lundi 6 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Netdata 1.10.0 JSON web/api/web_api_v1.c tqx privilege escalation

A vulnerability was found in Netdata 1.10.0. It has been classified as critical. Affected is an unknown part of the file web/api/web_api_v1.c of the component JSON Handler. The manipulation of the argument tqx as part of a Parameter leads to a...
Auteur: VulDB

Tubigan Welcome to our Resort 1.0 controller.php cross site request forgery

A vulnerability was found in Tubigan Welcome to our Resort 1.0 and classified as problematic. This issue affects some unknown functionality of the file admin/mod_users/controller.php?action=edit. The manipulation with an unknown input leads to a...
Auteur: VulDB

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: June 18, 2019 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was...
Auteur: US Cert

i-doit open 1.12 src/tools/php/qr/qr.php url cross site scripting

A vulnerability has been found in i-doit open 1.12 and classified as problematic. This vulnerability affects an unknown functionality of the file src/tools/php/qr/qr.php. The manipulation of the argument url as part of a Parameter leads to a...
Auteur: VulDB

Craft CMS 3.1.30 cross site scripting [CVE-2019-12823]

A vulnerability, which was classified as problematic, was found in Craft CMS 3.1.30 (Content Management System). This affects an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

Phoenix Contact AXC F 2152/AXC F 2152 STARTERKIT prior 2019.0 LTS SD Card Data weak authentication

A vulnerability, which was classified as critical, has been found in Phoenix Contact AXC F 2152 and AXC F 2152 STARTERKIT. Affected by this issue is some unknown processing of the component SD Card Data Handler. The manipulation with an unknown...
Auteur: VulDB

UrBackup 2.2.6 CClientThread.cpp ProcessPacket Request denial of service

A vulnerability classified as problematic was found in UrBackup 2.2.6 (Backup Software). Affected by this vulnerability is the function CClientThread::ProcessPacket of the file fileservplugin/CClientThread.cpp. The manipulation as part of a...
Auteur: VulDB

CERTFR-2019-AVI-279 : Multiples vulnérabilités dans le noyau Linux de SUSE (18 juin 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la...
Auteur: Cert FR

MISP 2.4.109 app/Model/Server.php file_exists privilege escalation

A vulnerability classified as critical has been found in MISP 2.4.109. Affected is the function file_exists of the file app/Model/Server.php. The manipulation with an unknown input leads to a privilege escalation vulnerability (Deserialization)....
Auteur: VulDB

Linux Kernel SACK TCP Packet Kernel Panic denial of service

A vulnerability was found in Linux Kernel (Operating System) (unknown version). It has been rated as critical. This issue affects an unknown part of the component SACK Handler. The manipulation as part of a TCP Packet leads to a denial of...
Auteur: VulDB

CERTFR-2019-AVI-278 : Multiples vulnérabilités dans le noyau Linux de RedHat (18 juin 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.

Auteur: Cert FR

CERTFR-2019-AVI-277 : Multiples vulnérabilités dans le noyau Linux de Debian (18 juin 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de...
Auteur: Cert FR

CERTFR-2019-AVI-276 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (18 juin 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-275 : Vulnérabilité dans Citrix (18 juin 2019)

Une vulnérabilité a été découverte dans Citrix. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.

Auteur: Cert FR

Microsoft Windows Extension privilege escalation

A vulnerability was found in Microsoft Windows (Operating System) (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the component Extension Handler. The manipulation ...
Auteur: VulDB

RubyGems up to 3.0.2 Gem::CommandManager#run Escape Sequence privilege escalation

A vulnerability was found in RubyGems up to 3.0.2 (Programming Language Software). It has been classified as critical. This affects the function Gem::CommandManager#run. The manipulation as part of a Escape Sequence leads to a privilege...
Auteur: VulDB

RubyGems up to 3.0.2 Code Execution [CVE-2019-8324]

A vulnerability was found in RubyGems up to 3.0.2 (Programming Language Software) and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

RubyGems up to 3.0.2 API Response GemcutterUtilities#with_response Escape Sequence privilege escalation

A vulnerability has been found in RubyGems up to 3.0.2 (Programming Language Software) and classified as critical. Affected by this vulnerability is the function Gem::GemcutterUtilities#with_response of the component API Response Handler. The...
Auteur: VulDB

RubyGems up to 3.0.2 API Response Escape Sequence Injection privilege escalation

A vulnerability, which was classified as critical, was found in RubyGems up to 3.0.2 (Programming Language Software). Affected is an unknown code block of the component API Response Handler. The manipulation as part of a Escape Sequence leads to...
Auteur: VulDB

RubyGems up to 3.0.2 UserInteraction#verbose Escape Sequence privilege escalation

A vulnerability, which was classified as critical, has been found in RubyGems up to 3.0.2 (Programming Language Software). This issue affects the function Gem::UserInteraction#verbose. The manipulation as part of a Escape Sequence leads to a...
Auteur: VulDB

Linksys WRT1900ACS 1.0.3.187766 Webserver setup.js.localized information disclosure

A vulnerability classified as problematic was found in Linksys WRT1900ACS 1.0.3.187766 (Router Operating System). This vulnerability affects an unknown part of the file ui/1.0.99.187766/dynamic/js/setup.js.localized of the component Webserver....
Auteur: VulDB

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera up to 3.x Web Interface /etc/shadow directory traversal

A vulnerability classified as problematic has been found in Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera up to 3.x. This affects some unknown functionality of the file /etc/shadow of the component Web Interface. The manipulation...
Auteur: VulDB

HP IPP Parser memory corruption [CVE-2019-6327]

A vulnerability was found in HP Color LaserJet Pro M280-M281 Multifunction Printer and LaserJet Pro MFP M28-M31 Printer (Printing Software) (affected version not known). It has been rated as critical. Affected by this issue is an unknown...
Auteur: VulDB

HP Embedded Web Server memory corruption [CVE-2019-6326]

A vulnerability was found in HP Color LaserJet Pro M280-M281 Multifunction Printer and LaserJet Pro MFP M28-M31 Printer (Printing Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an...
Auteur: VulDB

HP Embedded Web Server cross site request forgery [CVE-2019-6325]

A vulnerability was found in HP Color LaserJet Pro M280-M281 Multifunction Printer and LaserJet Pro MFP M28-M31 Printer (Printing Software) (version unknown). It has been classified as problematic. Affected is some unknown processing of the...
Auteur: VulDB
First622623624625626627628629630631Last

Événements SSI