Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cloud Foundry up to 2.13.x Hashing privilege escalation

A vulnerability, which was classified as critical, was found in Cloud Foundry up to 2.13.x. This affects an unknown function of the component Hashing. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

PrestaShop up to 1.6.1.22/1.7.4.3 File Upload privilege escalation

A vulnerability classified as critical was found in PrestaShop up to 1.6.1.22/1.7.4.3. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (File Upload). The CWE...
Auteur: VulDB

PrestaShop up to 1.6.1.22/1.7.4.3 denial of service [CVE-2018-19125]

A vulnerability classified as problematic has been found in PrestaShop up to 1.6.1.22/1.7.4.3. This affects an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as...
Auteur: VulDB

PrestaShop up to 1.6.1.22/1.7.4.3 on Windows privilege escalation

A vulnerability was found in PrestaShop up to 1.6.1.22/1.7.4.3 on Windows. It has been rated as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

Sennheiser HeadSetup 7.3.4903 Certificates SennComCCKey.pem information disclosure

A vulnerability has been found in Sennheiser HeadSetup 7.3.4903 and classified as problematic. This vulnerability affects an unknown function of the file SennComCCKey.pem of the component Certificates. The manipulation with an unknown input...
Auteur: VulDB

PowerDNS Recursor up to 4.1.4 DNSSEC Validator DNS Query denial of service

A vulnerability, which was classified as problematic, has been found in PowerDNS Recursor up to 4.1.4. Affected by this issue is an unknown function of the component DNSSEC Validator. The manipulation as part of a DNS Query leads to a denial of...
Auteur: VulDB

Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation

A vulnerability was found in Apache Commons FileUpload 1.3.3 on LDAP Manager and classified as critical. Affected by this issue is an unknown function of the component DiskFileItem File Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Applications mobiles : mises en demeure pour absence de consentement au traitement de données de géolocalisation à des fins de ciblage publicitaire

La Présidente de la CNIL met en demeure la société VECTAURY de recueillir le consentement des personnes au traitement de leurs données de géolocalisation à des fins de ciblage publicitaire par le biais des applications mobiles.
Auteur: Cnil

Applications mobiles : mises en demeure pour absence de consentement au traitement de données de géolocalisation à des fins de ciblage publicitaire

La Présidente de la CNIL met en demeure la société VECTAURY de recueillir le consentement des personnes au traitement de leurs données de géolocalisation à des fins de ciblage publicitaire par le biais des applications mobiles.
Auteur: Cnil

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information...
Auteur: US Cert

CERTFR-2018-AVI-537 : Multiples vulnérabilités dans Aruba ClearPass (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-537 : Multiples vulnérabilités dans Aruba ClearPass (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-536 : Multiples vulnérabilités dans les produits Cisco (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-536 : Multiples vulnérabilités dans les produits Cisco (08 novembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

Google Cardboard on Android/iOS Cleartext weak encryption

A vulnerability has been found in Google Cardboard on Android/iOS (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Exiv2 0.26 PSD Image Reader psdimage.cpp readMetadata memory corruption

A vulnerability classified as critical was found in Exiv2 0.26. This vulnerability affects the function Exiv2::PsdImage::readMetadata of the file psdimage.cpp of the component PSD Image Reader. The manipulation with an unknown input leads to a...
Auteur: VulDB

Exiv2 0.26 PSD Image Reader iptc.cpp decode Image File memory corruption

A vulnerability classified as critical has been found in Exiv2 0.26. This affects the function Exiv2::IptcParser::decode of the file iptc.cpp of the component PSD Image Reader. The manipulation as part of a Image File leads to a memory...
Auteur: VulDB

BageCMS 3.1.3 upload/index.php cross site request forgery

A vulnerability was found in BageCMS 3.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file upload/index.php. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

tianti 2.3 skin-management list skinList Request privilege escalation

A vulnerability, which was classified as critical, was found in tianti 2.3. Affected is the function skinList of the file tianti-module-admin/user/skin/list of the component skin-management. The manipulation as part of a Request leads to a...
Auteur: VulDB

tianti 2.3 Permission list privilege escalation

A vulnerability, which was classified as critical, has been found in tianti 2.3. This issue affects an unknown function of the file tianti-module-admin/cms/column/list of the component Permission. The manipulation with an unknown input leads to...
Auteur: VulDB

LibreCAD 2.1.3 File Crash denial of service

A vulnerability was found in LibreCAD 2.1.3. It has been rated as problematic. Affected by this issue is an unknown function of the component File Handler. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

Apache Hive up to 2.3.3/3.1.0 Query privilege escalation

A vulnerability was found in Apache Hive up to 2.3.3/3.1.0. It has been declared as critical. This vulnerability affects an unknown function of the component Hive Handler. The manipulation as part of a Query leads to a privilege escalation...
Auteur: VulDB

Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation

A vulnerability was found in Apache Hive up to 2.3.3/3.1.0. It has been classified as critical. This affects an unknown function of the component HiveServer2. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Cisco Small Business Switches weak authentication [CVE-2018-15439]

A vulnerability, which was classified as critical, was found in Cisco Small Business Switches (the affected version is unknown). This affects an unknown function. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

Cisco Immunet/Advanced Malware Protection on Windows System Scan privilege escalation

A vulnerability, which was classified as critical, has been found in Cisco Immunet and Advanced Malware Protection on Windows (the affected version is unknown). Affected by this issue is an unknown function of the component System Scan. The...
Auteur: VulDB
First1928192919301931193219331934193519361937Last

Événements SSI