Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Montres connectées pour enfants : quels enjeux pour leur vie privée ?

Souvent présentée comme une alternative aux smartphones, la montre connectée pour enfants figure parmi les tendances émergentes de cette rentrée 2018. La CNIL rappelle les points de vigilance concernant la vie privée des enfants. 
Auteur: Cnil

e108 2.1.9 wmessage.php cross site request forgery

A vulnerability was found in e108 2.1.9. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id. The manipulation with an unknown input...
Auteur: VulDB

Citrix ShareFile StorageZones Controller up to 5.4.1 Error Message information disclosure

A vulnerability was found in Citrix ShareFile StorageZones Controller up to 5.4.1. It has been classified as problematic. Affected is an unknown function of the component Error Message Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Citrix ShareFile StorageZones Controller up to 5.4.1 directory traversal

A vulnerability was found in Citrix ShareFile StorageZones Controller up to 5.4.1 and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a directory traversal vulnerability. Using CWE...
Auteur: VulDB

IBM WebSphere Application Server Liberty ORB Communication weak encryption

A vulnerability has been found in IBM WebSphere Application Server Liberty (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function of the component ORB Communication. The manipulation with an...
Auteur: VulDB

IObit Advanced SystemCare 1.2.0.5 Monitor_win10_x64.sys privilege escalation

A vulnerability, which was classified as critical, was found in IObit Advanced SystemCare 1.2.0.5. This affects an unknown function in the library Monitor_win10_x64.sys. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IObit Advanced SystemCare 1.2.0.5 Monitor_win10_x64.sys information disclosure

A vulnerability, which was classified as problematic, has been found in IObit Advanced SystemCare 1.2.0.5. Affected by this issue is an unknown function in the library Monitor_win10_x64.sys. The manipulation with an unknown input leads to a...
Auteur: VulDB

IObit Advanced SystemCare 1.2.0.5 Monitor_win10_x64.sys privilege escalation

A vulnerability classified as critical was found in IObit Advanced SystemCare 1.2.0.5. Affected by this vulnerability is an unknown function in the library Monitor_win10_x64.sys. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Circontrol CirCarLife up to 4.2 JSON setup.json information disclosure

A vulnerability classified as problematic has been found in Circontrol CirCarLife up to 4.2. Affected is an unknown function of the file /services/system/setup.json of the component JSON Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

SuSE Linux Enterprise 12/15 shadow Package useradd.c privilege escalation

A vulnerability was found in SuSE Linux Enterprise 12/15. It has been rated as problematic. This issue affects an unknown function of the file useradd.c of the component shadow Package. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Zoho ManageEngine Applications Manager prior Build 13740 SMB Share Remote Code Execution

A vulnerability was found in Zoho ManageEngine Applications Manager. It has been declared as critical. This vulnerability affects an unknown function of the component SMB Share Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

strongSwan up to 4.x/5.6.x IKEv2 Authentication gmp_rsa_public_key.c verify_emsa_pkcs1_signature() digestAlgorithmparameters weak authentication

A vulnerability was found in strongSwan up to 4.x/5.6.x. It has been classified as critical. This affects the function verify_emsa_pkcs1_signature() of the file gmp_rsa_public_key.c of the component IKEv2 Authentication. The manipulation of the...
Auteur: VulDB

strongSwan up to 4.x/5.6.x IKEv2 Authentication gmp_rsa_public_key.c verify_emsa_pkcs1_signature() weak authentication

A vulnerability was found in strongSwan up to 4.x/5.6.x and classified as critical. Affected by this issue is the function verify_emsa_pkcs1_signature() of the file gmp_rsa_public_key.c of the component IKEv2 Authentication. The manipulation ...
Auteur: VulDB

IBM Rational Doors Next Generation up to 6.0.6 Web UI cross site scripting

A vulnerability has been found in IBM Rational Doors Next Generation up to 6.0.6 and classified as problematic. Affected by this vulnerability is an unknown function of the component Web UI. The manipulation with an unknown input leads to a...
Auteur: VulDB

pfSense up to 2.4.3 status_interfaces.php dhcp_relinquish_lease() POST Parameter command injection

A vulnerability, which was classified as critical, was found in pfSense up to 2.4.3. Affected is the function dhcp_relinquish_lease() of the file status_interfaces.php. The manipulation as part of a POST Parameter leads to a privilege escalation...
Auteur: VulDB

Openswan up to 2.6.50.0 IKEv2 Signature Bleichenbacher weak encryption

A vulnerability, which was classified as critical, has been found in Openswan up to 2.6.50.0. This issue affects an unknown function of the component IKEv2 Signature Handler. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

SuiteCRM up to 7.10.7 Error Message cross site scripting

A vulnerability classified as problematic was found in SuiteCRM. This vulnerability affects an unknown function of the component Error Message Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

JavaMelody up to 1.73.x PayloadNameRequestWrapper.java parseSoapMethodName XML External Entity

A vulnerability classified as critical has been found in JavaMelody up to 1.73.x. This affects the function parseSoapMethodName of the file bull/javamelody/PayloadNameRequestWrapper.java. The manipulation with an unknown input leads to a...
Auteur: VulDB

IBM Spectrum Protect 7.1/8.1 denial of service [CVE-2018-1550]

A vulnerability was found in IBM Spectrum Protect 7.1/8.1. It has been rated as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a denial of service vulnerability. Using CWE to declare...
Auteur: VulDB

IBM Tivoli Storage Manager 7.1/8.1 weak encryption [CVE-2018-1545]

A vulnerability was found in IBM Tivoli Storage Manager 7.1/8.1. It has been declared as problematic. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a weak encryption vulnerability. The CWE...
Auteur: VulDB

Fuji Electric V-Server up to 4.0.3.0 Stack-based memory corruption

A vulnerability was found in Fuji Electric V-Server up to 4.0.3.0. It has been classified as critical. Affected is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based). CWE is...
Auteur: VulDB

Fuji Electric V-Server up to 4.0.3.0 Out-of-Bounds memory corruption

A vulnerability was found in Fuji Electric V-Server up to 4.0.3.0 and classified as critical. This issue affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). Using CWE to...
Auteur: VulDB

Fuji Electric V-Server up to 4.0.3.0 Integer Underflow memory corruption

A vulnerability has been found in Fuji Electric V-Server up to 4.0.3.0 and classified as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Integer...
Auteur: VulDB

Fuji Electric V-Server up to 4.0.3.0 Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in Fuji Electric V-Server up to 4.0.3.0. This affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). CWE is...
Auteur: VulDB

Fuji Electric V-Server up to 4.0.3.0 Heap-based memory corruption

A vulnerability, which was classified as critical, has been found in Fuji Electric V-Server up to 4.0.3.0. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB
First1931193219331934193519361937193819391940Last

Événements SSI