Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Applications mobiles : mises en demeure pour absence de consentement au traitement de données de géolocalisation à des fins de ciblage publicitaire

La Présidente de la CNIL met en demeure la société VECTAURY de recueillir le consentement des personnes au traitement de leurs données de géolocalisation à des fins de ciblage publicitaire par le biais des applications mobiles.
Auteur: Cnil

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information...
Auteur: US Cert

CERTFR-2018-AVI-537 : Multiples vulnérabilités dans Aruba ClearPass (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-537 : Multiples vulnérabilités dans Aruba ClearPass (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-536 : Multiples vulnérabilités dans les produits Cisco (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-536 : Multiples vulnérabilités dans les produits Cisco (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

Google Cardboard on Android/iOS Cleartext weak encryption

A vulnerability has been found in Google Cardboard on Android/iOS (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Exiv2 0.26 PSD Image Reader psdimage.cpp readMetadata memory corruption

A vulnerability classified as critical was found in Exiv2 0.26. This vulnerability affects the function Exiv2::PsdImage::readMetadata of the file psdimage.cpp of the component PSD Image Reader. The manipulation with an unknown input leads to a...
Auteur: VulDB

Exiv2 0.26 PSD Image Reader iptc.cpp decode Image File memory corruption

A vulnerability classified as critical has been found in Exiv2 0.26. This affects the function Exiv2::IptcParser::decode of the file iptc.cpp of the component PSD Image Reader. The manipulation as part of a Image File leads to a memory...
Auteur: VulDB

BageCMS 3.1.3 upload/index.php cross site request forgery

A vulnerability was found in BageCMS 3.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file upload/index.php. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

tianti 2.3 skin-management list skinList Request privilege escalation

A vulnerability, which was classified as critical, was found in tianti 2.3. Affected is the function skinList of the file tianti-module-admin/user/skin/list of the component skin-management. The manipulation as part of a Request leads to a...
Auteur: VulDB

tianti 2.3 Permission list privilege escalation

A vulnerability, which was classified as critical, has been found in tianti 2.3. This issue affects an unknown function of the file tianti-module-admin/cms/column/list of the component Permission. The manipulation with an unknown input leads to...
Auteur: VulDB

LibreCAD 2.1.3 File Crash denial of service

A vulnerability was found in LibreCAD 2.1.3. It has been rated as problematic. Affected by this issue is an unknown function of the component File Handler. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

Apache Hive up to 2.3.3/3.1.0 Query privilege escalation

A vulnerability was found in Apache Hive up to 2.3.3/3.1.0. It has been declared as critical. This vulnerability affects an unknown function of the component Hive Handler. The manipulation as part of a Query leads to a privilege escalation...
Auteur: VulDB

Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation

A vulnerability was found in Apache Hive up to 2.3.3/3.1.0. It has been classified as critical. This affects an unknown function of the component HiveServer2. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Cisco Small Business Switches weak authentication [CVE-2018-15439]

A vulnerability, which was classified as critical, was found in Cisco Small Business Switches (the affected version is unknown). This affects an unknown function. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

Cisco Immunet/Advanced Malware Protection on Windows System Scan privilege escalation

A vulnerability, which was classified as critical, has been found in Cisco Immunet and Advanced Malware Protection on Windows (the affected version is unknown). Affected by this issue is an unknown function of the component System Scan. The...
Auteur: VulDB

Cisco Stealthwatch Enterprise Management Console HTTP Request privilege escalation

A vulnerability classified as critical was found in Cisco Stealthwatch Enterprise (the affected version is unknown). Affected by this vulnerability is an unknown function of the component Management Console. The manipulation as part of a HTTP...
Auteur: VulDB

Cisco Content Security Management Appliance Web-based Management Interface cross site scripting

A vulnerability classified as problematic has been found in Cisco Content Security Management Appliance (the affected version is unknown). Affected is an unknown function of the component Web-based Management Interface. The manipulation with an...
Auteur: VulDB

Cisco Unity Express Serialized Java Object Shell privilege escalation

A vulnerability was found in Cisco Unity Express (the affected version is unknown). It has been rated as very critical. This issue affects an unknown function. The manipulation as part of a Serialized Java Object leads to a privilege escalation...
Auteur: VulDB

Cisco Meraki MR/Meraki MS/Meraki MX/Meraki Z1/Meraki Z3 Local Status Page privilege escalation

A vulnerability was found in Cisco Meraki MR, Meraki MS, Meraki MX, Meraki Z1 and Meraki Z3 and classified as critical. Affected by this issue is an unknown function of the component Local Status Page. The manipulation with an unknown input...
Auteur: VulDB

Telexy QPath 5.4.462 AdanitDataService.svc Request privilege escalation

A vulnerability was found in Telexy QPath 5.4.462. It has been rated as critical. Affected by this issue is an unknown function of the file AdanitDataService.svc. The manipulation as part of a Request leads to a privilege escalation...
Auteur: VulDB

Brocade Fabric OS up to 7.4.2c/8.0.2e/8.1.2e/8.2.0 Web Management Interface privilege escalation

A vulnerability classified as critical was found in Brocade Fabric OS up to 7.4.2c/8.0.2e/8.1.2e/8.2.0. Affected by this vulnerability is an unknown function of the component Web Management Interface. The manipulation with an unknown input leads...
Auteur: VulDB

keepalived up to 2.0.8 lib/html.c memory corruption

A vulnerability was found in keepalived up to 2.0.8. It has been rated as critical. This issue affects an unknown function in the library lib/html.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based)....
Auteur: VulDB

MinDoc up to 1.0.2 attach_#.jpg Image File privilege escalation

A vulnerability was found in MinDoc up to 1.0.2. It has been declared as critical. This vulnerability affects an unknown function of the file aa/../../uploads/blog/201811/attach_#.jpg. The manipulation as part of a Image File leads to a...
Auteur: VulDB
First1923192419251926192719281929193019311932Last

Événements SSI