jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM API Connect 5.0.0.0/5.0.8.4 MongoDB Connector sql injection

A vulnerability was found in IBM API Connect 5.0.0.0/5.0.8.4. It has been declared as critical. Affected by this vulnerability is a code block of the component MongoDB Connector. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

IBM Connect 2018.1/2018.4.1/5.0.8.0/5.0.8.4 REST API weak authentication

A vulnerability was found in IBM Connect 2018.1/2018.4.1/5.0.8.0/5.0.8.4. It has been classified as critical. Affected is code of the component REST API. The manipulation with an unknown input leads to a weak authentication vulnerability. CWE is...
Auteur: VulDB

IBM Domino 9.0/9.0.1 Command Line nsd.exe Command Line Argument privilege escalation

A vulnerability was found in IBM Domino 9.0/9.0.1 and classified as critical. This issue affects a part of the file nsd.exe of the component Command Line. The manipulation as part of a Command Line Argument leads to a privilege escalation...
Auteur: VulDB

Elasticsearch Security 6.5.0/6.5.1 Java Security Manager Request XML External Entity

A vulnerability has been found in Elasticsearch Security 6.5.0/6.5.1 and classified as critical. This vulnerability affects a functionality of the component Java Security Manager. The manipulation as part of a Request leads to a privilege...
Auteur: VulDB

Kibana up to 5.6.12/6.4.2 Console Plugin Request Command privilege escalation

A vulnerability, which was classified as critical, was found in Kibana up to 5.6.12/6.4.2. This affects a function of the component Console Plugin. The manipulation as part of a Request leads to a privilege escalation vulnerability (Command)....
Auteur: VulDB

Kibana up to 4.6/5.6.12/6.4.2 PDF Report Generator Plaintext weak encryption

A vulnerability, which was classified as critical, has been found in Kibana up to 4.6/5.6.12/6.4.2. Affected by this issue is some functionality of the component PDF Report Generator. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Elasticsearch Security 6.4.0/6.4.1/6.4.2 Active Directory Request Header privilege escalation

A vulnerability classified as critical was found in Elasticsearch Security 6.4.0/6.4.1/6.4.2. Affected by this vulnerability is the functionality of the component Active Directory Handler. The manipulation as part of a Request Header leads to a...
Auteur: VulDB

IBM DataPower Gateways up to 7.7 File System denial of service

A vulnerability classified as problematic has been found in IBM DataPower Gateways up to 7.7. Affected is an unknown function of the component File System. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is...
Auteur: VulDB

Kirby 2.5.12 Password Recovery Host Header Injection privilege escalation

A vulnerability was found in Kirby 2.5.12. It has been rated as critical. This issue affects some processing of the component Password Recovery. The manipulation as part of a Host Header leads to a privilege escalation vulnerability (Injection)....
Auteur: VulDB

IBM DataPower Gateways 7.5/7.5.1/7.5.2/7.6 cross site request forgery

A vulnerability was found in IBM DataPower Gateways 7.5/7.5.1/7.5.2/7.6. It has been declared as problematic. This vulnerability affects a code block. The manipulation with an unknown input leads to a cross site request forgery vulnerability....
Auteur: VulDB

Logitech Harmony Hub up to 4.15 HTTP Request command injection

A vulnerability was found in Logitech Harmony Hub up to 4.15. It has been classified as critical. This affects code. The manipulation as part of a HTTP Request leads to a privilege escalation vulnerability (Command Injection). CWE is classifying...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 OS Command Injection privilege escalation

A vulnerability was found in Logitech Harmony Hub up to 4.15 and classified as critical. Affected by this issue is a part. The manipulation with an unknown input leads to a privilege escalation vulnerability (OS Command Injection). Using CWE to...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 XMPP Server Request weak authentication

A vulnerability has been found in Logitech Harmony Hub up to 4.15 and classified as critical. Affected by this vulnerability is a functionality of the component XMPP Server. The manipulation as part of a Request leads to a weak authentication...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 XMPP Server Default Credentials weak authentication

A vulnerability, which was classified as critical, was found in Logitech Harmony Hub up to 4.15. Affected is a function of the component XMPP Server. The manipulation with an unknown input leads to a weak authentication vulnerability (Default...
Auteur: VulDB

UBER : sanction de 400.000€ pour une atteinte à la sécurité des données des utilisateurs

La formation restreinte de la CNIL a prononcé une sanction de 400.000 euros à l’encontre de la société UBER pour avoir insuffisamment sécurisé les données des utilisateurs de son service de VTC.
Auteur: Cnil

VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application...
Auteur: US Cert

Microsoft Releases Security Updates

Original release date: December 19, 2018 Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system.The National...
Auteur: US Cert

CERTFR-2018-AVI-604 : Vulnérabilité dans VMware vRealize Operations (19 décembre 2018)

Une vulnérabilité a été découverte dans VMware vRealize Operations. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

Bosch Smart Home Camera up to 6.52.3 Network Interface memory corruption

A vulnerability was found in Bosch Smart Home Camera up to 6.52.3. It has been classified as critical. Affected is an unknown function of the component Network Interface. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

PSPP 1.2.0 pspp-dump-sav.c read_bytes_internal memory corruption

A vulnerability, which was classified as critical, was found in PSPP 1.2.0. This affects the function read_bytes_internal of the file utilities/pspp-dump-sav.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

SubSonic 6.1.5 internetRadioSettings.view streamUrl cross site request forgery

A vulnerability, which was classified as problematic, has been found in SubSonic 6.1.5. Affected by this issue is an unknown function of the file internetRadioSettings.view. The manipulation of the argument streamUrl with an unknown input leads...
Auteur: VulDB

RDF4j 2.4.2 ZIP Archive directory traversal

A vulnerability classified as critical was found in RDF4j 2.4.2. Affected by this vulnerability is an unknown function. The manipulation as part of a ZIP Archive leads to a directory traversal vulnerability. The CWE definition for the...
Auteur: VulDB

LibVNC Client NULL Pointer Dereference denial of service

A vulnerability classified as problematic has been found in LibVNC (version unknown). Affected is an unknown function of the component Client. The manipulation with an unknown input leads to a denial of service vulnerability (NULL Pointer...
Auteur: VulDB

LibVNC Client Stack-based memory corruption

A vulnerability was found in LibVNC (unknown version). It has been rated as critical. This issue affects an unknown function of the component Client. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

LibVNC Client Stack-based memory corruption

A vulnerability was found in LibVNC (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component Client. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB
First1024102510261027102810291030103110321033Last

Événements SSI