Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Siemens TIM 1531 IRC up to 1.x Service Port 102 weak authentication

A vulnerability has been found in Siemens TIM 1531 IRC up to 1.x and classified as critical. This vulnerability affects an unknown function of the component Service Port 102. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

McAfee Agent up to 5.5.1 on Linux Installation Temporary privilege escalation

A vulnerability was found in McAfee Agent up to 5.5.1 on Linux. It has been declared as critical. This vulnerability affects an unknown function of the component Installation. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

McAfee Agent up to 5.5.1 on Linux privilege escalation [CVE-2018-6705]

A vulnerability was found in McAfee Agent up to 5.5.1 on Linux. It has been classified as critical. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the...
Auteur: VulDB

McAfee Agent up to 5.5.1 on Linux privilege escalation [CVE-2018-6704]

A vulnerability was found in McAfee Agent up to 5.5.1 on Linux and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare...
Auteur: VulDB

HAProxy up to 1.8.14 dns.c Crafted Packet denial of service

A vulnerability has been found in HAProxy up to 1.8.14 and classified as problematic. Affected by this vulnerability is an unknown function of the file dns.c. The manipulation as part of a Crafted Packet leads to a denial of service...
Auteur: VulDB

HAProxy up to 1.8.14 dns.c dns_validate_dns_response DNS Response memory corruption

A vulnerability, which was classified as critical, was found in HAProxy up to 1.8.14. Affected is the function dns_validate_dns_response of the file dns.c. The manipulation as part of a DNS Response leads to a memory corruption vulnerability...
Auteur: VulDB

Import Users from CSV with Meta Plugin up to 1.12.0 on WordPress Cell cross site scripting

A vulnerability, which was classified as problematic, has been found in Import Users from CSV with Meta Plugin up to 1.12.0 on WordPress. This issue affects an unknown function of the component Cell Handler. The manipulation with an unknown...
Auteur: VulDB

Exiv2 0.27-RC3 jp2image.cpp encodeJp2Header denial of service

A vulnerability classified as problematic was found in Exiv2 0.27-RC3. This vulnerability affects the function Exiv2::Jp2Image::encodeJp2Header of the file jp2image.cpp. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Exiv2 0.27-RC3 jp2image.cpp encodeJp2Header memory corruption

A vulnerability classified as critical has been found in Exiv2 0.27-RC3. This affects the function Exiv2::Jp2Image::encodeJp2Header of the file jp2image.cpp. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

Exiv2 0.27-RC3 tiffimage_int.cpp findPrimaryGroups memory corruption

A vulnerability was found in Exiv2 0.27-RC3. It has been rated as critical. Affected by this issue is the function Exiv2::Internal::TiffParserWorker::findPrimaryGroups of the file tiffimage_int.cpp. The manipulation with an unknown input leads...
Auteur: VulDB

Exiv2 0.27-RC3 pngimage.cpp Exiv2::tEXtToDataBuf memory corruption

A vulnerability was found in Exiv2 0.27-RC3. It has been declared as critical. Affected by this vulnerability is the function Exiv2::tEXtToDataBuf of the file pngimage.cpp. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Bento4 1.5.1-627 Core/Ap4Array.h EnsureCapacity denial of service

A vulnerability was found in Bento4 1.5.1-627. It has been classified as problematic. Affected is the function EnsureCapacity of the file Core/Ap4Array.h. The manipulation with an unknown input leads to a denial of service vulnerability (Memory...
Auteur: VulDB

XXL-CONF 1.6.0 PropUtil.java keys directory traversal

A vulnerability was found in XXL-CONF 1.6.0 and classified as problematic. This issue affects an unknown function of the file ConfController.java/PropUtil.java. The manipulation of the argument keys with an unknown input leads to a directory...
Auteur: VulDB

IBM WebSphere Application Server 7.0/8.0/8.5/9.0 Admin Console cross site request forgery

A vulnerability has been found in IBM WebSphere Application Server 7.0/8.0/8.5/9.0 and classified as problematic. This vulnerability affects an unknown function of the component Admin Console. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM WebSphere Application Server 8.5/9.0 privilege escalation

A vulnerability, which was classified as critical, was found in IBM WebSphere Application Server 8.5/9.0. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying...
Auteur: VulDB

Linux Kernel up to 4.19.6 Access Control fs/userfaultfd.c IOCTL Call privilege escalation

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.6. Affected by this issue is an unknown function of the file fs/userfaultfd.c of the component Access Control. The manipulation as part of a IOCTL Call...
Auteur: VulDB

Téléservices et protection de la vie privée

Dans un contexte de dématérialisation croissante des services publics et de développement des téléservices, la CNIL rappelle les bonnes pratiques indispensables pour le développement de téléservices en conformité avec le RGPD.
Auteur: Cnil

Microsoft Releases December 2018 Security Updates

Original release date: December 11, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.The...
Auteur: US Cert

Mozilla Releases Security Updates for Firefox

Original release date: December 11, 2018 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Adobe Releases Security Updates

Original release date: December 11, 2018 Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

CERTFR-2018-AVI-590 : Multiples vulnérabilités dans les produits Siemens (11 décembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des...
Auteur: Cert FR

Pippo 1.11.0 jaxb/JaxbEngine.java XML External Entity

A vulnerability, which was classified as critical, was found in Pippo 1.11.0. Affected is an unknown function of the file jaxb/JaxbEngine.java. The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE). CWE is...
Auteur: VulDB

Evernote up to 7.5 on MacOS Attachment Preview directory traversal

A vulnerability, which was classified as problematic, has been found in Evernote up to 7.5 on MacOS. This issue affects an unknown function of the component Attachment Preview. The manipulation with an unknown input leads to a directory...
Auteur: VulDB

D-Link DIR-605L/DIR-619L /bin/boa sysCmd privilege escalation

A vulnerability classified as critical was found in D-Link DIR-605L and DIR-619L (the affected version is unknown). This vulnerability affects an unknown function of the file /bin/boa. The manipulation of the argument sysCmd as part of a POST...
Auteur: VulDB

D-Link DIR-605L/DIR-619L /bin/boa currTime memory corruption

A vulnerability classified as critical has been found in D-Link DIR-605L and DIR-619L (the affected version unknown). This affects an unknown function of the file /bin/boa. The manipulation of the argument currTime as part of a Parameter leads...
Auteur: VulDB
First1734173517361737173817391740174117421743Last

Événements SSI