lundi 14 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SAP SQL Anywhere/IQ/Dynamic Tier privilege escalation [CVE-2019-0381]

A vulnerability was found in SAP SQL Anywhere, IQ and Dynamic Tier (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

SAP Landscape Management up to 2.x Log information disclosure

A vulnerability was found in SAP Landscape Management up to 2.x. It has been classified as problematic. Affected is some unknown processing of the component Log Handler. Upgrading to version 3.0 eliminates this vulnerability.
Auteur: VulDB

SAP NetWeaver Process Integration prior 1.0/2.0 weak authentication

A vulnerability was found in SAP NetWeaver Process Integration and classified as critical. This issue affects an unknown code block. Upgrading to version 1.0 or 2.0 eliminates this vulnerability.
Auteur: VulDB

SAP Business Intelligence Platform up to 4.1 Background Image File Name Stored cross site scripting

A vulnerability has been found in SAP Business Intelligence Platform up to 4.1 and classified as problematic. This vulnerability affects an unknown code of the component Background Image Handler. Upgrading to version 4.2 eliminates this...
Auteur: VulDB

SAP Business Intelligence Platform up to 4.1 Input Control Stored cross site scripting

A vulnerability, which was classified as problematic, was found in SAP Business Intelligence Platform up to 4.1 (Business Process Management Software). This affects an unknown part of the component Input Control Handler. Upgrading to version 4.2...
Auteur: VulDB

SAP Business Intelligence Platform up to 4.1 Publication Name Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in SAP Business Intelligence Platform up to 4.1 (Business Process Management Software). Affected by this issue is some unknown functionality of the component Publication Name...
Auteur: VulDB

SAP Business Intelligence Platform up to 4.1 Export Dialog Box Reflected cross site scripting

A vulnerability classified as problematic was found in SAP Business Intelligence Platform up to 4.1 (Business Process Management Software). Affected by this vulnerability is an unknown functionality of the component Export Dialog Box. Upgrading...
Auteur: VulDB

SAP Business Intelligence Platform up to 4.1 Chart Title Reflected cross site scripting

A vulnerability classified as problematic has been found in SAP Business Intelligence Platform up to 4.1 (Business Process Management Software). Affected is an unknown function of the component Chart Title Handler. Upgrading to version 4.2 or 4.3...
Auteur: VulDB

SAP Financial Consolidation up to 9.x Xpath privilege escalation

A vulnerability was found in SAP Financial Consolidation up to 9.x (Financial Software). It has been rated as critical. This issue affects some unknown processing. Upgrading to version 10.0 or 10.1 eliminates this vulnerability.
Auteur: VulDB

SAP Financial Consolidation up to 9.x Reflected cross site scripting

A vulnerability was found in SAP Financial Consolidation up to 9.x. It has been declared as problematic. This vulnerability affects an unknown code block. Upgrading to version 10.0 or 10.1 eliminates this vulnerability.
Auteur: VulDB

SAP Customer Relationship Management prior 1.0 cross site scripting

A vulnerability was found in SAP Customer Relationship Management. It has been classified as problematic. This affects an unknown code. Upgrading to version 1.0 eliminates this vulnerability.
Auteur: VulDB

SAP NetWeaver Process Integration prior 1.0/2.0 Authorization privilege escalation

A vulnerability was found in SAP NetWeaver Process Integration and classified as critical. Affected by this issue is an unknown part of the component Authorization. Upgrading to version 1.0 or 2.0 eliminates this vulnerability.
Auteur: VulDB

Centreon VM up to 19.04.3 Configuration File centreon-backup.pl privilege escalation

A vulnerability has been found in Centreon VM up to 19.04.3 and classified as critical. Affected by this vulnerability is some unknown functionality of the file centreon-backup.pl of the component Configuration File. There is no information about...
Auteur: VulDB

Centreon Web up to 2.8.26 licenseUpload.php POST Request privilege escalation

A vulnerability, which was classified as critical, was found in Centreon Web up to 2.8.26. Affected is an unknown functionality of the file licenseUpload.php. Upgrading to version 2.8.27 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.27 getStats.php ns_id privilege escalation

A vulnerability, which was classified as critical, has been found in Centreon Web up to 2.8.27. This issue affects an unknown function of the file getStats.php. Upgrading to version 2.8.28 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.27 makeXML_ListServices.php host_id sql injection

A vulnerability classified as critical was found in Centreon Web up to 2.8.27. This vulnerability affects some unknown processing of the file makeXML_ListServices.php. Upgrading to version 2.8.28 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.26 img_gantt.php host_id sql injection

A vulnerability classified as critical has been found in Centreon Web up to 2.8.26. This affects an unknown code block of the file img_gantt.php. Upgrading to version 2.8.27 eliminates this vulnerability.
Auteur: VulDB

Centreon Web up to 2.8.26 weak authentication [CVE-2018-21020]

A vulnerability was found in Centreon Web up to 2.8.26. It has been rated as critical. Affected by this issue is an unknown code. Upgrading to version 2.8.27 eliminates this vulnerability.
Auteur: VulDB

VU#719689: Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

The Cobham EXPLORER 710 is a portable satellite terminal used to provide satellite telecommunications and internet access. For consistency,“device” mentioned in the following section is defined as the Cobham EXPLORER 710. The affected firmware...
Auteur: US Cert

CERTFR-2019-AVI-499 : Multiples vulnérabilités dans les produits Microsoft (09 octobre 2019)

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.
Auteur: Cert FR

CERTFR-2019-AVI-498 : Multiples vulnérabilités dans Microsoft Windows (09 octobre 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une...
Auteur: Cert FR

CERTFR-2019-AVI-497 : Multiples vulnérabilités dans Microsoft Office (09 octobre 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Auteur: Cert FR

CERTFR-2019-AVI-496 : Multiples vulnérabilités dans Microsoft Edge (09 octobre 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.
Auteur: Cert FR

CERTFR-2019-AVI-495 : Multiples vulnérabilités dans Microsoft IE (09 octobre 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft IE. Elles permettent à un attaquant de provoquer une exécution de code à distance et une usurpation d'identité.

Auteur: Cert FR

Dell Encryption Enterprise Installer Search Path privilege escalation

A vulnerability was found in Dell Encryption Enterprise and Endpoint Security Suite Enterprise (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part of the component Installer. Upgrading...
Auteur: VulDB
First891011121314151617Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS