SSH Server Software) and classified as critical. Affected by this issue is an unknown part. Upgrading to version 1.2.11 eliminates this vulnerability.
Auteur: VulDB

SmartClient 12.0 Remote Procedure Call developerConsoleOperations.jsp directory traversal

A vulnerability has been found in SmartClient 12.0 and classified as critical. Affected by this vulnerability is some unknown functionality of the file /tools/developerConsoleOperations.jsp of the component Remote Procedure Call. There is no...
Auteur: VulDB

SmartClient 12.0 Remote Procedure Call developerConsoleOperations.jsp _transaction Local File Inclusion

A vulnerability, which was classified as critical, was found in SmartClient 12.0. Affected is an unknown functionality of the file /tools/developerConsoleOperations.jsp of the component Remote Procedure Call. There is no information about...
Auteur: VulDB

SmartClient 12.0 developerConsoleOperations.jsp _transaction XML External Entity

A vulnerability, which was classified as critical, has been found in SmartClient 12.0. This issue affects an unknown function of the file /tools/developerConsoleOperations.jsp. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI