Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4 BotPasswords privilege escalation

A vulnerability was found in MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4 and classified as critical. Affected by this issue is an unknown function of the component BotPasswords. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4 Special:Redirect/logid information disclosure

A vulnerability has been found in MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4 and classified as problematic. Affected by this vulnerability is an unknown function of the file Special:Redirect/logid. The manipulation with an unknown input leads...
Auteur: VulDB

MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4 wgRateLimits privilege escalation

A vulnerability, which was classified as critical, was found in MediaWiki up to 1.31.0/1.30.0/1.29.2/1.27.4. Affected is an unknown function. The manipulation of the argument wgRateLimits with an unknown input leads to a privilege escalation...
Auteur: VulDB

NetApp E-Series SANtricity OS Controller Software up to 11.30.5 Remote Code Execution

A vulnerability, which was classified as critical, has been found in NetApp E-Series SANtricity OS Controller Software up to 11.30.5. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

IBM 3.0.2/3.0.4/3.0.6/3.2.0 sql injection [CVE-2018-1819]

A vulnerability classified as critical was found in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2/3.0.4/3.0.6/3.2.0. Affected by this vulnerability is an unknown function. The manipulation with an unknown input...
Auteur: VulDB

IBM Financial Transaction Manager 3.0.2 Log File information disclosure

A vulnerability classified as problematic was found in IBM Financial Transaction Manager 3.0.2. This vulnerability affects an unknown function of the component Log File Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

PHP Scripts Mall Open Source Real-Estate Script 3.6.2 img information disclosure

A vulnerability classified as problematic has been found in PHP Scripts Mall Open Source Real-Estate Script 3.6.2. This affects an unknown function of the file wp-content/themes/template_dp_dec2015/img. The manipulation with an unknown input...
Auteur: VulDB

SuSE Linux SMT up to 3.0.36 Sibling Server Host Header spoofing weak authentication

A vulnerability classified as critical has been found in SuSE Linux SMT up to 3.0.36. Affected is an unknown function of the component Sibling Server Handler. The manipulation as part of a Host Header leads to a weak authentication vulnerability...
Auteur: VulDB

SuSE Linux SMT up to 3.0.36 Blocking Element XML External Entity

A vulnerability was found in SuSE Linux SMT up to 3.0.36. It has been rated as critical. This issue affects an unknown function of the component Blocking Element Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SuSE Linux SMT up to 3.0.36 RegistrationSharing sql injection

A vulnerability was found in SuSE Linux SMT up to 3.0.36. It has been declared as critical. This vulnerability affects an unknown function of the component RegistrationSharing. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

Cisco Releases Security Updates

Original release date: October 03, 2018 Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

FTC Issues Alert on Recent Facebook Breach

Original release date: October 03, 2018 The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media...
Auteur: US Cert

Cisco Releases Security Updates for Multiple Products

Original release date: October 03, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

APTs Targeting IT Service Provider Customers

Original release date: October 03, 2018 The National Cybersecurity and Communications Integration Center (NCCIC) has received multiple reports of advanced persistent threat (APT) actors actively exploiting trust relationships in...
Auteur: US Cert

CERTFR-2018-AVI-467 : Multiples vulnérabilités dans Mozilla Firefox (03 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2018-AVI-466 : Multiples vulnérabilités dans le noyau Linux de SUSE (03 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un déni de service.
Auteur: Cert FR

Mozilla Releases Security Updates for Firefox

Original release date: October 02, 2018 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.NCCIC...
Auteur: US Cert

Naviwebs Navigate CMS 2.8 File Upload navigate_upload.php POST Request directory traversal

A vulnerability classified as critical was found in Naviwebs Navigate CMS 2.8. Affected by this vulnerability is an unknown function of the file navigate_upload.php of the component File Upload. The manipulation as part of a POST Request leads...
Auteur: VulDB

strongSwan up to 5.7.0 gmp Plugin Crafted Certificate memory corruption

A vulnerability was found in strongSwan up to 5.7.0. It has been rated as critical. This issue affects an unknown function of the component gmp Plugin. The manipulation as part of a Crafted Certificate leads to a memory corruption vulnerability....
Auteur: VulDB

OPAC EasyWeb Five 5.7 index.php biblio sql injection

A vulnerability was found in OPAC EasyWeb Five 5.7. It has been declared as critical. This vulnerability affects an unknown function of the file w2001/index.php?scelta=campi. The manipulation of the argument biblio as part of a Parameter leads...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.2.1 information disclosure

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 11.2.1. Affected is an unknown function. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.2.1 Merge Request Changes View Persistent cross site scripting

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 11.2.1. This issue affects an unknown function of the component Merge Request Changes View. The manipulation with an...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.2.1 Sidekiq Log information disclosure

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 11.2.1. This vulnerability affects an unknown function of the component Sidekiq Log. The manipulation with an unknown input leads to a...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 11.2.1 API Repository Storage privilege escalation

A vulnerability classified as critical has been found in GitLab Community Edition and Enterprise Edition up to 11.2.1. This affects an unknown function of the component API Repository Storage. The manipulation with an unknown input leads to a...
Auteur: VulDB

Delta Electronics ISPSoft up to 3.0.5 Stack-based memory corruption

A vulnerability was found in Delta Electronics ISPSoft up to 3.0.5. It has been rated as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Stack-based)....
Auteur: VulDB
First1986198719881989199019911992199319941995Last

Événements SSI