Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2018-AVI-459 : Multiples vulnérabilités dans le noyau Linux de SUSE (27 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la...
Auteur: Cert FR

CERTFR-2018-AVI-458 : Multiples vulnérabilités dans les produits Cisco (27 septembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.

Auteur: Cert FR

ALLIANCE FRANCAISE PARIS ÎLE DE FRANCE : sanction de 30.000€ pour une atteinte à la sécurité des données des utilisateurs

La formation restreinte de la CNIL a prononcé une sanction de 30.000 euros à l’encontre de l’association ALLIANCE FRANCAISE PARIS ÎLE-DE-FRANCE pour avoir insuffisamment sécurisé les données des personnes suivant les cours de français qu’elle...
Auteur: Cnil

HPE Intelligent Management Center up to 7.2 Remote Code Execution

A vulnerability classified as critical was found in HPE Intelligent Management Center up to 7.2. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

HPE Intelligent Management Center up to 7.2 Remote Code Execution

A vulnerability classified as critical has been found in HPE Intelligent Management Center up to 7.2. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is...
Auteur: VulDB

HPE Intelligent Management Center PLAT E0506P09 createFabricAutoCfgFile directory traversal

A vulnerability was found in HPE Intelligent Management Center PLAT E0506P09. It has been rated as critical. This issue affects the function createFabricAutoCfgFile. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

HPE iLO 4/iLO 5 denial of service [CVE-2018-7101]

A vulnerability was found in HPE iLO 4 and iLO 5 (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

IBM WebSphere Portal 8.0/8.5/9.0 Web UI cross site scripting

A vulnerability was found in IBM WebSphere Portal 8.0/8.5/9.0. It has been classified as problematic. This affects an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting

A vulnerability was found in IBM WebSphere Portal 7.0/8.0/8.5/9.0. It has been rated as problematic. This issue affects an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

IBM WebSphere Portal 7.0/8.0/8.5/9.0 Web UI cross site scripting

A vulnerability has been found in IBM WebSphere Portal 7.0/8.0/8.5/9.0 and classified as problematic. Affected by this vulnerability is an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Delta Electronics Delta Industrial Automation PMSoft up to 2.11 Out-of-Bounds memory corruption

A vulnerability was found in Delta Electronics Delta Industrial Automation PMSoft up to 2.11. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

IBM WebSphere Portal 7.0/8.0/8.5/9.0 Open Redirect [CVE-2018-1736]

A vulnerability classified as critical has been found in IBM WebSphere Portal 7.0/8.0/8.5/9.0. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Redirect). CWE is classifying...
Auteur: VulDB

Avaya Aura Communication Manager up to 6.3.x/7.1.3.0 Local System Administration privilege escalation

A vulnerability classified as critical has been found in Avaya Aura Communication Manager up to 6.3.x/7.1.3.0. This affects an unknown function of the component Local System Administration. The manipulation with an unknown input leads to a...
Auteur: VulDB

sos-collector Permission /var/tmp privilege escalation

A vulnerability was found in sos-collector (the affected version is unknown) and classified as problematic. This issue affects an unknown function of the file /var/tmp of the component Permission. The manipulation with an unknown input leads to...
Auteur: VulDB

HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1 sql injection

A vulnerability has been found in HPE Device Entitlement Gateway 3.2.4/3.3/3.3.1 and classified as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a sql injection vulnerability. The CWE...
Auteur: VulDB

HPE iLO 4/iLO 5 information disclosure [CVE-2018-7106]

A vulnerability, which was classified as problematic, was found in HPE iLO 4 and iLO 5 (the affected version is unknown). This affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

HPE iLO 4/iLO 5 privilege escalation [CVE-2018-7105]

A vulnerability, which was classified as critical, has been found in HPE iLO 4 and iLO 5 (the affected version is unknown). Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

HPE enhanced Internet Usage Manager 9.0FP1 privilege escalation

A vulnerability was found in HPE enhanced Internet Usage Manager 9.0FP1. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

HPE StorageWorks XP7 Automation Director up to 8.6.0 weak authentication

A vulnerability was found in HPE StorageWorks XP7 Automation Director up to 8.6.0 and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a weak authentication vulnerability. Using CWE...
Auteur: VulDB

Cisco Releases Security Updates for Multiple Products

Original release date: September 26, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Vulnerability Note VU#581311 TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks Original Release date: 26 Sep 2018 | Last revised: 26 Sep 2018 Overview The TP-LINK EAP Controller is...
Auteur: US Cert

CERTFR-2018-AVI-457 : Multiples vulnérabilités dans le noyau linux de RedHat (26 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau linux de RedHat. Elles permettent à un attaquant de provoquer un déni de service, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-456 : Multiples vulnérabilités dans le noyau Linux de SUSE (26 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des...
Auteur: Cert FR

Montres connectées pour enfants : quels enjeux pour leur vie privée ?

Souvent présentée comme une alternative aux smartphones, la montre connectée pour enfants figure parmi les tendances émergentes de cette rentrée 2018. La CNIL rappelle les points de vigilance concernant la vie privée des enfants. 
Auteur: Cnil

e108 2.1.9 wmessage.php cross site request forgery

A vulnerability was found in e108 2.1.9. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id. The manipulation with an unknown input...
Auteur: VulDB
First1311131213131314131513161317131813191320Last

Événements SSI