vendredi 3 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

NoMachine up to 5.3.26 wintab32.dll privilege escalation

A vulnerability, which was classified as problematic, was found in NoMachine up to 5.3.26. This affects an unknown function in the library wintab32.dll. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

Artifex Ghostscript up to 9.25 Sandbox Protection Mechanism privilege escalation

A vulnerability, which was classified as critical, has been found in Artifex Ghostscript up to 9.25. Affected by this issue is an unknown function of the component Sandbox Protection Mechanism. The manipulation with an unknown input leads to a...
Auteur: VulDB

Teltonika RUT9XX up to 00.04 Serial Interface privilege escalation

A vulnerability classified as critical was found in Teltonika RUT9XX up to 00.04. Affected by this vulnerability is an unknown function of the component Serial Interface. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Teltonika RUT9XX up to 00.05.01.0 hotspotlogin.cgi cross site scripting

A vulnerability classified as problematic has been found in Teltonika RUT9XX up to 00.05.01.0. Affected is an unknown function of the file hotspotlogin.cgi. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

Teltonika RUT9XX up to 00.04 autologin.cgi command injection

A vulnerability was found in Teltonika RUT9XX up to 00.04. It has been rated as critical. This issue affects an unknown function of the file autologin.cgi. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

IBM Security Key Lifecycle Manager 2.5/2.6/2.7/3.0 XML Data XML External Entity

A vulnerability was found in IBM Security Key Lifecycle Manager 2.5/2.6/2.7/3.0. It has been declared as critical. This vulnerability affects an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

IBM Security Key Lifecycle Manager 2.5/2.6/2.7/3.0 Request directory traversal

A vulnerability was found in IBM Security Key Lifecycle Manager 2.5/2.6/2.7/3.0. It has been classified as critical. This affects an unknown function. The manipulation with the input value /../ leads to a directory traversal vulnerability. CWE...
Auteur: VulDB

Ivanti Workspace Control up to 10.3.9.x DataStore weak encryption

A vulnerability was found in Ivanti Workspace Control up to 10.3.9.x and classified as problematic. Affected by this issue is an unknown function of the component DataStore. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

Ivanti Workspace Control up to 10.3.9.x privilege escalation

A vulnerability has been found in Ivanti Workspace Control up to 10.3.9.x and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Ivanti Workspace Control up to 10.3.9.x Application Whitelisting privilege escalation

A vulnerability, which was classified as critical, was found in Ivanti Workspace Control up to 10.3.9.x. Affected is an unknown function of the component Application Whitelisting. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Ivanti Workspace Control up to 10.2.x privilege escalation [CVE-2018-15590]

A vulnerability, which was classified as critical, has been found in Ivanti Workspace Control up to 10.2.x. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE...
Auteur: VulDB

Agentejo Cockpit /media/api directory traversal

A vulnerability classified as critical was found in Agentejo Cockpit (the affected version is unknown). This vulnerability affects an unknown function of the file /media/api. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

Agentejo Cockpit cross site request forgery [CVE-2018-15539]

A vulnerability classified as problematic has been found in Agentejo Cockpit (the affected version is unknown). This affects an unknown function. The manipulation with an unknown input leads to a cross site request forgery vulnerability. CWE is...
Auteur: VulDB

Agentejo Cockpit cross site scripting [CVE-2018-15538]

A vulnerability was found in Agentejo Cockpit (the affected version is unknown). It has been rated as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

ClamAV up to 0.100.1 MEW Unpacker libclamav/mew.c unmew11() EXE File denial of service

A vulnerability was found in ClamAV up to 0.100.1. It has been declared as problematic. Affected by this vulnerability is the function unmew11() of the file libclamav/mew.c of the component MEW Unpacker. The manipulation as part of a EXE File...
Auteur: VulDB

Intel Graphics Drivers up to 10.18/20.19 Unified Shader Compiler Loop denial of service

A vulnerability was found in Intel Graphics Drivers up to 10.18/20.19. It has been classified as problematic. Affected is an unknown function of the component Unified Shader Compiler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

MoinMoin up to 1.9.9 GUI Editor cross site scripting

A vulnerability was found in MoinMoin up to 1.9.9 and classified as problematic. This issue affects an unknown function of the component GUI Editor. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE...
Auteur: VulDB

nc-cms up to 2017-03-10 HTML Source Editor index.php cross site scripting

A vulnerability classified as problematic has been found in nc-cms up to 2017-03-10. This affects an unknown function of the file index.php?action=edit_html&name=home_content of the component HTML Source Editor. The manipulation with an unknown...
Auteur: VulDB

Mesliat Zabbix Plugin up to 1.1.14 on Atlassian Confluence information disclosure

A vulnerability was found in Mesliat Zabbix Plugin up to 1.1.14 on Atlassian Confluence. It has been rated as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Asus RT-AC58U 3.0.0.4.380_6516 Advanced_ASUSDDNS_Content.asp cross site scripting

A vulnerability classified as problematic was found in Asus RT-AC58U 3.0.0.4.380_6516. This vulnerability affects an unknown function of the file Advanced_ASUSDDNS_Content.asp. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Asus RT-AC58U 3.0.0.4.380_6516 HTML Source Code Main_Login.asp dhcpLeaseInfo information disclosure

A vulnerability was found in Asus RT-AC58U 3.0.0.4.380_6516. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file Main_Login.asp of the component HTML Source Code. The manipulation of the...
Auteur: VulDB

MS-ISAC Releases Advisory on PHP Vulnerabilities

Original release date: October 12, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these...
Auteur: US Cert

CERTFR-2018-ACT-016 : Bulletin d’actualité CERTFR-2018-ACT-016 (12 octobre 2018)

Le 9 octobre 2018, Microsoft a publié ses mises à jour mensuelles de sécurité. Cinquante vulnérabilités ont été corrigées, parmi …
Auteur: Cert FR

CERTFR-2018-AVI-489 : Multiples vulnérabilités dans les produits Intel (12 octobre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-488 : Multiples vulnérabilités dans Wireshark (12 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service.

Auteur: Cert FR
First1222122312241225122612271228122912301231Last

Événements SSI