Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SAGA1-L8B prior A0.10 privilege escalation [CVE-2018-17923]

A vulnerability was found in SAGA1-L8B and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269....
Auteur: VulDB

SAGA1-L8B prior A0.10 Pairing privilege escalation

A vulnerability has been found in SAGA1-L8B and classified as critical. This vulnerability affects an unknown function of the component Pairing Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. The...
Auteur: VulDB

SAGA1-L8B prior A0.10 Replay privilege escalation

A vulnerability, which was classified as critical, was found in SAGA1-L8B. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Replay). CWE is classifying the issue as CWE-269....
Auteur: VulDB

IBM WebSphere Commerce Enterprise 7.x/8.x/9.x Web UI cross site scripting

A vulnerability was found in IBM WebSphere Commerce Enterprise 7.x/8.x/9.x. It has been rated as problematic. This issue affects an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Fuji Energy Savings Estimator up to 1.0.2.0 DLL Loader Search Path privilege escalation

A vulnerability was found in Fuji Energy Savings Estimator up to 1.0.2.0. It has been declared as problematic. This vulnerability affects an unknown function of the component DLL Loader. The manipulation as part of a Search Path leads to a...
Auteur: VulDB

Anda App Server API Default Credentials weak authentication

A vulnerability was found in Anda App (the affected version is unknown). It has been classified as critical. This affects an unknown function of the component Server API. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

Adrenalin HRMS 5.4.0 ApplicationtEmployeeSearch prntDDLCntrlName/prntFrmName cross site scripting

A vulnerability was found in Adrenalin HRMS 5.4.0 and classified as problematic. Affected by this issue is an unknown function of the file ApplicationtEmployeeSearch. The manipulation of the argument prntDDLCntrlName/prntFrmName with an unknown...
Auteur: VulDB

Spark 1.3.x Zinc Server Request information disclosure

A vulnerability has been found in Spark 1.3.x and classified as problematic. Affected by this vulnerability is an unknown function of the component Zinc Server. The manipulation as part of a Request leads to a information disclosure...
Auteur: VulDB

Apache Impala up to 3.0.0 ALTER privilege escalation

A vulnerability, which was classified as critical, was found in Apache Impala up to 3.0.0. Affected is an unknown function of the component ALTER Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE...
Auteur: VulDB

Apache Impala up to 3.0.0 Queue Injection privilege escalation

A vulnerability, which was classified as critical, has been found in Apache Impala up to 3.0.0. This issue affects an unknown function of the component Queue Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Amanda 3.3.1 Backup and Restore Command Line Argument privilege escalation

A vulnerability classified as critical was found in Amanda 3.3.1. This vulnerability affects an unknown function of the component Backup and Restore. The manipulation as part of a Command Line Argument leads to a privilege escalation...
Auteur: VulDB

Amanda 3.3.1 Backup runtar Argument command injection

A vulnerability classified as critical has been found in Amanda 3.3.1. This affects an unknown function of the file runtar of the component Backup Handler. The manipulation as part of a Argument leads to a privilege escalation vulnerability...
Auteur: VulDB

BitDefender GravityZone Installer Filename privilege escalation

A vulnerability has been found in BitDefender GravityZone (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function of the component Installer. The manipulation of the argument Filename with an...
Auteur: VulDB

Polycom VVX 500/VVX 601 up to 5.8.0.12848 SIP Service information disclosure

A vulnerability was found in Polycom VVX 500 and VVX 601 up to 5.8.0.12848. It has been classified as problematic. This affects an unknown function of the component SIP Service. The manipulation with an unknown input leads to a information...
Auteur: VulDB

ServersCheck Monitoring Software up to 14.3.3 lnk File denial of service

A vulnerability was found in ServersCheck Monitoring Software up to 14.3.3 and classified as problematic. Affected by this issue is an unknown function of the component lnk File Handler. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

Citrix Xen Mobile up to 10.8 Configuration Service privilege escalation

A vulnerability was found in Citrix Xen Mobile up to 10.8. It has been rated as critical. Affected by this issue is an unknown function of the component Configuration Service. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Citrix Xen Mobile up to 10.8.0 Service Port 5001 Java Object Remote Code Execution

A vulnerability was found in Citrix Xen Mobile up to 10.8.0. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Service Port 5001. The manipulation as part of a Java Object leads to a...
Auteur: VulDB

SaltStack Salt prior 2017.7.8/2018.3.3 salt-api(netapi) privilege escalation

A vulnerability, which was classified as critical, has been found in SaltStack Salt. Affected by this issue is the function salt-api(netapi). The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to...
Auteur: VulDB

SaltStack Salt prior 2017.7.8/2018.3.3 Salt-api directory traversal

A vulnerability classified as problematic was found in SaltStack Salt. Affected by this vulnerability is an unknown function of the component Salt-api. The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE...
Auteur: VulDB

Cisco Webex Meetings Desktop App on Windows Update Service privilege escalation

A vulnerability classified as problematic has been found in Cisco Webex Meetings Desktop App on Windows (the affected version is unknown). Affected is an unknown function of the component Update Service. The manipulation with an unknown input...
Auteur: VulDB

Mozilla Releases Security Updates for Firefox

Original release date: October 23, 2018 Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

National Cybersecurity Awareness Month: Critical Infrastructure Cybersecurity

Original release date: October 23, 2018 October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The...
Auteur: US Cert

CERTFR-2018-AVI-508 : Multiples vulnérabilités dans le noyau Linux de Ubuntu (23 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2018-AVI-507 : Multiples vulnérabilités dans le noyau Linux de SUSE (23 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2018-AVI-506 : Multiples vulnérabilités dans Citrix SD-WAN (23 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Citrix SD-WAN. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un contournement de la politique...
Auteur: Cert FR
First1823182418251826182718281829183018311832Last

Événements SSI