mercredi 16 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

qibosoft 7 do/jf.php eval content cross site request forgery

A vulnerability, which was classified as problematic, has been found in qibosoft 7. Affected by this issue is the function eval of the file do/jf.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

74cms 5.2.8 BackendController.class.php _list sort sql injection

A vulnerability classified as critical was found in 74cms 5.2.8. Affected by this vulnerability is the function _list of the file Common/Controller/BackendController.class.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Zoho ManageEngine OpManager up to 12.3 OPMDeviceDetailsServlet Servlet sql injection

A vulnerability classified as critical has been found in Zoho ManageEngine OpManager up to 12.3 (Network Management Software). Affected is an unknown part of the component OPMDeviceDetailsServlet Servlet. Upgrading to version 12.4 Build 124089...
Auteur: VulDB

MiniShare 1.4.1 HTTP CONNECT Request Stack-based memory corruption

A vulnerability was found in MiniShare 1.4.1. It has been rated as critical. This issue affects some unknown functionality of the component HTTP CONNECT Request Handler. The problem might be mitigated by replacing the product with as an...
Auteur: VulDB

Intelbras IWR 1000N 1.6.4 v1/system/user information disclosure

A vulnerability was found in Intelbras IWR 1000N 1.6.4. It has been declared as problematic. This vulnerability affects an unknown functionality of the file v1/system/user. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Dark Horse Comics App 1.3.21 on Android Log Token information disclosure

A vulnerability was found in Dark Horse Comics App 1.3.21 on Android (Android App Software). It has been classified as problematic. This affects an unknown function of the component Log Handler. There is no information about possible...
Auteur: VulDB

DoorDash App up to 11.5.2 on Android Log Credentials information disclosure

A vulnerability was found in DoorDash App up to 11.5.2 on Android (Android App Software) and classified as problematic. Affected by this issue is some unknown processing of the component Log Handler. There is no information about possible...
Auteur: VulDB

PowerSchool Mobile App 1.1.8 on Android Log Credentials information disclosure

A vulnerability has been found in PowerSchool Mobile App 1.1.8 on Android (Android App Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component Log Handler. There is no information about...
Auteur: VulDB

Rapid Gator App 0.7.1 on Android Log Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Rapid Gator App 0.7.1 on Android (Android App Software). Affected is an unknown code of the component Log Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Seesaw Parent and Family App 6.2.5 on Android Log Credentials information disclosure

A vulnerability, which was classified as problematic, has been found in Seesaw Parent and Family App 6.2.5 on Android (Android App Software). This issue affects an unknown part of the component Log Handler. There is no information about possible...
Auteur: VulDB

Infinite Design App 3.4.12 on Android Authentication weak encryption

A vulnerability classified as problematic was found in Infinite Design App 3.4.12 on Android (Android App Software). This vulnerability affects some unknown functionality of the component Authentication. There is no information about possible...
Auteur: VulDB

Orbitz App 19.31.1 on Android Log Credentials information disclosure

A vulnerability classified as problematic has been found in Orbitz App 19.31.1 on Android (Android App Software). This affects an unknown functionality of the component Log Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Dolibarr ERP/CRM 10.0.2 user/note.php Note cross site scripting

A vulnerability was found in Dolibarr ERP and CRM 10.0.2. It has been rated as problematic. Affected by this issue is an unknown function of the file user/note.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Connect2id Nimbus JOSE+JWT up to 7.8 JWT Parser privilege escalation

A vulnerability was found in Connect2id Nimbus JOSE+JWT up to 7.8. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component JWT Parser. Upgrading to version 7.9 eliminates this vulnerability.
Auteur: VulDB

KeyCloak up to 7.x REST API privilege escalation

A vulnerability was found in KeyCloak up to 7.x. It has been classified as critical. Affected is an unknown code block of the component REST API. Upgrading to version 8.0.0 eliminates this vulnerability.
Auteur: VulDB

Glue Smart Lock 2.7.8 Guest Access privilege escalation

A vulnerability was found in Glue Smart Lock 2.7.8 and classified as critical. This issue affects an unknown code of the component Guest Access. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

safer-eval up to 1.3.1 Sandbox Remote Code Execution

A vulnerability has been found in safer-eval up to 1.3.1 and classified as critical. This vulnerability affects an unknown part of the component Sandbox. Upgrading to version 1.3.2 eliminates this vulnerability.
Auteur: VulDB

safer-eval up to 1.3.3 Sandbox Remote Code Execution

A vulnerability, which was classified as critical, was found in safer-eval up to 1.3.3. This affects some unknown functionality of the component Sandbox. Upgrading to version 1.3.4 eliminates this vulnerability.
Auteur: VulDB

haml up to 5.0.0.beta.1 Code Execution [CVE-2017-1002201]

A vulnerability classified as critical was found in haml up to 5.0.0.beta.1. Affected by this vulnerability is an unknown function. Upgrading to version 5.0.0.beta.2 eliminates this vulnerability.
Auteur: VulDB

Oracle Releases October 2019 Security Bulletin

Original release date: October 15, 2019Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Adobe Releases Security Updates for Multiple Products

Original release date: October 15, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

WordPress Releases Security Update

Original release date: October 15, 2019WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and...
Auteur: US Cert

Dell ImageAssist up to 8.7.14 Image information disclosure

A vulnerability classified as problematic has been found in Dell ImageAssist up to 8.7.14. Affected is some unknown processing of the component Image Handler. Upgrading to version 8.7.15 eliminates this vulnerability.
Auteur: VulDB

ncurses prior 6.1-20191012 terminfo Library tinfo/comp_hash.c fmt_entry memory corruption

A vulnerability was found in ncurses. It has been rated as critical. This issue affects the function fmt_entry of the file tinfo/comp_hash.c of the component terminfo Library. Upgrading to version 6.1-20191012 eliminates this vulnerability.
Auteur: VulDB

ncurses prior 6.1-20191012 terminfo Library tinfo/comp_hash.c _nc_find_entry memory corruption

A vulnerability was found in ncurses. It has been declared as critical. This vulnerability affects the function _nc_find_entry of the file tinfo/comp_hash.c of the component terminfo Library. Upgrading to version 6.1-20191012 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS