Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

pyOpenSSL up to 17.4.x PKCS #12 Store Memory Consumption denial of service

A vulnerability classified as problematic has been found in pyOpenSSL up to 17.4.x. This affects an unknown function of the component PKCS #12 Store. The manipulation with an unknown input leads to a denial of service vulnerability (Memory...
Auteur: VulDB

pyOpenSSL up to 17.4.x X.509 Object Use-After-Free memory corruption

A vulnerability was found in pyOpenSSL up to 17.4.x. It has been rated as critical. Affected by this issue is an unknown function of the component X.509 Object Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Paramiko up to 2.4.1 SSH Server Remote Code Execution

A vulnerability was found in Paramiko up to 2.4.1. It has been declared as critical. Affected by this vulnerability is an unknown function of the component SSH Server. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Contiki-NG 4 AQL Database Engine Code Execution memory corruption

A vulnerability was found in Contiki-NG 4. It has been classified as critical. Affected is an unknown function of the component AQL Database Engine. The manipulation with an unknown input leads to a memory corruption vulnerability (Code...
Auteur: VulDB

WPML Plugin up to 3.6.3 on WordPress process_forms theme-localization.php locale_file_name cross site scripting

A vulnerability has been found in WPML Plugin up to 3.6.3 on WordPress and classified as problematic. This vulnerability affects an unknown function of the file theme-localization.php of the component process_forms. The manipulation of the...
Auteur: VulDB

net-snmp up to 5.7 snmplib/snmp_api.c UDP Packet denial of service

A vulnerability, which was classified as problematic, was found in net-snmp up to 5.7. This affects an unknown function in the library snmplib/snmp_api.c. The manipulation as part of a UDP Packet leads to a denial of service vulnerability...
Auteur: VulDB

net-snmp up to 5.7 table_container.c _set_key UDP Packet denial of service

A vulnerability, which was classified as problematic, has been found in net-snmp up to 5.7. Affected by this issue is the function _set_key of the file agent/helpers/table_container.c. The manipulation as part of a UDP Packet leads to a denial...
Auteur: VulDB

Linux Kernel 4.14.67 Memory Consumption denial of service

A vulnerability classified as problematic has been found in Linux Kernel 4.14.67. Affected is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability (Memory Consumption). CWE is classifying the...
Auteur: VulDB

Seqrite End Point Security 7.4 privilege escalation [CVE-2018-17775]

A vulnerability was found in Seqrite End Point Security 7.4. It has been declared as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE...
Auteur: VulDB

D-Link Central WiFi Manager prior 1.03r0100-Beta1 File Upload PHP Code Execution privilege escalation

A vulnerability, which was classified as critical, has been found in D-Link Central WiFi Manager. This issue affects an unknown function of the component File Upload. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

D-Link Central WiFi Manager prior 1.03r0100-Beta1 FTP Server username/password Default Credentials weak authentication

A vulnerability classified as critical has been found in D-Link Central WiFi Manager. This affects an unknown function of the component FTP Server. The manipulation of the argument username/password with the input value admin:admin leads to a...
Auteur: VulDB

Telerik Extensions for ASP.NET MVC privilege escalation [CVE-2018-17060]

A vulnerability was found in Telerik Extensions for ASP.NET MVC (the affected version is unknown) and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

VU#176301: Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

Vulnerability Note VU#176301 Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App Original Release date: 06 Oct 2018 | Last revised: 08 Oct 2018 Overview Auto-Maskin RP remote panels and DCU controls units are used to...
Auteur: US Cert

Git up to 2.19.0 Clone URL Remote Code Execution

A vulnerability, which was classified as critical, has been found in Git up to 2.19.0. This issue affects an unknown function of the component Clone Handler. The manipulation of the argument URL with the input value - leads to a privilege...
Auteur: VulDB

QPDF 8.2.1 libqpdf/QPDFWriter.cc unparseChild PDF File denial of service

A vulnerability, which was classified as problematic, was found in QPDF 8.2.1. Affected is the function QPDFWriter::unparseObject/QPDFWriter::unparseChild of the file libqpdf/QPDFWriter.cc. The manipulation as part of a PDF File leads to a...
Auteur: VulDB

National Cybersecurity Awareness Month Webinar on Securing the Internet

Original release date: October 05, 2018 The Multi-State Information Sharing and Analysis Center, National Cyber Security Alliance, and the Department of Homeland Security are conducting a National Cybersecurity Awareness Month (NCSAM)...
Auteur: US Cert

VMware Releases Security Update

Original release date: October 05, 2018 VMware has released a security update to address a vulnerability in AirWatch Console. An attacker could exploit this vulnerability to take control of an affected system.NCCIC encourages users and...
Auteur: US Cert

CERTFR-2018-AVI-471 : Vulnérabilité dans VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) (05 octobre 2018)

Une vulnérabilité a été découverte dans VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console). Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2018-AVI-470 : Multiples vulnérabilités dans le noyau Linux de SUSE (05 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2018-AVI-469 : Multiples vulnérabilités dans Mozilla Thunderbird (05 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Auteur: Cert FR

Mozilla Releases Security Update for Thunderbird

Original release date: October 04, 2018 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users...
Auteur: US Cert

Karo Gem 2.3.8 on Ruby host command injection

A vulnerability has been found in Karo Gem 2.3.8 on Ruby and classified as critical. This vulnerability affects an unknown function. The manipulation of the argument host with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

A vulnerability was found in Cisco Data Center Network Manager (the affected version is unknown). It has been classified as problematic. This affects an unknown function of the component Web-based Management Interface. The manipulation with an...
Auteur: VulDB

Cisco Digital Network Architecture Center Identity Management Request weak authentication

A vulnerability was found in Cisco Digital Network Architecture Center (the affected version is unknown) and classified as critical. Affected by this issue is an unknown function of the component Identity Management. The manipulation as part of...
Auteur: VulDB

Cisco Email Security Appliance Anti-Spam Protection Mechanism Messages privilege escalation

A vulnerability has been found in Cisco Email Security Appliance (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function of the component Anti-Spam Protection Mechanism. The manipulation...
Auteur: VulDB
First1827182818291830183118321833183418351836Last

Événements SSI