mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Patriot Viper RGB up to 1.1 IoControlCode memory corruption

A vulnerability classified as critical was found in Patriot Viper RGB up to 1.1. Affected by this vulnerability is an unknown function of the component IoControlCode Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OX App Suite up to 7.10.2 Server-Side Request Forgery [CVE-2019-18846]

A vulnerability classified as critical has been found in OX App Suite up to 7.10.2. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Google Releases Security Updates for Chrome

Original release date: February 21, 2020Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although...
Auteur: US Cert

CERTFR-2020-AVI-109 : Multiples vulnérabilités dans Nagios XI (21 février 2020)

De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant déjà authentifié de provoquer une exécution de code arbitraire et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-108 : Multiples vulnérabilités dans Stormshield Network Security (21 février 2020)

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-107 : Multiples vulnérabilités dans PHP (21 février 2020)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Avira Antivirus for Endpoint AV Engine ISO Archive privilege escalation

A vulnerability was found in Avira Antivirus for Endpoint, Antivirus for Small Business, Exchange Security Gateway), Internet Security Suite for Windows, Security Suite for Windows and Cross Platform Anti-Malware SDK. It has been rated as...
Auteur: VulDB

Red Gate SQL Monitor up to 9.2.14 SNMP Alert sql injection

A vulnerability was found in Red Gate SQL Monitor up to 9.2.14. It has been declared as critical. This vulnerability affects an unknown code of the component SNMP Alert Handler. Upgrading to version 9.2.15 eliminates this vulnerability.
Auteur: VulDB

x-crypto prior 0.0.0-20200220183623-bac4c82f6975 on Go Signature Verification weak authentication

A vulnerability was found in x-crypto on Go. It has been classified as critical. This affects an unknown part of the component Signature Verification Handler. Upgrading to version 0.0.0-20200220183623-bac4c82f6975 eliminates this vulnerability.
Auteur: VulDB

ProFTPD 1.3.7 pool.c alloc_pool memory corruption

A vulnerability was found in ProFTPD 1.3.7 and classified as critical. Affected by this issue is the function alloc_pool of the file pool.c. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

ProFTPD 1.3.7 mod_cap cap_text.c cap_to_text memory corruption

A vulnerability has been found in ProFTPD 1.3.7 and classified as critical. Affected by this vulnerability is the function cap_to_text of the file cap_text.c of the component mod_cap. There is no information about possible countermeasures known....
Auteur: VulDB

Arista DCS-7050QX-32S-R TACACS+ Shell privilege escalation [CVE-2020-9015]

A vulnerability, which was classified as critical, was found in Arista DCS-7050QX-32S-R, DCS-7050CX3-32S-R and DCS-7280SRAM-48C6-R (version unknown). Affected is an unknown function of the component TACACS+ Shell. There is no information about...
Auteur: VulDB

Modula Image Gallery Plugin up to 2.2.4 on WordPress Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Modula Image Gallery Plugin up to 2.2.4 on WordPress. This issue affects some unknown processing. Upgrading to version 2.2.5 eliminates this vulnerability.
Auteur: VulDB

Western Digital My Cloud Home/ibi up to 3.5.x Session Fixation weak authentication

A vulnerability classified as critical was found in Western Digital My Cloud Home and ibi up to 3.5.x. This vulnerability affects an unknown code block. Upgrading to version 3.6.0 eliminates this vulnerability.
Auteur: VulDB

Western Digital mycloud.com up to 2.2.0 cross site scripting

A vulnerability classified as problematic has been found in Western Digital mycloud.com up to 2.2.0. This affects an unknown code. Upgrading to version 2.2.0-134 eliminates this vulnerability.
Auteur: VulDB

Trend Micro Vulnerability Protection 2.0 DLL privilege escalation

A vulnerability was found in Trend Micro Vulnerability Protection 2.0. It has been rated as critical. Affected by this issue is an unknown part of the component DLL Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Honeywell INNCOM INNControl 3 Configuration File privilege escalation

A vulnerability was found in Honeywell INNCOM INNControl 3. It has been classified as critical. Affected is an unknown functionality of the component Configuration File Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

UAP-Core up to 0.7.2 Regular Expression User-Agent ReDoS denial of service

A vulnerability was found in UAP-Core up to 0.7.2 and classified as problematic. This issue affects an unknown function of the component Regular Expression Handler. Upgrading to version 0.7.3 eliminates this vulnerability.
Auteur: VulDB

openHAB up to 2.5.1 REST privilege escalation

A vulnerability has been found in openHAB up to 2.5.1 and classified as critical. This vulnerability affects some unknown processing of the component REST Handler. Upgrading to version 2.5.2 eliminates this vulnerability.
Auteur: VulDB

Adobe After Effects up to 16.1.2 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in Adobe After Effects up to 16.1.2. This affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Adobe Media Encoder up to 14.0 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in Adobe Media Encoder up to 14.0. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Emptoris Spend Analysis 10.1.0.x/10.1.1.x/10.1.3.x Back-End Database sql injection

A vulnerability classified as critical was found in IBM Emptoris Spend Analysis and Emptoris Strategic Supply Management 10.1.0.x/10.1.1.x/10.1.3.x. Affected by this vulnerability is an unknown part of the component Back-End Database. There is no...
Auteur: VulDB

IBM Maximo Asset Management 7.6.0.10/7.6.1.1 information disclosure

A vulnerability classified as problematic has been found in IBM Maximo Asset Management 7.6.0.10/7.6.1.1. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Electronic Arts Origin 10.5.55.33574 DACL Origin.exe WriteFileEx() Named Pipe privilege escalation

A vulnerability was found in Electronic Arts Origin 10.5.55.33574. It has been rated as critical. This issue affects the function WriteFileEx() in the library libeay32.dll of the file Origin.exe of the component DACL Handler. There is no...
Auteur: VulDB

Trend Micro Security 2019 up to 15.0.0.1163 Malware Protection denial of service

A vulnerability was found in Trend Micro Security 2019 up to 15.0.0.1163. It has been declared as problematic. This vulnerability affects an unknown function of the component Malware Protection. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI