Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery

A vulnerability was found in Apache NiFi 1.8.0 and classified as problematic. This issue affects an unknown function of the component Template Upload Handler. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

Apache NiFi 1.8.0 Cluster Request privilege escalation

A vulnerability has been found in Apache NiFi 1.8.0 and classified as critical. This vulnerability affects an unknown function of the component Cluster Handler. The manipulation as part of a Request leads to a privilege escalation vulnerability....
Auteur: VulDB

Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting

A vulnerability, which was classified as problematic, was found in Apache NiFi 1.8.0. This affects an unknown function of the file message-page.jsp of the component Error Page. The manipulation as part of a Request Header leads to a cross site...
Auteur: VulDB

Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation

A vulnerability, which was classified as critical, has been found in Apache NiFi up to 1.7.x. Affected by this issue is an unknown function of the component X-Frame-Options Header Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Spring Security 5.1.0/5.1.1 JWT Issuer Validation privilege escalation

A vulnerability classified as critical has been found in Spring Security 5.1.0/5.1.1. Affected is an unknown function of the component JWT Issuer Validation. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

LibVNC File Transfer Extension Heap-based memory corruption

A vulnerability was found in LibVNC (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component File Transfer Extension. The manipulation with an unknown input leads to a...
Auteur: VulDB

LibVNC File Transfer Extension Use-After-Free memory corruption

A vulnerability was found in LibVNC (the affected version unknown). It has been classified as critical. This affects an unknown function of the component File Transfer Extension. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing

A vulnerability was found in Apache Oozie up to 5.0.0 and classified as critical. Affected by this issue is an unknown function of the component Workflow. The manipulation as part of a XML leads to a spoofing vulnerability (Impersonation). Using...
Auteur: VulDB

S3 Browser up to 8.1.4 XML Data XML External Entity

A vulnerability was found in S3 Browser up to 8.1.4 and classified as critical. This issue affects an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE)....
Auteur: VulDB

Two-Factor-Authentication Plugin up to 1.3.12 on WordPress Parameter cross site request forgery

A vulnerability has been found in Two-Factor-Authentication Plugin up to 1.3.12 on WordPress and classified as problematic. This vulnerability affects an unknown function. The manipulation as part of a Parameter leads to a cross site request...
Auteur: VulDB

sssd up to 1.x Configuration Parameter information disclosure

A vulnerability classified as problematic was found in sssd up to 1.x. Affected by this vulnerability is an unknown function of the component Configuration Parameter. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Pivotal Concourse up to 4.2.1 Login Flow Open Redirect

A vulnerability was found in Pivotal Concourse up to 4.2.1. It has been rated as problematic. This issue affects an unknown function of the component Login Flow. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

LibVNC File Transfer Extension Use-After-Free memory corruption

A vulnerability, which was classified as critical, was found in LibVNC (version unknown). Affected is an unknown function of the component File Transfer Extension. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Microsoft Internet Explorer 9/10/11 Scripting Engine JScript.dll memory corruption

A vulnerability has been found in Microsoft Internet Explorer 9/10/11 and classified as critical. Affected by this vulnerability is some functionality in the library JScript.dll of the component Scripting Engine. The manipulation with an unknown...
Auteur: VulDB

Publication de l’ordonnance de réécriture de la loi Informatique et Libertés

L’ordonnance n° 2018-1125 du 12 décembre 2018, publiée le 13 décembre 2018, achève, au niveau législatif, la mise en conformité du droit national avec le Règlement général sur la protection des données règlement (RGPD) et la Directive...
Auteur: Cnil

La certification et les codes de conduite

La certification et les codes de conduite constituent de véritables sceaux de confiance, qui résultent d’une initiative de la CNIL ou d’un secteur professionnel.
Auteur: Cnil

Les cadres de référence

La CNIL élabore des cadres de référence permettant de guider les organismes dans la mise en conformité de leur traitement. Ces instruments de régulation ont vocation à donner davantage de sécurité juridique aux organismes. Ils sont élaborés en...
Auteur: Cnil

CERTFR-2018-AVI-603 : Multiples vulnérabilités dans le noyau Linux de SUSE (18 décembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-602 : Multiples vulnérabilités dans Google Chrome OS (18 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

libexcel 0.01 workbook.c wbook_addworksheet Long Name memory corruption

A vulnerability, which was classified as critical, has been found in libexcel 0.01. This issue affects the function wbook_addworksheet of the file workbook.c. The manipulation as part of a Long Name leads to a memory corruption vulnerability...
Auteur: VulDB

Espruino 2V00 JS File jsflash.c jsfNameFromString memory corruption

A vulnerability classified as critical was found in Espruino 2V00. This vulnerability affects the function jsfNameFromString of the file jsflash.c of the component JS File Handler. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Freeware Advanced Audio Decoder 2.8.8 libfaad/filtbank.c ifilter_bank denial of service

A vulnerability classified as problematic has been found in Freeware Advanced Audio Decoder 2.8.8. This affects the function ifilter_bank of the file libfaad/filtbank.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Freeware Advanced Audio Decoder 2.8.8 libfaad/filtbank.c ifilter_bank denial of service

A vulnerability was found in Freeware Advanced Audio Decoder 2.8.8. It has been rated as problematic. Affected by this issue is the function ifilter_bank of the file libfaad/filtbank.c. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Freeware Advanced Audio Decoder 2.8.8 libfaad/sbr_hfadj.c calculate_gain memory corruption

A vulnerability was found in Freeware Advanced Audio Decoder 2.8.8. It has been declared as critical. Affected by this vulnerability is the function calculate_gain of the file libfaad/sbr_hfadj.c. The manipulation with an unknown input leads to...
Auteur: VulDB

Freeware Advanced Audio Decoder 2.8.8 libfaad/sbr_hfadj.c calculate_gain memory corruption

A vulnerability was found in Freeware Advanced Audio Decoder 2.8.8. It has been classified as critical. Affected is the function calculate_gain of the file libfaad/sbr_hfadj.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB
First1727172817291730173117321733173417351736Last

Événements SSI