Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Yokogawa STARDOM Controller up to R4.10 Memory Exhaustion denial of service

A vulnerability, which was classified as problematic, has been found in Yokogawa STARDOM Controller up to R4.10. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

Yokogawa STARDOM Controller up to R4.10 Default Credentials weak authentication

A vulnerability classified as critical was found in Yokogawa STARDOM Controller up to R4.10. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a weak authentication vulnerability (Default...
Auteur: VulDB

NUUO CMS up to 3.1 Default Credentials weak authentication

A vulnerability classified as critical has been found in NUUO CMS up to 3.1. Affected is an unknown function. The manipulation with an unknown input leads to a weak authentication vulnerability (Default Credentials). CWE is classifying the issue...
Auteur: VulDB

NUUO CMS up to 3.1 User Account Control Remote Code Execution

A vulnerability was found in NUUO CMS up to 3.1. It has been rated as critical. This issue affects an unknown function of the component User Account Control. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

NUUO CMS up to 3.1 Code Execution [CVE-2018-17890]

A vulnerability was found in NUUO CMS up to 3.1. It has been declared as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). The CWE...
Auteur: VulDB

NUUO CMS up to 3.1 Session Remote Code Execution

A vulnerability was found in NUUO CMS up to 3.1. It has been classified as critical. This affects an unknown function of the component Session Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

Micro Focus Enterprise Developer and Enterprise Server up to 2.3 Update 2/3.0 Update 11/4.0 Update 1 HTTP Request Parameter NULL Pointer Dereference denial of service

A vulnerability was found in Micro Focus Enterprise Developer and Enterprise Server up to 2.3 Update 2/3.0 Update 11/4.0 Update 1 and classified as problematic. Affected by this issue is an unknown function of the component HTTP Request Parameter...
Auteur: VulDB

Next.js 7.0.0/7.0.1 Error Page /_error cross site scripting

A vulnerability was found in Next.js 7.0.0/7.0.1. It has been classified as problematic. Affected is an unknown function of the file /_error of the component Error Page. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

pdfalto 0.2 XmlAltoOutputDev.cc addAttributsNode memory corruption

A vulnerability was found in pdfalto 0.2 and classified as critical. This issue affects the function TextPage::addAttributsNode of the file XmlAltoOutputDev.cc. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB

CMS Made Simple 2.2.7 Article moduleinterface.php m1_extra cross site scripting

A vulnerability has been found in CMS Made Simple 2.2.7 and classified as problematic. This vulnerability affects an unknown function of the file admin/moduleinterface.php of the component Article Handler. The manipulation of the argument...
Auteur: VulDB

CMS Made Simple 2.2.7 Article moduleinterface.php m1_news_url cross site scripting

A vulnerability, which was classified as problematic, was found in CMS Made Simple 2.2.7. This affects an unknown function of the file admin/moduleinterface.php of the component Article Handler. The manipulation of the argument m1_news_url as...
Auteur: VulDB

WAGO 750-881 up to 01.09.19(13) SNMP Configuration webserv/cplcfg/snmp.ssi SNMP_LOC_SNMP_CONT cross site scripting

A vulnerability, which was classified as problematic, has been found in WAGO 750-881 up to 01.09.19(13). Affected by this issue is an unknown function of the file webserv/cplcfg/snmp.ssi of the component SNMP Configuration. The manipulation of...
Auteur: VulDB

Foreman 1.18 Breadcrumbs Bar Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Foreman 1.18. This issue affects an unknown function of the component Breadcrumbs Bar. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

Cloud Foundry CF Networking Release up to 2.15.x API Endpoint sql injection

A vulnerability, which was classified as critical, was found in Cloud Foundry CF Networking Release up to 2.15.x. Affected is an unknown function of the component API Endpoint. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

Palo Alto PAN-OS up to 8.1.3 GlobalProtect Portal cross site scripting

A vulnerability was found in Palo Alto PAN-OS up to 8.1.3. It has been classified as problematic. Affected is an unknown function of the component GlobalProtect Portal. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

Original release date: October 11, 2018 In collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security...
Auteur: US Cert

CERTFR-2018-AVI-487 : Multiples vulnérabilités dans les produits Juniper (11 octobre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à...
Auteur: Cert FR

Juniper Networks Releases Security Updates

Original release date: October 10, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

Certification des compétences du DPO : la CNIL adopte deux référentiels

Afin de permettre l’identification des compétences et savoir-faire du délégué à la protection des données (DPO), la CNIL adopte deux référentiels en matière de certification de DPO.
Auteur: Cnil

Blueimp jQuery-File-Upload up to 9.22.0 File Upload privilege escalation

A vulnerability, which was classified as critical, was found in Blueimp jQuery-File-Upload up to 9.22.0. This affects an unknown function of the component File Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

BageCMS 3.1.3 directory traversal [CVE-2018-18258]

A vulnerability, which was classified as problematic, has been found in BageCMS 3.1.3. Affected by this issue is an unknown function of the file index.php?r=admini/template/updateTpl&filename. The manipulation with an unknown input leads to a...
Auteur: VulDB

BageCMS 3.1.3 directory traversal [CVE-2018-18257]

A vulnerability classified as critical was found in BageCMS 3.1.3. Affected by this vulnerability is an unknown function of the file index.php?r=admini/template/batch&command=deleteFile&fileName. The manipulation with an unknown input leads to a...
Auteur: VulDB

youke365 1.1.5 admin/login.html Username sql injection

A vulnerability classified as critical has been found in youke365 1.1.5. Affected is an unknown function of the file admin/login.html. The manipulation as part of a Username leads to a sql injection vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Pippo up to 1.11.0 XstreamEngine Code Execution

A vulnerability was found in Pippo up to 1.11.0. It has been rated as critical. This issue affects an unknown function of the component XstreamEngine. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

youke365 1.1.5 admin/user.html cross site request forgery

A vulnerability was found in youke365 1.1.5. It has been declared as problematic. This vulnerability affects an unknown function of the file admin/user.html. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB
First1817181818191820182118221823182418251826Last

Événements SSI