vendredi 15 février 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Mobotix S14 MX-V4.2.1.61 Password Storage DES weak encryption

A vulnerability classified as critical has been found in Mobotix S14 MX-V4.2.1.61. Affected is an unknown function of the component Password Storage. The manipulation with an unknown input leads to a weak encryption vulnerability (DES). CWE is...
Auteur: VulDB

elfutils 0.175 elf32_xlatetom.c elf32_xlatetom memory corruption

A vulnerability was found in elfutils 0.175. It has been rated as critical. This issue affects the function elf32_xlatetom of the file elf32_xlatetom.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

elfutils 0.175 libelf/note_xlate.h elf_cvt_note denial of service

A vulnerability was found in elfutils 0.175. It has been declared as problematic. This vulnerability affects the function elf_cvt_note of the file libelf/note_xlate.h. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

LibTIFF 4.0.10 libtiff/tif_dirwrite.c cpSeparateBufToContigBuf denial of service

A vulnerability was found in LibTIFF 4.0.10 (Image Processing Software). It has been classified as problematic. This affects the function cpSeparateBufToContigBuf of the file libtiff/tif_dirwrite.c. The manipulation with an unknown input leads...
Auteur: VulDB

Binaryen 1.38.22 WASM File wasm-binary.cpp getType() denial of service

A vulnerability was found in Binaryen 1.38.22 and classified as problematic. Affected by this issue is the function wasm::WasmBinaryBuilder::getType() of the file wasm-binary.cpp of the component WASM File Handler. The manipulation with an...
Auteur: VulDB

Genivia gSOAP up to 2.7.x/2.8.74 libgsoapck/libgsoapck++ denial of service

A vulnerability has been found in Genivia gSOAP up to 2.7.x/2.8.74 and classified as problematic. Affected by this vulnerability is a functionality of the component libgsoapck/libgsoapck++. The manipulation with an unknown input leads to a...
Auteur: VulDB

CERTFR-2019-AVI-049 : Vulnérabilité dans Fortinet (08 février 2019)

Une vulnérabilité a été découverte dans Fortinet. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-048 : Multiples vulnérabilités dans les produits Apple (08 février 2019)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-047 : Vulnérabilité dans LibreOffice (08 février 2019)

Une vulnérabilité a été découverte dans LibreOffice. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

LifeSize Team/Room/Passport/Networker support/mtusize.php mtu_size command injection

A vulnerability has been found in LifeSize Team, Room, Passport and Networker and classified as critical. This vulnerability affects a functionality of the file support/mtusize.php. The manipulation of the argument mtu_size as part of a Shell...
Auteur: VulDB

Pagure 5.2 API Key api_key_expire_mail.py information disclosure

A vulnerability, which was classified as problematic, was found in Pagure 5.2. This affects a function of the file files/api_key_expire_mail.py of the component API Key Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption

A vulnerability classified as critical has been found in Nginx Unit up to 1.7.0 (Web Server). Affected is an unknown function of the component Router Process. The manipulation as part of a Request leads to a memory corruption vulnerability...
Auteur: VulDB

Kentico 10.0.42 SMTP Configuration Page Cleartext information disclosure [Disputed]

A vulnerability was found in Kentico 10.0.42. It has been rated as problematic. This issue affects some processing of the component SMTP Configuration Page. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication

A vulnerability classified as critical has been found in gsi-openssh-server 7.9p1 on Fedora (Connectivity Software). This affects an unknown function of the file /etc/gsissh/sshd_config. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_pixels.c Map1toN memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been rated as critical. Affected by this issue is the function Map1toN of the file video/SDL_pixels.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_surface.c SDL_FillRect memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been declared as critical. Affected by this vulnerability is the function SDL_FillRect of the file video/SDL_surface.c. The manipulation with an unknown input leads...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_pixels.c SDL_GetRGB memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9. It has been classified as critical. Affected is the function SDL_GetRGB of the file video/SDL_pixels.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Simple DirectMedia Layer up to 1.2.15/2.0.9 video/SDL_blit_1.c Blit1to4 memory corruption

A vulnerability was found in Simple DirectMedia Layer up to 1.2.15/2.0.9 and classified as critical. This issue affects the function Blit1to4 of the file video/SDL_blit_1.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Cisco Meeting Server up to 2.3.8 Session Initiation Protocol Messages denial of service

A vulnerability, which was classified as problematic, was found in Cisco Meeting Server up to 2.3.8. This affects a function of the component Session Initiation Protocol. The manipulation as part of a Messages leads to a denial of service...
Auteur: VulDB

Cisco Identity Services Engine Web-based Management Interface Parameter cross site scripting

A vulnerability, which was classified as problematic, has been found in Cisco Identity Services Engine (Policy Management Software). Affected by this issue is some functionality of the component Web-based Management Interface. The manipulation ...
Auteur: VulDB

Cisco Web Security Appliance 10.1.x/10.5.x Decryption Policy Default Action privilege escalation

A vulnerability classified as critical was found in Cisco Web Security Appliance 10.1.x/10.5.x (Anti-Malware Software). Affected by this vulnerability is the functionality of the component Decryption Policy Default Action. The manipulation with...
Auteur: VulDB

Fortinet FortiClientWindows up to 6.0.2 NDIS Miniport Driver NULL Pointer Dereference denial of service

A vulnerability classified as problematic has been found in Fortinet FortiClientWindows up to 6.0.2. Affected is an unknown function of the component NDIS Miniport Driver. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

HelpSystems tcpcrypt up to 6.7.1 on Linux memory corruption [CVE-2018-20764]

A vulnerability was found in HelpSystems tcpcrypt up to 6.7.1 on Linux. It has been rated as critical. This issue affects some processing. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare...
Auteur: VulDB

Symantec Ghost Solution Suite up to 3.3 DLL privilege escalation

A vulnerability was found in Symantec Ghost Solution Suite up to 3.3 (Operating System). It has been declared as problematic. This vulnerability affects a code block of the component DLL Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Fortinet FortiOS 5.6.0 SSH username Format String

A vulnerability was found in Fortinet FortiOS 5.6.0 (Firewall Software). It has been classified as critical. This affects code of the component SSH. The manipulation of the argument username as part of a Variable leads to a format string...
Auteur: VulDB
First567891011121314Last

Événements SSI

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS