Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Logitech Harmony Hub up to 4.15 HTTP Request command injection

A vulnerability was found in Logitech Harmony Hub up to 4.15. It has been classified as critical. This affects code. The manipulation as part of a HTTP Request leads to a privilege escalation vulnerability (Command Injection). CWE is classifying...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 OS Command Injection privilege escalation

A vulnerability was found in Logitech Harmony Hub up to 4.15 and classified as critical. Affected by this issue is a part. The manipulation with an unknown input leads to a privilege escalation vulnerability (OS Command Injection). Using CWE to...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 XMPP Server Request weak authentication

A vulnerability has been found in Logitech Harmony Hub up to 4.15 and classified as critical. Affected by this vulnerability is a functionality of the component XMPP Server. The manipulation as part of a Request leads to a weak authentication...
Auteur: VulDB

Logitech Harmony Hub up to 4.15 XMPP Server Default Credentials weak authentication

A vulnerability, which was classified as critical, was found in Logitech Harmony Hub up to 4.15. Affected is a function of the component XMPP Server. The manipulation with an unknown input leads to a weak authentication vulnerability (Default...
Auteur: VulDB

UBER : sanction de 400.000€ pour une atteinte à la sécurité des données des utilisateurs

La formation restreinte de la CNIL a prononcé une sanction de 400.000 euros à l’encontre de la société UBER pour avoir insuffisamment sécurisé les données des utilisateurs de son service de VTC.
Auteur: Cnil

VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application...
Auteur: US Cert

Microsoft Releases Security Updates

Original release date: December 19, 2018 Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system.The National...
Auteur: US Cert

CERTFR-2018-AVI-604 : Vulnérabilité dans VMware vRealize Operations (19 décembre 2018)

Une vulnérabilité a été découverte dans VMware vRealize Operations. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

Bosch Smart Home Camera up to 6.52.3 Network Interface memory corruption

A vulnerability was found in Bosch Smart Home Camera up to 6.52.3. It has been classified as critical. Affected is an unknown function of the component Network Interface. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

PSPP 1.2.0 pspp-dump-sav.c read_bytes_internal memory corruption

A vulnerability, which was classified as critical, was found in PSPP 1.2.0. This affects the function read_bytes_internal of the file utilities/pspp-dump-sav.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

SubSonic 6.1.5 internetRadioSettings.view streamUrl cross site request forgery

A vulnerability, which was classified as problematic, has been found in SubSonic 6.1.5. Affected by this issue is an unknown function of the file internetRadioSettings.view. The manipulation of the argument streamUrl with an unknown input leads...
Auteur: VulDB

RDF4j 2.4.2 ZIP Archive directory traversal

A vulnerability classified as critical was found in RDF4j 2.4.2. Affected by this vulnerability is an unknown function. The manipulation as part of a ZIP Archive leads to a directory traversal vulnerability. The CWE definition for the...
Auteur: VulDB

LibVNC Client NULL Pointer Dereference denial of service

A vulnerability classified as problematic has been found in LibVNC (version unknown). Affected is an unknown function of the component Client. The manipulation with an unknown input leads to a denial of service vulnerability (NULL Pointer...
Auteur: VulDB

LibVNC Client Stack-based memory corruption

A vulnerability was found in LibVNC (unknown version). It has been rated as critical. This issue affects an unknown function of the component Client. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

LibVNC Client Stack-based memory corruption

A vulnerability was found in LibVNC (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component Client. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

LibVNC Client Loop denial of service

A vulnerability was found in LibVNC (the affected version unknown). It has been classified as problematic. This affects an unknown function of the component Client. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

LibVNC Heap-based memory corruption [CVE-2018-20020]

A vulnerability was found in LibVNC (affected version not known) and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). Using CWE...
Auteur: VulDB

LibVNC Heap-based memory corruption [CVE-2018-20019]

A vulnerability has been found in LibVNC (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Statamic 2.10.3 Add New /users First Name/Last Name cross site scripting

A vulnerability, which was classified as problematic, was found in Statamic 2.10.3. Affected is an unknown function of the file /users of the component Add New Handler. The manipulation of the argument First Name/Last Name as part of a Request...
Auteur: VulDB

CMS Made Simple 2.2.8 File Upload SVG Document cross site scripting

A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.8. This issue affects an unknown function of the component File Upload. The manipulation as part of a SVG Document leads to a cross site scripting...
Auteur: VulDB

Zurmo 3.2.4 Report HTML Injection cross site scripting

A vulnerability classified as problematic was found in Zurmo 3.2.4. This vulnerability affects an unknown function of the component Report Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability (HTML...
Auteur: VulDB

cmsimple 4.7.5 File Upload SVG File cross site scripting

A vulnerability classified as problematic has been found in cmsimple 4.7.5. This affects an unknown function of the file ?userfiles&subdir=userfiles/images/flags/ of the component File Upload. The manipulation as part of a SVG File leads to a...
Auteur: VulDB

cmsimple 4.7.5 ?file=config&action=array cross site scripting

A vulnerability was found in cmsimple 4.7.5. It has been rated as problematic. Affected by this issue is an unknown function of the file ?file=config&action=array. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Zurmo 3.2.4 Reports details name cross site scripting

A vulnerability was found in Zurmo 3.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file app/index.php/reports/default/details?id=1 of the component Reports Handler. The manipulation of the...
Auteur: VulDB

Advantech WebAccess SCADA 8.3.2 on Windows 2008 Stack-based memory corruption

A vulnerability was found in Advantech WebAccess SCADA 8.3.2 on Windows 2008. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based)....
Auteur: VulDB
First1726172717281729173017311732173317341735Last

Événements SSI