vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Five9 Agent Desktop Plus 10.0.70 Access Control denial of service

A vulnerability has been found in Five9 Agent Desktop Plus 10.0.70 and classified as problematic. This vulnerability affects a functionality of the component Access Control. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

YSoft SafeQ Server 6 Replay weak authentication

A vulnerability, which was classified as critical, was found in YSoft SafeQ Server 6. This affects a function. The manipulation with an unknown input leads to a weak authentication vulnerability (Replay). CWE is classifying the issue as CWE-287....
Auteur: VulDB

Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 bcmdhd4358 Wi-Fi Driver prot_get_ring_space memory corruption

A vulnerability, which was classified as very critical, has been found in Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 (Smartphone Operating System). Affected by this issue is the function prot_get_ring_space of the component bcmdhd4358 Wi-Fi Driver....
Auteur: VulDB

Ban List Plugin 1.0 on MyBB bans.php cross site scripting

A vulnerability classified as problematic was found in Ban List Plugin 1.0 on MyBB. Affected by this vulnerability is the functionality of the file bans.php of the component Ban Handler. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

Trash Bin Plugin 1.1.3 on MyBB Thread Subject cross site request forgery

A vulnerability classified as problematic has been found in Trash Bin Plugin 1.1.3 on MyBB. Affected is an unknown function of the component Thread Subject Handler. The manipulation with an unknown input leads to a cross site request forgery...
Auteur: VulDB

DNN 9.1.1 XML cross site scripting

A vulnerability was found in DNN 9.1.1. It has been rated as problematic. This issue affects some processing of the component XML Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare...
Auteur: VulDB

Siemens SICAM A8000 CP-8050 Web Server Network Packet denial of service

A vulnerability was found in Siemens SICAM A8000 CP-8000, SICAM A8000 CP-802X and SICAM A8000 CP-8050. It has been declared as problematic. This vulnerability affects a code block of the component Web Server. The manipulation as part of a...
Auteur: VulDB

OX App Suite up to 7.8.4 cross site scripting [CVE-2018-13104]

A vulnerability was found in OX App Suite up to 7.8.4. It has been classified as problematic. This affects code. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is classifying the issue as CWE-80. This...
Auteur: VulDB

OX App Suite up to 7.8.4 Server-Side Request Forgery [CVE-2018-13103]

A vulnerability was found in OX App Suite up to 7.8.4 and classified as critical. Affected by this issue is a part. The manipulation with an unknown input leads to a privilege escalation vulnerability (SSRF). Using CWE to declare the problem...
Auteur: VulDB

BOSE Soundtouch App 18.1.4 on iOS cross site scripting [CVE-2018-12638]

A vulnerability has been found in BOSE Soundtouch App 18.1.4 on iOS and classified as problematic. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

Avast Free Antivirus up to 19.1 AvastUI.exe information disclosure

A vulnerability, which was classified as problematic, was found in Avast Free Antivirus up to 19.1 (Anti-Malware Software). Affected is a function of the file AvastUI.exe. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

FasterXML jackson-databind up to 2.7.9.3/2.8.11.1/2.9.5 Default Typing privilege escalation

A vulnerability, which was classified as critical, has been found in FasterXML jackson-databind up to 2.7.9.3/2.8.11.1/2.9.5. This issue affects some functionality of the component Default Typing. The manipulation with an unknown input leads to...
Auteur: VulDB

heron-ui path privilege escalation

A vulnerability classified as critical was found in heron-ui. This vulnerability affects the functionality. The manipulation of the argument path with the input value ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd leads to a privilege escalation...
Auteur: VulDB

Apache Hadoop up to 2.7.6 privilege escalation [CVE-2018-11767]

A vulnerability classified as critical has been found in Apache Hadoop up to 2.7.6 (Network Management Software). This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

Puppet Discovery up to 1.3.x Nginx Container weak authentication

A vulnerability was found in Puppet Discovery up to 1.3.x (Service Management Software). It has been rated as critical. Affected by this issue is some processing of the component Nginx Container. The manipulation with an unknown input leads to a...
Auteur: VulDB

Drupal Releases Security Updates

Original release date: March 20, 2019 Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and...
Auteur: US Cert

Cisco Releases Security Advisories for Multiple Products

Original release date: March 20, 2019 Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

CERTFR-2019-AVI-118 : Multiples vulnérabilités dans Mozilla Firefox (20 mars 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de service.

Auteur: Cert FR

CERTFR-2019-AVI-117 : Multiples vulnérabilités dans le noyau Linux de SUSE (20 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service à distance, un déni de service et un contournement de la politique de sécurité.

Auteur: Cert FR

Mozilla Releases Security Updates for Firefox

Original release date: March 19, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The...
Auteur: US Cert

Microsoft Ending Support for Windows 7

Original release date: March 19, 2019 All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this...
Auteur: US Cert

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation...
Auteur: US Cert

CERTFR-2019-AVI-116 : Multiples vulnérabilités dans Moodle (19 mars 2019)

De multiples vulnérabilités ont été découvertes dans Moodle. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2019-ACT-004 : Bulletin d’actualité CERTFR-2019-ACT-004 (18 mars 2019)

Le 12 mars 2019, Microsoft a publié ses mises à jour mensuelles de sécurité corrigeant ainsi soixante-cinq vulnérabilités. Parmi celles-ci, dix-huit …
Auteur: Cert FR

CERTFR-2019-AVI-115 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (18 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Auteur: Cert FR
12345678910Last

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS