jeudi 17 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

OX App Suite up to 7.10.2 Permission privilege escalation

A vulnerability was found in OX App Suite up to 7.10.2 and classified as critical. This issue affects an unknown part of the component Permission. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

OX App Suite 7.10.1/7.10.2 Server-Side Request Forgery [CVE-2019-14225]

A vulnerability has been found in OX App Suite 7.10.1/7.10.2 and classified as critical. This vulnerability affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2019-AVI-502 : Multiples vulnérabilités dans le noyau Linux de SUSE (14 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Auteur: Cert FR

ImageMagick up to 7.0.8-61 MagickCore/draw.c TraceBezier memory corruption

A vulnerability, which was classified as critical, was found in ImageMagick up to 7.0.8-61 (Image Processing Software). This affects the function TraceBezier of the file MagickCore/draw.c. Upgrading to version 7.0.8-62 eliminates this...
Auteur: VulDB

LibTIFF up to 4.0.10 RGBA Image tif_getimage.c memory corruption

A vulnerability, which was classified as critical, has been found in LibTIFF up to 4.0.10 (Image Processing Software). Affected by this issue is an unknown function of the file tif_getimage.c of the component RGBA Image Handler. There is no...
Auteur: VulDB

GDAL up to 3.0.1 ogr/ogr_expat.cpp OGRExpatRealloc memory corruption

A vulnerability classified as critical was found in GDAL up to 3.0.1. Affected by this vulnerability is the function OGRExpatRealloc of the file ogr/ogr_expat.cpp. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

GNU Aspell up to 0.60.7 common/getdata.cpp acommon::unescape memory corruption

A vulnerability classified as critical has been found in GNU Aspell up to 0.60.7. Affected is the function acommon::unescape of the file common/getdata.cpp. Upgrading to version 0.60.8 eliminates this vulnerability.
Auteur: VulDB

LZ4 up to 1.9.1 LZ4_write32 memory corruption

A vulnerability was found in LZ4 up to 1.9.1. It has been rated as critical. This issue affects the function LZ4_write32. Upgrading to version 1.9.2 eliminates this vulnerability.
Auteur: VulDB

FFmpeg up to 4.1 libavcodec/vqavideo.c vqa_decode_init memory corruption

A vulnerability was found in FFmpeg up to 4.1. It has been declared as critical. This vulnerability affects the function vqa_decode_init of the file libavcodec/vqavideo.c. Upgrading to version 4.2 eliminates this vulnerability.
Auteur: VulDB

ImageMagick up to 7.0.8-54 MagickCore/string.c DestroyStringInfo memory corruption

A vulnerability was found in ImageMagick up to 7.0.8-54. It has been classified as critical. This affects the function DestroyStringInfo of the file MagickCore/string.c. Upgrading to version 7.0.8-55 eliminates this vulnerability.
Auteur: VulDB

ImageMagick up to 7.0.8-53 coders/ps.c ReadPSInfo memory corruption

A vulnerability was found in ImageMagick up to 7.0.8-53 and classified as critical. Affected by this issue is the function ReadPSInfo of the file coders/ps.c. Upgrading to version 7.0.8-54 eliminates this vulnerability.
Auteur: VulDB

FFmpeg up to 4.1 libavcodec/utils.c avcodec_open2 denial of service

A vulnerability has been found in FFmpeg up to 4.1 and classified as problematic. Affected by this vulnerability is the function avcodec_open2 of the file libavcodec/utils.c. Upgrading to version 4.2 eliminates this vulnerability.
Auteur: VulDB

Centreon 19.04 main.php privilege escalation

A vulnerability, which was classified as critical, was found in Centreon 19.04. Affected is some unknown processing of the file main.php?p=60807&type=4. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Jiangnan Online Judge 0.8.0 viewfile name directory traversal

A vulnerability, which was classified as critical, has been found in Jiangnan Online Judge 0.8.0. This issue affects an unknown code block of the file web/polygon/problem/viewfile?id=1. There is no information about possible countermeasures...
Auteur: VulDB

Jiangnan Online Judge 0.8.0 deletefile name directory traversal

A vulnerability classified as critical was found in Jiangnan Online Judge 0.8.0. This vulnerability affects an unknown code of the file web/polygon/problem/deletefile?id=1. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Gila CMS up to 1.11.4 File Upload core/controllers/fm.php moveAction privilege escalation

A vulnerability classified as critical has been found in Gila CMS up to 1.11.4 (Content Management System). This affects the function moveAction of the file core/controllers/fm.php of the component File Upload. There is no information about...
Auteur: VulDB

Gila CMS up to 1.11.4 Blog Theme/Mag Theme blog-list.php search cross site scripting

A vulnerability was found in Gila CMS up to 1.11.4 (Content Management System). It has been rated as problematic. Affected by this issue is some unknown functionality of the file blog-list.php of the component Blog Theme/Mag Theme. There is no...
Auteur: VulDB

libvips up to 8.8.1 foreign/gifload.c vips_foreign_load_gif_scan_image memory corruption

A vulnerability was found in libvips up to 8.8.1. It has been declared as critical. Affected by this vulnerability is the function vips_foreign_load_gif_scan_image of the file foreign/gifload.c. Upgrading to version 8.8.2 eliminates this...
Auteur: VulDB

matio 1.5.17 mat4.c Mat_VarReadNextInfo4 memory corruption

A vulnerability was found in matio 1.5.17. It has been classified as critical. Affected is the function Mat_VarReadNextInfo4 of the file mat4.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS Rule Processing upnp/control/rules1 ruleDbBody denial of service

A vulnerability was found in Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS and classified as problematic. This issue affects some unknown processing of the file upnp/control/rules1 of the component Rule Processing. There is no information...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.10 JSON Endpoint privilege escalation

A vulnerability has been found in FasterXML jackson-databind up to 2.9.10 and classified as critical. This vulnerability affects an unknown code block of the component JSON Endpoint. There is no information about possible countermeasures known....
Auteur: VulDB

Bento4 Encryption 1.5.1.0 Core/Ap4Atom.cpp AddField memory corruption

A vulnerability, which was classified as critical, was found in Bento4 Encryption 1.5.1.0 (Multimedia Player Software). This affects the function AP4_PrintInspector::AddField of the file Core/Ap4Atom.cpp. There is no information about possible...
Auteur: VulDB

Bento4 Encryption 1.5.1.0 Ap4CommonEncryption.cpp DoInspectFields memory corruption

A vulnerability, which was classified as critical, has been found in Bento4 Encryption 1.5.1.0 (Multimedia Player Software). Affected by this issue is the function AP4_CencSampleEncryption::DoInspectFields of the file...
Auteur: VulDB

Bento4 1.5.1.0 Core/Ap4TfhdAtom.h SetDefaultSampleSize memory corruption

A vulnerability classified as critical was found in Bento4 1.5.1.0 (Multimedia Player Software). Affected by this vulnerability is the function AP4_TfhdAtom::SetDefaultSampleSize of the file Core/Ap4TfhdAtom.h. There is no information about...
Auteur: VulDB

Hotaru CMS 1.7.2 admin_index.php SITE_NAME cross site scripting

A vulnerability classified as problematic has been found in Hotaru CMS 1.7.2 (Content Management System). Affected is an unknown functionality of the file admin_index.php?page=settings. There is no information about possible countermeasures...
Auteur: VulDB
First567891011121314Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS