Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CubeCart 6.2.2 /{ADMIN-FILE}/ Query String cross site scripting

A vulnerability, which was classified as problematic, was found in CubeCart 6.2.2. Affected is a function of the file /{ADMIN-FILE}/. The manipulation as part of a Query String leads to a cross site scripting vulnerability (Reflected). CWE is...
Auteur: VulDB

Docker up to 18.08 dockerd daemon/daemon_unix.go denial of service

A vulnerability was found in Docker up to 18.08 and classified as problematic. This issue affects a part of the file daemon/daemon_unix.go of the component dockerd. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

UsualToolCMS 8.0 a_sqlbackx.php cross site request forgery

A vulnerability classified as problematic was found in UsualToolCMS 8.0. This vulnerability affects the functionality of the file cmsadmin/a_sqlbackx.php?t=sql. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Frog CMS 0.9.5 Forgot Password /admin/ cross site scripting

A vulnerability classified as problematic has been found in Frog CMS 0.9.5. This affects an unknown function of the file /admin/?/login/forgot of the component Forgot Password. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Pivotal Concourse up to 4.2.1 Token information disclosure

A vulnerability was found in Pivotal Concourse up to 4.2.1 and classified as problematic. Affected by this issue is a part of the component Token Handler. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

CERTFR-2019-AVI-016 : Multiples vulnérabilités dans PHP (11 janvier 2019)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-015 : Vulnérabilité dans Symantec Reporter (11 janvier 2019)

Une vulnérabilité a été découverte dans Symantec Reporter. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

systemd-journald up to v239 Log Message Out-of-Bounds memory corruption

A vulnerability has been found in systemd-journald up to v239 and classified as critical. This vulnerability affects a functionality of the component Log Message Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

systemd-journald up to v240 Socket Stack-based memory corruption

A vulnerability, which was classified as critical, was found in systemd-journald up to v240. This affects a function of the component Socket Handler. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

systemd-journald up to v240 Command Line Stack-based memory corruption

A vulnerability, which was classified as critical, has been found in systemd-journald up to v240. Affected by this issue is some functionality of the component Command Line. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Cisco TelePresence Management Suite Web-based Management Interface cross site scripting

A vulnerability classified as problematic was found in Cisco TelePresence Management Suite (affected version unknown). Affected by this vulnerability is the functionality of the component Web-based Management Interface. The manipulation with an...
Auteur: VulDB

Cisco Policy Suite Policy and Charging Rules Function privilege escalation

A vulnerability classified as critical has been found in Cisco Policy Suite (version unknown). Affected is an unknown function of the component Policy and Charging Rules Function. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Cisco ASR 900 Broadcast denial of service [CVE-2018-15464]

A vulnerability was found in Cisco ASR 900 (unknown version). It has been rated as problematic. This issue affects some processing. The manipulation as part of a Broadcast leads to a denial of service vulnerability. Using CWE to declare the...
Auteur: VulDB

libIEC61850 1.3.1 hal/memory/lib_memory.c denial of service

A vulnerability was found in libIEC61850 1.3.1. It has been rated as problematic. Affected by this issue is some processing in the library hal/memory/lib_memory.c. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

lib60870 2.1.1 link_layer/link_layer.c LinkLayer_setAddress denial of service

A vulnerability was found in lib60870 2.1.1. It has been declared as problematic. Affected by this vulnerability is the function LinkLayer_setAddress of the file link_layer/link_layer.c. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

libIEC61850 1.3.1 ethernet_linux.c Ethernet_setProtocolFilter memory corruption

A vulnerability was found in libIEC61850 1.3.1. It has been classified as critical. Affected is the function Ethernet_setProtocolFilter of the file hal/ethernet/linux/ethernet_linux.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

libIEC61850 1.3.1 hal/memory/lib_memory.c Asn1PrimitiveValue_create denial of service

A vulnerability was found in libIEC61850 1.3.1 and classified as problematic. This issue affects the function Asn1PrimitiveValue_create in the library hal/memory/lib_memory.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

PolicyKit 0.115 Protection Mechanism polkitbackendinteractiveauthority.c fork() privilege escalation

A vulnerability has been found in PolicyKit 0.115 and classified as critical. This vulnerability affects the function fork() of the file polkitbackend/polkitbackendinteractiveauthority.c of the component Protection Mechanism. The manipulation ...
Auteur: VulDB

Bento4 1.5.1-627 Ap4DescriptorFactory.cpp CreateDescriptorFromStream denial of service

A vulnerability, which was classified as problematic, was found in Bento4 1.5.1-627. This affects the function AP4_DescriptorFactory::CreateDescriptorFromStream of the file Core/Ap4DescriptorFactory.cpp. The manipulation with an unknown input...
Auteur: VulDB

Artifectx MuPDF 1.14.0 svg-run.c svg_run_use_symbol/svg_run_element/svg_run_use denial of service

A vulnerability, which was classified as problematic, has been found in Artifectx MuPDF 1.14.0. Affected by this issue is the function svg_run_use_symbol/svg_run_element/svg_run_use of the file svg-run.c. The manipulation with an unknown input...
Auteur: VulDB

Artifex MuPDF 1.14.0 fitz/document.c fz_load_page memory corruption

A vulnerability classified as critical was found in Artifex MuPDF 1.14.0. Affected by this vulnerability is the function fz_load_page of the file fitz/document.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

libpng 1.6.36 png.c png_create_info_struct denial of service

A vulnerability classified as problematic has been found in libpng 1.6.36. Affected is the function png_create_info_struct of the file png.c. The manipulation with an unknown input leads to a denial of service vulnerability (Memory Leak). CWE is...
Auteur: VulDB

LibTIFF 4.0.10 tif_unix.c TIFFFdOpen denial of service

A vulnerability was found in LibTIFF 4.0.10. It has been rated as problematic. This issue affects the function TIFFFdOpen of the file tif_unix.c. The manipulation with an unknown input leads to a denial of service vulnerability (Memory Leak)....
Auteur: VulDB

XiaoCms 20141229 index.php table[] sql injection

A vulnerability was found in XiaoCms 20141229. It has been declared as critical. This vulnerability affects a code block of the file admin/index.php?c=database. The manipulation of the argument table[] with an unknown input leads to a sql...
Auteur: VulDB

PHP Scripts Mall Mall Advance Peer to Peer MLM Script 1.7.0 Admin Panel admin/dashboard.php information disclosure

A vulnerability was found in PHP Scripts Mall Mall Advance Peer to Peer MLM Script 1.7.0. It has been classified as problematic. This affects code of the file admin/dashboard.php of the component Admin Panel. The manipulation with an unknown...
Auteur: VulDB
First1726172717281729173017311732173317341735Last

Événements SSI