Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Juniper Junos Space up to 18.2 Image File privilege escalation

A vulnerability classified as critical was found in Juniper Junos Space up to 18.2. This vulnerability affects the functionality of the component Image File Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Juniper Junos Space up to 18.2 Ajax denial of service

A vulnerability classified as problematic has been found in Juniper Junos Space up to 18.2. This affects an unknown function of the component Ajax Handler. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is...
Auteur: VulDB

Juniper Junos OS on SRX VPN privilege escalation

A vulnerability was found in Juniper Junos OS on SRX (affected version not known). It has been rated as critical. Affected by this issue is some processing of the component VPN Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Juniper Junos OS on QFX/PTX J-Flow Sampling Malformed Packet Crash denial of service

A vulnerability was found in Juniper Junos OS on QFX/PTX (affected version unknown). It has been declared as problematic. Affected by this vulnerability is a code block of the component J-Flow Sampling. The manipulation as part of a Malformed...
Auteur: VulDB

Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure

A vulnerability has been found in Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 and classified as problematic. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to...
Auteur: VulDB

Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting

A vulnerability, which was classified as problematic, was found in Microsoft Team Foundation Server 2018 Update 3.2. Affected is a function. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying...
Auteur: VulDB

Microsoft Skype for Business 2015 CU 8 Request cross site scripting

A vulnerability, which was classified as critical, has been found in Microsoft Skype for Business 2015 CU 8. This issue affects some functionality. The manipulation as part of a Request leads to a cross site scripting vulnerability. Using CWE to...
Auteur: VulDB

CERTFR-2019-ACT-002 : Bulletin d’actualité CERTFR-2019-ACT-002 (14 janvier 2019)

Le 8 janvier 2019, Microsoft a publié ses mises à jour mensuelles de sécurité. Cinquante vulnérabilités ont été corrigées, parmi …
Auteur: Cert FR

CERTFR-2019-AVI-018 : Multiples vulnérabilités dans les produits IBM (14 janvier 2019)

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2019-AVI-017 : Multiples vulnérabilités dans Fortinet FortiOS et FortiClient (14 janvier 2019)

De multiples vulnérabilités ont été découvertes dans Fortinet FortiOS et FortiClient. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

elFinder up to 2.1.45 php/elFinder.class.php get_remote_contents() cross site request forgery

A vulnerability was found in elFinder up to 2.1.45. It has been rated as problematic. This issue affects the function get_remote_contents() of the file php/elFinder.class.php. The manipulation with an unknown input leads to a cross site request...
Auteur: VulDB

LIVE555 Streaming Media 0.93 RTSPServer GroupsockHelper.cpp handleHTTPCmd_TunnelingPOST denial of service

A vulnerability was found in LIVE555 Streaming Media 0.93. It has been declared as problematic. This vulnerability affects the function handleHTTPCmd_TunnelingPOST of the file GroupsockHelper.cpp of the component RTSPServer. The manipulation ...
Auteur: VulDB

GNOME Web up to 3.31.4 JavaScript embed/ephy-web-view.c spoofing

A vulnerability was found in GNOME Web up to 3.31.4. It has been classified as critical. This affects code of the file embed/ephy-web-view.c of the component JavaScript Handler. The manipulation with an unknown input leads to a spoofing...
Auteur: VulDB

idreamsoft iCMS 7.0.13 article.admincp.php data_id sql injection

A vulnerability, which was classified as critical, was found in idreamsoft iCMS 7.0.13. This affects a function of the file app/article/article.admincp.php. The manipulation of the argument data_id as part of a Parameter leads to a sql injection...
Auteur: VulDB

IBM Security Identity Manager 6.0.0 Upload Malicious privilege escalation

A vulnerability, which was classified as critical, has been found in IBM Security Identity Manager 6.0.0. Affected by this issue is some functionality of the component Upload Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

IBM Security Identity Manager 6.0.0 Web UI cross site scripting

A vulnerability classified as problematic was found in IBM Security Identity Manager 6.0.0. Affected by this vulnerability is the functionality of the component Web UI. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

IBM Security Identity Manager 6.0.0 Password Policy privilege escalation

A vulnerability classified as problematic has been found in IBM Security Identity Manager 6.0.0. Affected is an unknown function of the component Password Policy. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

LibSass 3.5.5 prelexer.hpp skip_over_scopes memory corruption

A vulnerability, which was classified as critical, was found in LibSass 3.5.5. Affected is the function Sass::Prelexer::skip_over_scopes of the file prelexer.hpp. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

LibSass 3.5.5 prelexer.hpp alternatives memory corruption

A vulnerability classified as critical was found in LibSass 3.5.5. This vulnerability affects the function Sass::Prelexer::alternatives of the file prelexer.hpp. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

LibSass 3.5.5 prelexer.hpp parenthese_scope memory corruption

A vulnerability classified as critical has been found in LibSass 3.5.5. This affects the function Sass::Prelexer::parenthese_scope of the file prelexer.hpp. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

JPress 1.0.4 Markdown cross site scripting

A vulnerability was found in JPress 1.0.4. It has been rated as problematic. Affected by this issue is some processing. The manipulation as part of a Markdown leads to a cross site scripting vulnerability. Using CWE to declare the problem leads...
Auteur: VulDB

systemd up to v236 PIDFile File denial of service

A vulnerability was found in systemd up to v236 and classified as problematic. This issue affects a part of the component PIDFile File Handler. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to...
Auteur: VulDB

yaml-cpp 0.6.2 YAML File HandleFlowSequence denial of service

A vulnerability, which was classified as problematic, has been found in yaml-cpp 0.6.2. This issue affects the function SingleDocParser::HandleFlowSequence of the component YAML File Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

etcd up to 3.2.25/3.3.10 Role-Based Access Control TLS Certificate weak authentication

A vulnerability has been found in etcd up to 3.2.25/3.3.10 and classified as critical. This vulnerability affects a functionality of the component Role-Based Access Control. The manipulation as part of a TLS Certificate leads to a weak...
Auteur: VulDB

PHP Scripts Mall Citysearch Clone Script 2.0.1 restaurants-details.php srch cross site scripting

A vulnerability, which was classified as problematic, has been found in PHP Scripts Mall Citysearch Clone Script, Hotfrog Clone Script and Gelbeseiten Clone Script 2.0.1. This issue affects some functionality of the file restaurants-details.php....
Auteur: VulDB
First1725172617271728172917301731173217331734Last

Événements SSI