mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

DeDeCMS 5.7SP2 Password Reset member/resetpassword.php id privilege escalation

A vulnerability classified as critical has been found in DeDeCMS 5.7SP2 (Content Management System). This affects an unknown function of the file member/resetpassword.php of the component Password Reset. The manipulation of the argument id as...
Auteur: VulDB

PHP League CommonMark library up to 0.18.2 Double Encoding cross site scripting

A vulnerability was found in PHP League CommonMark library up to 0.18.2 (Programming Language Software). It has been rated as problematic. Affected by this issue is some processing of the component Double Encoding Handler. The manipulation with...
Auteur: VulDB

Tesla Model 3 Entertainment System Code Execution [CVE-2019-9977]

A vulnerability was found in Tesla Model 3 and classified as critical. This issue affects a part of the component Entertainment System. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). Using...
Auteur: VulDB

Python up to 2.7.16/3.7.2 urllib2 urllib.request.urlopen Query String privilege escalation

A vulnerability has been found in Python up to 2.7.16/3.7.2 (Programming Language Software) and classified as critical. Affected by this vulnerability is a functionality in the library urllib.request.urlopen of the component urllib2. The...
Auteur: VulDB

SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation

A vulnerability, which was classified as critical, was found in SoftNAS Cloud 4.2.0/4.2.1 (Cloud Software). Affected is a function of the component Nginx. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE...
Auteur: VulDB

Twig up to 1.13.x/2.6.x Sandbox __toString() information disclosure

A vulnerability, which was classified as problematic, has been found in Twig up to 1.13.x/2.6.x. This issue affects the function __toString() of the component Sandbox. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Hostapd up to 2.5 os_random() weak encryption

A vulnerability classified as critical was found in Hostapd up to 2.5 (Operating System). This vulnerability affects the function os_random(). The manipulation with an unknown input leads to a weak encryption vulnerability (PRNG). The CWE...
Auteur: VulDB

Hospira Symbiq Infusion System up to 3.13 privilege escalation

A vulnerability classified as critical has been found in Hospira Symbiq Infusion System up to 3.13. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the...
Auteur: VulDB

Python up to 2.7.16 File Scheme passwd') privilege escalation

A vulnerability was found in Python up to 2.7.16 (Programming Language Software) and classified as critical. Affected by this issue is a part in the library urllib.urlopen('local_file:/etc/passwd') of the component File Scheme Handler. The...
Auteur: VulDB

Mozilla Releases Security Updates for Firefox

Original release date: March 22, 2019 Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and...
Auteur: US Cert

CERTFR-2019-AVI-123 : Multiples vulnérabilités dans le noyau Linux de SUSE (22 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-122 : Multiples vulnérabilités dans PuTTY (22 mars 2019)

De multiples vulnérabilités ont été découvertes dans PuTTY. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

kingcomposer Plugin 2.7.6 on WordPress admin.php id cross site scripting

A vulnerability has been found in kingcomposer Plugin 2.7.6 on WordPress and classified as problematic. Affected by this vulnerability is a functionality of the file wp-admin/admin.php?page=kc-mapper. The manipulation of the argument id with an...
Auteur: VulDB

Donation Plugin and Fundraising Platform Plugin up to 2.3.0 on WordPress wp-admin/edit.php csv cross site scripting

A vulnerability, which was classified as problematic, was found in Donation Plugin and Fundraising Platform Plugin up to 2.3.0 on WordPress. Affected is a function of the file wp-admin/edit.php. The manipulation of the argument csv with an...
Auteur: VulDB

font-organizer Plugin 2.1.1 on WordPress options-general.php manage_font_id cross site scripting

A vulnerability, which was classified as problematic, has been found in font-organizer Plugin 2.1.1 on WordPress. This issue affects some functionality of the file wp-admin/options-general.php. The manipulation of the argument manage_font_id...
Auteur: VulDB

Core FTP Server 2.0 Build 674 SIZE Command directory traversal

A vulnerability classified as problematic was found in Core FTP Server 2.0 Build 674 (File Transfer Software). This vulnerability affects the functionality of the component SIZE Command Handler. The manipulation with the input value \..\..\...
Auteur: VulDB

IBM API Connect 2018.1/2018.4.1.2 Username information disclosure

A vulnerability was found in IBM API Connect 2018.1/2018.4.1.2. It has been classified as problematic. Affected is code. The manipulation with an unknown input leads to a information disclosure vulnerability (Username). CWE is classifying the...
Auteur: VulDB

IBM Content Navigator 3.0CD privilege escalation [CVE-2019-4035]

A vulnerability was found in IBM Content Navigator 3.0CD (Network Encryption Software) and classified as critical. This issue affects a part. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to...
Auteur: VulDB

Cisco IP Phone 8800 prior 12.5(1)SR1 Web-based Management Interface Connection Request denial of service

A vulnerability classified as problematic was found in Cisco IP Phone 8800. Affected by this vulnerability is the functionality of the component Web-based Management Interface. The manipulation as part of a Connection Request leads to a denial...
Auteur: VulDB

Cisco IP Phone 8800 Web-based Management Interface privilege escalation

A vulnerability classified as critical has been found in Cisco IP Phone 8800. Affected is an unknown function of the component Web-based Management Interface. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Cisco IP Phone 8800 Web-based Management Interface cross site request forgery

A vulnerability was found in Cisco IP Phone 8800. It has been rated as problematic. This issue affects some processing of the component Web-based Management Interface. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Cisco IP Phone 8800 Web-based Management Interface URL weak authentication

A vulnerability was found in Cisco IP Phone 8800. It has been declared as critical. This vulnerability affects a code block of the component Web-based Management Interface. The manipulation as part of a URL leads to a weak authentication...
Auteur: VulDB

Cisco IP Phone 7800/IP Phone 8800 Web-based Management Interface privilege escalation

A vulnerability was found in Cisco IP Phone 7800 and IP Phone 8800. It has been classified as critical. This affects code of the component Web-based Management Interface. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

OpenText Portal 7.4.4 vgnextoid cross site scripting

A vulnerability was found in OpenText Portal 7.4.4 and classified as problematic. Affected by this issue is a part. The manipulation of the argument vgnextoid as part of a Parameter leads to a cross site scripting vulnerability. Using CWE to...
Auteur: VulDB

SHAREit up to 4.0.35 on Android privilege escalation [CVE-2019-9939]

A vulnerability was found in SHAREit up to 4.0.35 on Android. It has been rated as critical. Affected by this issue is some processing. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare...
Auteur: VulDB
First684685686687688689690691692693Last

Événements SSI