vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IoTivity up to 1.3.1 CoAP Server Interface Source IP Address Amplification spoofing

A vulnerability has been found in IoTivity up to 1.3.1 and classified as problematic. This vulnerability affects a functionality of the component CoAP Server Interface. The manipulation as part of a Source IP Address leads to a spoofing...
Auteur: VulDB

Fluent Bit up to 1.0.4 MQTT Input Plugin mqtt_prot.c) mqtt_packet_drop size memory corruption

A vulnerability, which was classified as critical, was found in Fluent Bit up to 1.0.4. This affects the function mqtt_packet_drop of the file /plugins/in_mqtt/mqtt_prot.c) of the component MQTT Input Plugin. The manipulation of the argument...
Auteur: VulDB

tinysvcmdns up to 2018-01-16 mDNS Server mdns.c uncompress_nlabel Crafted Packet memory corruption

A vulnerability, which was classified as critical, has been found in tinysvcmdns up to 2018-01-16. Affected by this issue is the function uncompress_nlabel of the file mdns.c of the component mDNS Server. The manipulation as part of a Crafted...
Auteur: VulDB

GraceMedia Media Player Plugin up to 1.0 on WordPress ajax_controller.php cfg privilege escalation

A vulnerability was found in GraceMedia Media Player Plugin up to 1.0 on WordPress (Multimedia Player Software). It has been rated as critical. This issue affects some processing of the file...
Auteur: VulDB

Microsoft Releases March 2019 Security Updates

Original release date: March 12, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

CERTFR-2019-AVI-096 : Multiples vulnérabilités dans les produits Adobe (12 mars 2019)

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2019-AVI-095 : Vulnérabilité dans Citrix Application Delivery Management (ADM) (12 mars 2019)

Une vulnérabilité a été découverte dans Citrix Application Delivery Management (ADM). Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-094 : SCADA Vulnérabilité dans Siemens Scalance (12 mars 2019)

Une vulnérabilité a été découverte dans SCADA Siemens Scalance. Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

Adobe Releases Security Updates

Original release date: March 12, 2019 Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected...
Auteur: US Cert

webargs up to 5.1.2 JSON Parser JSON Payload race condition privilege escalation

A vulnerability classified as critical has been found in webargs up to 5.1.2. Affected is an unknown function of the component JSON Parser. The manipulation as part of a JSON Payload leads to a privilege escalation vulnerability (Race...
Auteur: VulDB

Vixie cron up to 3.0 force_rescan_user denial of service

A vulnerability was found in Vixie cron up to 3.0. It has been rated as problematic. This issue affects the function force_rescan_user. The manipulation with an unknown input leads to a denial of service vulnerability (Use-After-Free). Using CWE...
Auteur: VulDB

Vixie cron up to 3.0 Crontab File Memory Consumption denial of service

A vulnerability was found in Vixie cron up to 3.0. It has been declared as problematic. This vulnerability affects a code block of the component Crontab File Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Vixie cron up to 3.0 Crontab File Return Value Crash denial of service

A vulnerability was found in Vixie cron up to 3.0. It has been classified as problematic. This affects code of the component Crontab File Handler. The manipulation as part of a Return Value leads to a denial of service vulnerability (Crash). CWE...
Auteur: VulDB

FFmpeg 4.1 Subtitle Decoder htmlsubtitles.c ff_htmlmarkup_to_ass Video File denial of service

A vulnerability, which was classified as problematic, has been found in FFmpeg 4.1 (Multimedia Processing Software). Affected by this issue is the function ff_htmlmarkup_to_ass of the file libavcodec/htmlsubtitles.c of the component Subtitle...
Auteur: VulDB

Jupyter Notebook up to 5.7.6 XSSI cross site scripting

A vulnerability classified as problematic was found in Jupyter Notebook up to 5.7.6. Affected by this vulnerability is the functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability (XSSI). The CWE...
Auteur: VulDB

FFmpeg 4.1 Subtitle Decoder htmlsubtitles.c handle_open_brace Video File denial of service

A vulnerability, which was classified as problematic, was found in FFmpeg 4.1 (Multimedia Processing Software). This affects the function handle_open_brace of the file libavcodec/htmlsubtitles.c of the component Subtitle Decoder. The manipulation...
Auteur: VulDB

Mailtraq Webmail 2.17.7.3550 Email Body Persistent cross site scripting

A vulnerability was found in Mailtraq Webmail 2.17.7.3550. It has been classified as problematic. Affected is code of the component Email Body Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

Ability Mail Server 4.2.6 Email Body Persistent cross site scripting

A vulnerability was found in Ability Mail Server 4.2.6 and classified as problematic. This issue affects a part of the component Email Body Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

Dradis Community Edition/Professional Edition up to 3.11 cross site scripting

A vulnerability has been found in Dradis Community Edition and Professional Edition up to 3.11 and classified as problematic. This vulnerability affects a functionality. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Smart Forms up to 2.6.15 cross site request forgery [CVE-2019-5924]

A vulnerability, which was classified as problematic, was found in Smart Forms up to 2.6.15. This affects a function. The manipulation with an unknown input leads to a cross site request forgery vulnerability. CWE is classifying the issue as...
Auteur: VulDB

iChain Insurance Wallet App up to 1.3.0 on iOS directory traversal

A vulnerability, which was classified as critical, has been found in iChain Insurance Wallet App up to 1.3.0 on iOS. Affected by this issue is some functionality. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

Microsoft Teams DLL Loader Search Path privilege escalation

A vulnerability classified as problematic was found in Microsoft Teams. Affected by this vulnerability is the functionality of the component DLL Loader. The manipulation as part of a Search Path leads to a privilege escalation vulnerability. The...
Auteur: VulDB

Microsoft Windows 7 DLL Loader Search Path privilege escalation

A vulnerability classified as critical has been found in Microsoft Windows 7 (Operating System). Affected is an unknown function of the component DLL Loader. The manipulation as part of a Search Path leads to a privilege escalation...
Auteur: VulDB

FormCraft up to 1.2.1 cross site request forgery [CVE-2019-5920]

A vulnerability was found in FormCraft up to 1.2.1. It has been rated as problematic. This issue affects some processing. The manipulation with an unknown input leads to a cross site request forgery vulnerability. Using CWE to declare the...
Auteur: VulDB

Nablarch up to 5u13 XML Data XML External Entity

A vulnerability was found in Nablarch up to 5u13. It has been classified as critical. This affects code of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE). CWE is...
Auteur: VulDB
First567891011121314Last

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS