Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Mozilla Thunderbird up to 61.x Mozilla Updater MAR File Out-of-Bounds memory corruption

A vulnerability was found in Mozilla Thunderbird up to 61.x. It has been declared as critical. This vulnerability affects an unknown function of the component Mozilla Updater. The manipulation as part of a MAR File leads to a memory corruption...
Auteur: VulDB

Mozilla Firefox/Thunderbird IndexDB Index Delete Use-After-Free memory corruption

A vulnerability was found in Mozilla Firefox and Thunderbird (the affected version is unknown). It has been classified as critical. This affects an unknown function of the component IndexDB Index Delete Handler. The manipulation with an unknown...
Auteur: VulDB

Mozilla Thunderbird up to 61.x Refresh Driver Timer Use-After-Free memory corruption

A vulnerability was found in Mozilla Thunderbird up to 61.x and classified as critical. Affected by this issue is an unknown function of the component Refresh Driver Timer. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Mozilla Firefox up to 61.x memory corruption [CVE-2018-12376]

A vulnerability has been found in Mozilla Firefox up to 61.x and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition...
Auteur: VulDB

Mozilla Firefox up to 61.x memory corruption [CVE-2018-12375]

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 61.x. Affected is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Mozilla Thunderbird up to 52.8 Text Input Enter Key Leak weak encryption

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 52.8. This issue affects an unknown function of the component Text Input. The manipulation as part of a Enter Key leads to a weak encryption...
Auteur: VulDB

Mozilla Thunderbird up to 52.8 SMIME Leak weak encryption

A vulnerability classified as critical was found in Mozilla Thunderbird up to 52.8. This vulnerability affects an unknown function of the component SMIME Handler. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

Mozilla Thunderbird up to 52.8 SMIME Message Leak weak encryption

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 52.8. This affects an unknown function of the component SMIME Message Handler. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

Dell EMC Secure Remote Services up to 3.32.00.07 Password Storage Configuration File Credentials weak encryption

A vulnerability was found in Dell EMC Secure Remote Services up to 3.32.00.07. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Password Storage. The manipulation as part of a...
Auteur: VulDB

Mozilla Firefox up to 49.x DOM windows.create ReplaceOrInsertBefore memory corruption

A vulnerability was found in Mozilla Firefox up to 49.x. It has been classified as critical. Affected is the function nsINode::ReplaceOrInsertBefore of the file windows.create of the component DOM Handler. The manipulation with an unknown input...
Auteur: VulDB

PHPSHE 1.7 admin.php dbname directory traversal

A vulnerability was found in PHPSHE 1.7. It has been rated as critical. This issue affects an unknown function of the file admin.php?mod=db&act=del. The manipulation of the argument dbname as part of a Parameter leads to a directory traversal...
Auteur: VulDB

GNU binutils 2.31 GNU libiberty cplus-dem.c get_count memory corruption

A vulnerability was found in GNU binutils 2.31. It has been classified as critical. This affects the function get_count of the file cplus-dem.c of the component GNU libiberty. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

LibreNMS up to 1.43 /ajax_form.php dashboard_name cross site scripting

A vulnerability, which was classified as problematic, has been found in LibreNMS up to 1.43. This issue affects an unknown function of the file /ajax_form.php. The manipulation of the argument dashboard_name as part of a Parameter leads to a...
Auteur: VulDB

IBM InfoSphere Information Server 11.7 Password Encryption information disclosure

A vulnerability was found in IBM InfoSphere Information Server 11.7. It has been classified as problematic. Affected is an unknown function of the component Password Encryption. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Dell EMC Secure Remote Services up to 3.32.00.07 File Permission Configuration File information disclosure

A vulnerability was found in Dell EMC Secure Remote Services up to 3.32.00.07. It has been rated as problematic. Affected by this issue is an unknown function of the component File Permission. The manipulation as part of a Configuration File...
Auteur: VulDB

koha up to 3.14.15/3.16.11/3.18.9/3.20.0 opac-tags_subject.pl Criteria sql injection

A vulnerability was found in koha up to 3.14.15/3.16.11/3.18.9/3.20.0 and classified as critical. This issue affects an unknown function of the file opac-tags_subject.pl. The manipulation of the argument Criteria as part of a Parameter leads to...
Auteur: VulDB

koha up to 3.14.15/3.16.11/3.18.9/3.20.0 search template_path directory traversal

A vulnerability has been found in koha up to 3.14.15/3.16.11/3.18.9/3.20.0 and classified as critical. This vulnerability affects an unknown function of the file svc/virtualshelves/search. The manipulation of the argument template_path with the...
Auteur: VulDB

Cisco Releases Security Updates

Original release date: October 17, 2018 Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

CERTFR-2018-AVI-499 : Vulnérabilité dans la bibliothèque libssh (17 octobre 2018)

Une vulnérabilité a été découverte dans la bibliothèque libssh côté serveur. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2018-AVI-498 : Multiples vulnérabilités dans Oracle MySQL (17 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2018-AVI-497 : Multiples vulnérabilités dans Oracle Virtualization (17 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2018-AVI-496 : Multiples vulnérabilités dans Oracle Sun Systems (17 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2018-AVI-495 : Multiples vulnérabilités dans Oracle Java SE (17 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2018-AVI-494 : Multiples vulnérabilités dans Oracle Database (17 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Oracle Database. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2018-AVI-493 : Vulnérabilité dans VMware ESXi, Workstation et Fusion (17 octobre 2018)

Une vulnérabilité a été découverte dans VMware ESXi, Workstation et Fusion. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR
First1366136713681369137013711372137313741375Last

Événements SSI