vendredi 3 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

UniFi Video 3.10.1 on Windows DLL privilege escalation

A vulnerability was found in UniFi Video 3.10.1 on Windows. It has been classified as critical. Affected is an unknown code block of the component DLL Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

UniFi Video Server up to 3.9.3 on Windows Privilege Check privilege escalation

A vulnerability was found in UniFi Video Server up to 3.9.3 on Windows and classified as critical. This issue affects an unknown code of the component Privilege Check. Upgrading to version 3.9.6 eliminates this vulnerability.
Auteur: VulDB

UniFi Video Server up to 3.9.3 Web Interface Firmware Update version directory traversal

A vulnerability has been found in UniFi Video Server up to 3.9.3 and classified as critical. This vulnerability affects an unknown part of the component Web Interface Firmware Update. Upgrading to version 3.10.3 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress privilege escalation [CVE-2020-7948]

A vulnerability, which was classified as critical, was found in Auth0 Plugin up to 3.x on WordPress (WordPress Plugin). This affects some unknown functionality. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Export CSV Injection privilege escalation

A vulnerability, which was classified as critical, has been found in Auth0 Plugin up to 3.x on WordPress. Affected by this issue is an unknown functionality of the component Export. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

ENS on Windows Access Control ESConfigTool.exe privilege escalation

A vulnerability classified as critical was found in ENS on Windows (affected version unknown). Affected by this vulnerability is an unknown function of the file ESConfigTool.exe of the component Access Control. There is no information about...
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Login Stored cross site scripting

A vulnerability classified as problematic has been found in Auth0 Plugin up to 3.x on WordPress. Affected is some unknown processing of the component Login. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

GNU C Library 2.30.9000 Comparison memcpy() num memory corruption

A vulnerability was found in GNU C Library 2.30.9000. It has been rated as critical. This issue affects the function memcpy() of the component Comparison. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

LearnDash Plugin 3.1.6 on WordPress sql injection [CVE-2020-6009]

A vulnerability was found in LearnDash Plugin 3.1.6 on WordPress. It has been declared as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Yamaha FWX120 denial of service [CVE-2020-5548]

A vulnerability was found in Yamaha NVR700W, NVR510, RTX810, RTX830, RTX1200, RTX1210, RTX3500, RTX5000, NVR500 and FWX120. It has been classified as problematic. This affects an unknown part. There is no information about possible...
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress Settings Page Stored cross site scripting

A vulnerability was found in Auth0 Plugin up to 3.x on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Settings Page. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

Auth0 Plugin up to 3.x on WordPress domain cross site request forgery

A vulnerability has been found in Auth0 Plugin up to 3.x on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. Upgrading to version 4.0.0 eliminates this vulnerability.
Auteur: VulDB

RedpwnCTF up to 2.2 Request Session Fixation weak authentication

A vulnerability, which was classified as critical, was found in RedpwnCTF up to 2.2. Affected is an unknown function. Upgrading to version 2.3 eliminates this vulnerability.
Auteur: VulDB

Apache Druid 0.17.0 LDAP Authentication privilege escalation

A vulnerability, which was classified as critical, has been found in Apache Druid 0.17.0. This issue affects some unknown processing of the component LDAP Authentication. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Apache CXF JMX Man-in-the-Middle unknown vulnerability

A vulnerability classified as critical was found in Apache CXF (the affected version is unknown). This vulnerability affects an unknown code block of the component JMX Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Sling CMS up to 0.15.x Administrative Console Reflected cross site scripting

A vulnerability classified as problematic has been found in Sling CMS up to 0.15.x. This affects an unknown code of the component Administrative Console. Upgrading to version 0.16.0 eliminates this vulnerability.
Auteur: VulDB

Apache OFBiz up to 16.11.07 /control/stream cross site scripting

A vulnerability was found in Apache OFBiz up to 16.11.07. It has been rated as problematic. Affected by this issue is an unknown part of the file /control/stream. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Apache HTTP Server up to 2.4.41 mod_proxy_ftp Uninitialized Memory memory corruption

A vulnerability was found in Apache HTTP Server up to 2.4.41. It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component mod_proxy_ftp. There is no information about possible countermeasures...
Auteur: VulDB

Apache HTTP Server up to 2.4.41 mod_rewrite Request privilege escalation

A vulnerability was found in Apache HTTP Server up to 2.4.41. It has been classified as critical. Affected is an unknown functionality of the component mod_rewrite. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Zoom Client for Meetings up to 4.6.8 on macOS Library privilege escalation

A vulnerability was found in Zoom Client for Meetings up to 4.6.8 on macOS and classified as critical. This issue affects an unknown function of the component Library Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Zoom Client for Meetings up to 4.6.8 on macOS Installation privilege escalation

A vulnerability has been found in Zoom Client for Meetings up to 4.6.8 on macOS and classified as critical. This vulnerability affects some unknown processing of the component Installation. There is no information about possible countermeasures...
Auteur: VulDB

Deskpro prior 2019.8.0 Helpdesk Interface template-sources code Remote Code Execution

A vulnerability, which was classified as critical, was found in Deskpro. This affects an unknown code block of the file /portal/api/style/edit-theme-set/template-sources of the component Helpdesk Interface. Upgrading to version 2019.8.0...
Auteur: VulDB

Deskpro prior 2019.8.0 Endpoint /api/tickets information disclosure

A vulnerability, which was classified as problematic, has been found in Deskpro. Affected by this issue is an unknown code of the file /api/tickets of the component Endpoint. Upgrading to version 2019.8.0 eliminates this vulnerability.
Auteur: VulDB

Deskpro prior 2019.8.0 Helpdesk Application /api/apps/ information disclosure

A vulnerability classified as problematic was found in Deskpro. Affected by this vulnerability is an unknown part of the file /api/apps/ of the component Helpdesk Application Handler. Upgrading to version 2019.8.0 eliminates this vulnerability.
Auteur: VulDB

Deskpro prior 2019.8.0 Endpoint /api/people information disclosure

A vulnerability classified as problematic has been found in Deskpro. Affected is some unknown functionality of the file /api/people of the component Endpoint. Upgrading to version 2019.8.0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI