vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-121 : Multiples vulnérabilités dans le noyau Linux de SUSE (21 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Auteur: Cert FR

CERTFR-2019-AVI-120 : Multiples vulnérabilités dans Cisco IP Phone (21 mars 2019)

De multiples vulnérabilités ont été découvertes dans Cisco IP Phone. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2019-AVI-119 : Vulnérabilité dans Drupal (21 mars 2019)

Une vulnérabilité a été découverte dans Drupal. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

AudioCodes IP Phone 420HD 2.2.12.126 Remote Code Execution [CVE-2018-10093]

A vulnerability was found in AudioCodes IP Phone 420HD 2.2.12.126. It has been classified as critical. This affects code. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is classifying...
Auteur: VulDB

AudioCodes IP Phone 420HD 2.2.12.126 cross site scripting [CVE-2018-10091]

A vulnerability was found in AudioCodes IP Phone 420HD 2.2.12.126 and classified as problematic. Affected by this issue is a part. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the...
Auteur: VulDB

Dropbear prior 2013.59 GSSAPI User information disclosure

A vulnerability has been found in Dropbear (SSH Server Software) and classified as problematic. Affected by this vulnerability is a functionality of the component GSSAPI. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

IBM InfoSphere Streams 4.2.1 weak encryption [CVE-2017-1713]

A vulnerability, which was classified as critical, was found in IBM InfoSphere Streams 4.2.1 (Reporting Software). Affected is a function. The manipulation with an unknown input leads to a weak encryption vulnerability. CWE is classifying the...
Auteur: VulDB

LibTIFF 4.0.8 tif_open.c denial of service

A vulnerability, which was classified as problematic, has been found in LibTIFF 4.0.8 (Image Processing Software). This issue affects some functionality of the file tif_open.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

PCRE 8.41 pcre_exec.c match() denial of service [Disputed]

A vulnerability classified as problematic was found in PCRE 8.41 (Programming Tool Software). This vulnerability affects the function match() of the file pcre_exec.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

NetIQ eDirectory up to 9.0.1 Communication Security Downgrade privilege escalation

A vulnerability classified as critical has been found in NetIQ eDirectory up to 9.0.1 (Network Encryption Software). This affects an unknown function of the component Communication Security. The manipulation with an unknown input leads to a...
Auteur: VulDB

Moxa OnCell G3251 Reflected cross site scripting [CVE-2016-5819]

A vulnerability was found in Moxa G3100V2, OnCell G3111, OnCell G3151, OnCell G3211 and OnCell G3251. It has been rated as problematic. Affected by this issue is some processing. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Fatek Automation PM Designer V3/Automation FV Designer Communication Server memory corruption

A vulnerability was found in Fatek Automation PM Designer V3 and Automation FV Designer. It has been declared as critical. Affected by this vulnerability is a code block of the component Communication Server. The manipulation with an unknown...
Auteur: VulDB

Insteon Hub 2245-222 up to 1012 PubNub Message HTTP Request Stack-based memory corruption

A vulnerability was found in Insteon Hub 2245-222 up to 1012 (Network Management Software). It has been declared as critical. Affected by this vulnerability is a code block of the component PubNub Message Handler. The manipulation as part of a...
Auteur: VulDB

Insteon Hub 2245-222 up to 1012 PubNub Message HTTP Request Stack-based memory corruption

A vulnerability was found in Insteon Hub 2245-222 up to 1012 (Network Management Software). It has been classified as critical. Affected is code of the component PubNub Message Handler. The manipulation as part of a HTTP Request leads to a...
Auteur: VulDB

Insteon Hub 2245-222 up to 1012 PubNub Message HTTP Request Stack-based memory corruption

A vulnerability was found in Insteon Hub 2245-222 up to 1012 (Network Management Software) and classified as critical. This issue affects a part of the component PubNub Message Handler. The manipulation as part of a HTTP Request leads to a...
Auteur: VulDB

Schneider Electric Modicon BMXNOC0401 URL Reflected cross site scripting

A vulnerability has been found in Schneider Electric Modicon BMXNOC0401, Modicon BMXNOE0100, Modicon BMXNOE0110, Modicon BMXNOE0110H, Modicon BMXNOR0200H, Modicon BMXP342020, Modicon BMXP342020H, Modicon BMXP342030, Modicon BMXP3420302, Modicon...
Auteur: VulDB

Schneider Electric Modicon BMXNOC0401 PCL Web Server Remote File Inclusion privilege escalation

A vulnerability, which was classified as critical, was found in Schneider Electric Modicon BMXNOC0401, Modicon BMXNOE0100, Modicon BMXNOE0110, Modicon BMXNOE0110H, Modicon BMXNOR0200H, Modicon BMXP342020, Modicon BMXP342020H, Modicon BMXP342030,...
Auteur: VulDB

Jolly Technologies Lobby Track Desktop Kiosk Mode information disclosure

A vulnerability, which was classified as problematic, was found in Jolly Technologies Lobby Track Desktop. Affected is a function of the component Kiosk Mode. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

PrinterOn Enterprise 4.1.4 Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in PrinterOn Enterprise 4.1.4 (Printing Software). This issue affects some functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

shellinabox up to 2.20 HTTP Request Parser libhttp/url.c denial of service

A vulnerability classified as problematic was found in shellinabox up to 2.20. This vulnerability affects the functionality of the file libhttp/url.c of the component HTTP Request Parser. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

Siemens EN100 Ethernet Module Security Vulnerability Crafted Packet denial of service

A vulnerability classified as problematic has been found in Siemens EN100 Ethernet Module. This affects an unknown function of the component Security Vulnerability. The manipulation as part of a Crafted Packet leads to a denial of service...
Auteur: VulDB

COYO 9.0.8/10.0.11/12.0.4 iFrame Widget cross site scripting

A vulnerability was found in COYO 9.0.8/10.0.11/12.0.4. It has been rated as problematic. Affected by this issue is some processing of the component iFrame Widget. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Solarwinds Serv-U FTP Server 15.1.6 Import privilege escalation

A vulnerability was found in Solarwinds Serv-U FTP Server 15.1.6 (File Transfer Software). It has been declared as critical. Affected by this vulnerability is a code block of the component Import Handler. The manipulation with an unknown input...
Auteur: VulDB

Repute ARForms 3.5.1 admin-ajax.php Request denial of service

A vulnerability was found in Repute ARForms 3.5.1. It has been classified as problematic. Affected is code of the file admin-ajax.php. The manipulation as part of a Request leads to a denial of service vulnerability. CWE is classifying the issue...
Auteur: VulDB

Synaptics TouchPad Driver SynTP.sys information disclosure [CVE-2018-15532]

A vulnerability was found in Synaptics TouchPad Driver (Hardware Driver Software) and classified as problematic. This issue affects a part in the library SynTP.sys. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB
12345678910Last

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS