jeudi 27 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBL Online Weather up to 4.3.5 Cookie information disclosure

A vulnerability classified as problematic has been found in IBL Online Weather up to 4.3.5. This affects an unknown code of the component Cookie Handler. Upgrading to version 4.3.5a eliminates this vulnerability.
Auteur: VulDB

IBL Online Weather up to 4.3.5 queryBCP privilege escalation

A vulnerability was found in IBL Online Weather up to 4.3.5. It has been rated as critical. Affected by this issue is the function queryBCP. Upgrading to version 4.3.5a eliminates this vulnerability.
Auteur: VulDB

IBL Online Weather up to 4.3.5 Redirect Page Reflected cross site scripting

A vulnerability was found in IBL Online Weather up to 4.3.5. It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component Redirect Page. Upgrading to version 4.3.5a eliminates this...
Auteur: VulDB

ISPConfig up to 3.1.15p2 reverse_proxy_panel_allowed=sites sql injection

A vulnerability was found in ISPConfig up to 3.1.15p2. It has been classified as critical. Affected is an unknown functionality. Upgrading to version 3.1.15p3 eliminates this vulnerability.
Auteur: VulDB

pricing-table-by-supsystic Plugin up to 1.8.1 on WordPress cross site request forgery

A vulnerability was found in pricing-table-by-supsystic Plugin up to 1.8.1 on WordPress (WordPress Plugin) and classified as problematic. This issue affects an unknown function. Upgrading to version 1.8.2 eliminates this vulnerability.
Auteur: VulDB

pricing-table-by-supsystic Plugin up to 1.8.1 on WordPress cross site scripting

A vulnerability has been found in pricing-table-by-supsystic Plugin up to 1.8.1 on WordPress and classified as problematic. This vulnerability affects some unknown processing. Upgrading to version 1.8.2 eliminates this vulnerability.
Auteur: VulDB

MiContact Center Business with Site Based Security up to 9.0.1.0 SDK information disclosure

A vulnerability, which was classified as problematic, was found in MiContact Center Business with Site Based Security up to 9.0.1.0. This affects an unknown code block of the component SDK. There is no information about possible countermeasures...
Auteur: VulDB

Gurux GXDLMS Director up to 8.5.1905.1301 Code Execution directory traversal

A vulnerability, which was classified as critical, has been found in Gurux GXDLMS Director up to 8.5.1905.1301. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Gurux GXDLMS Director prior 8.5.1905.1301 Update gurux.fi/obis/files.xml Code Execution

A vulnerability classified as critical was found in Gurux GXDLMS Director. Affected by this vulnerability is an unknown part of the file gurux.fi/obis/files.xml of the component Update Handler. Upgrading to version 8.5.1905.1301 eliminates this...
Auteur: VulDB

Druva inSync Mac OS Client 6.5.0 Python Expression privilege escalation

A vulnerability classified as critical has been found in Druva inSync Mac OS Client 6.5.0. Affected is some unknown functionality of the component Python Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Druva inSync Windows Client 6.5.0 System Command OS Command Injection privilege escalation

A vulnerability was found in Druva inSync Windows Client 6.5.0. It has been rated as critical. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Google Chrome prior 80.0.3987.122 v8 Type Confusion memory corruption

A vulnerability was found in Google Chrome (Web Browser). It has been declared as critical. This vulnerability affects an unknown function of the component v8. Upgrading to version 80.0.3987.122 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-115 : Multiples vulnérabilités dans Aruba AirWave (26 février 2020)

De multiples vulnérabilités ont été découvertes dans Aruba AirWave. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-114 : Multiples vulnérabilités dans le noyau Linux de Red Hat (26 février 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

Linux Kernel up to 5.5.6 on AArch64 GNU C Library Heap-based memory corruption

A vulnerability was found in Linux Kernel up to 5.5.6 on AArch64 (Operating System). It has been classified as critical. This affects some unknown processing of the component GNU C Library. There is no information about possible countermeasures...
Auteur: VulDB

Linux Kernel up to 5.5.6 drivers/block/floppy.c set_fdc memory corruption

A vulnerability was found in Linux Kernel up to 5.5.6 (Operating System) and classified as critical. Affected by this issue is the function set_fdc of the file drivers/block/floppy.c. There is no information about possible countermeasures known....
Auteur: VulDB

10Web Photo Gallery Plugin up to 1.5.45 on WordPress Stored cross site scripting

A vulnerability has been found in 10Web Photo Gallery Plugin up to 1.5.45 on WordPress (Photo Gallery Software) and classified as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 1.5.46 eliminates this...
Auteur: VulDB

Envira Photo Gallery Plugin up to 1.7.6 on WordPress Stored cross site scripting

A vulnerability, which was classified as problematic, was found in Envira Photo Gallery Plugin up to 1.7.6 on WordPress (Photo Gallery Software). Affected is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

WpJobBoard Plugin 5.5.3 on WordPress Add Job Form title/Description Persistent cross site scripting

A vulnerability, which was classified as problematic, has been found in WpJobBoard Plugin 5.5.3 on WordPress (WordPress Plugin). This issue affects some unknown functionality of the component Add Job Form Handler. There is no information about...
Auteur: VulDB

LiteCart up to 2.2.1 cross site request forgery [CVE-2020-9018]

A vulnerability classified as problematic was found in LiteCart up to 2.2.1. This vulnerability affects an unknown functionality of the file admin/?app=users&doc=edit_user. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

LiteCart up to 2.2.1 Customer Profile CSV Injection privilege escalation

A vulnerability classified as critical has been found in LiteCart up to 2.2.1. This affects an unknown function of the component Customer Profile Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

BlackBoard Learn/PeopleTool 9.1 Profile Editor Stored cross site scripting

A vulnerability was found in BlackBoard Learn and PeopleTool 9.1 (Forum Software). It has been rated as problematic. Affected by this issue is some unknown processing of the component Profile Editor. There is no information about possible...
Auteur: VulDB

OpenSMTPD up to 6.6.3 mta_session.c memory corruption

A vulnerability was found in OpenSMTPD up to 6.6.3. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file mta_session.c. Upgrading to version 6.6.4 eliminates this vulnerability.
Auteur: VulDB

OpenSMTPD up to 6.6.3 makemap.c Search Path information disclosure

A vulnerability was found in OpenSMTPD up to 6.6.3. It has been classified as problematic. Affected is an unknown code of the file makemap.c. Upgrading to version 6.6.4 eliminates this vulnerability.
Auteur: VulDB

Moxa AWK-3131A 1.13 Web Authentication SNMP Request weak authentication

A vulnerability was found in Moxa AWK-3131A 1.13 and classified as critical. This issue affects an unknown part of the component Web Authentication. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
12345678910Last

Événements SSI