jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Micro Focus Self Service Password Reset up to 4.4.0.3 Certificate Validation Invalid Cert Man-in-the-Middle weak authentication

A vulnerability, which was classified as critical, has been found in Micro Focus Self Service Password Reset up to 4.4.0.3. This issue affects an unknown function of the component Certificate Validation Handler. Upgrading to version 4.4.0.4...
Auteur: VulDB

Apache Traffic Server up to 7.1.7/8.0.3 HTTP2 Flooding denial of service

A vulnerability classified as problematic was found in Apache Traffic Server up to 7.1.7/8.0.3. This vulnerability affects some unknown processing of the component HTTP2 Handler. Upgrading to version 7.1.7 or 8.0.4 eliminates this vulnerability.
Auteur: VulDB

AVM Fritz!Box 7490 6.80/6.83 PPPoE Packet Padding information disclosure

A vulnerability classified as problematic has been found in AVM Fritz!Box 7490 6.80/6.83 (Router Operating System). This affects an unknown code block of the component PPPoE Packet Padding Handler. There is no information about possible...
Auteur: VulDB

IBM DB2 High Performance Unload 6.1/6.5 memory corruption [CVE-2019-4523]

A vulnerability was found in IBM DB2 High Performance Unload 6.1/6.5. It has been rated as critical. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

nipper-ng 0.11.10 Firewall Configuration IOS/process-general.c processPrivilage() memory corruption

A vulnerability was found in nipper-ng 0.11.10. It has been declared as critical. This vulnerability affects the function processPrivilage() of the file IOS/process-general.c of the component Firewall Configuration Handler. There is no...
Auteur: VulDB

Stephan Mooltipass Moolticute up to 0.42.1 Access Control privilege escalation

A vulnerability was found in Stephan Mooltipass Moolticute up to 0.42.1. It has been classified as critical. This affects an unknown code of the component Access Control. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GNU Libidn2 up to 2.1.x Roudtrip Check Unicode Character spoofing

A vulnerability was found in GNU Libidn2 up to 2.1.x and classified as critical. Affected by this issue is an unknown part of the component Roudtrip Check Handler. Upgrading to version 2.2.0 eliminates this vulnerability.
Auteur: VulDB

Sangoma Session Border Controller 2.3.23-119 GA Web Interface Webconfig.inc.php username weak authentication

A vulnerability has been found in Sangoma Session Border Controller 2.3.23-119 and classified as critical. Affected by this vulnerability is some unknown functionality of the file /var/webconfig/gui/Webconfig.inc.php of the component GA Web...
Auteur: VulDB

Sangoma Session Border Controller 2.3.23-119 GA Web Interface Webconfig.inc.php username command injection

A vulnerability, which was classified as critical, was found in Sangoma Session Border Controller 2.3.23-119. Affected is an unknown functionality of the file /var/webconfig/gui/Webconfig.inc.php of the component GA Web Interface. There is no...
Auteur: VulDB

FTC Promotes International Charity Fraud Awareness Week

Original release date: October 22, 2019The Federal Trade Commission (FTC) has released an article promoting International Charity Fraud Awareness Week (ICFAW), which runs October 21–25. FTC, the National Association of State Charities Officials,...
Auteur: US Cert

CERTFR-2019-AVI-528 : Vulnérabilité dans le noyau Linux de Red Hat (22 octobre 2019)

Une vulnérabilité a été découverte dans le noyau Linux de Red Hat. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-527 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (22 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la...
Auteur: Cert FR

CERTFR-2019-AVI-526 : Multiples vulnérabilités dans les produits Foxit (22 octobre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Foxit. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service.

Auteur: Cert FR

Sitemagic CMS 4.4.1 cross site request forgery [CVE-2019-18220]

A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown code. Upgrading to version 4.4.2 eliminates this vulnerability.
Auteur: VulDB

Sitemagic CMS 4.4.1 /sitemagic/index.php cross site request forgery

A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been declared as problematic. Affected by this vulnerability is an unknown part of the file /sitemagic/index.php. Upgrading to version 4.4.2 eliminates this...
Auteur: VulDB

Sitemagic CMS 4.4.1 /sitemagic/upgrade.php cross site scripting

A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been classified as problematic. This affects an unknown functionality of the file /sitemagic/upgrade.php. Upgrading to version 4.4.2 eliminates this...
Auteur: VulDB

Trend Micro Anti-Threat Toolkit up to 1.62.0.1218 Remote Code Execution

A vulnerability was found in Trend Micro Anti-Threat Toolkit up to 1.62.0.1218. It has been classified as critical. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Citrix Application Delivery Controller/Gateway up to 10.5/11.1/12.0/12.1 Management Interface weak authentication

A vulnerability has been found in Citrix Application Delivery Controller and Gateway up to 10.5/11.1/12.0/12.1 (Connectivity Software) and classified as critical. This vulnerability affects an unknown function of the component Management...
Auteur: VulDB

Ricoh MP 501 adrsSetUserWizard.cgi entryNameIn/KeyDisplay cross site scripting

A vulnerability, which was classified as problematic, was found in Ricoh MP 501 (the affected version unknown). This affects some unknown processing of the file /web/entry/en/address/adrsSetUserWizard.cgi. There is no information about possible...
Auteur: VulDB

Libssh2 up to 1.9.0 packet.c memory corruption

A vulnerability, which was classified as critical, has been found in Libssh2 up to 1.9.0. Affected by this issue is an unknown code block of the file packet.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

unoconv Package up to 0.8 Server-Side Request Forgery [CVE-2019-17400]

A vulnerability classified as critical was found in unoconv Package up to 0.8. Affected by this vulnerability is an unknown code. Upgrading to version 0.9 eliminates this vulnerability.
Auteur: VulDB

Rocket.Chat up to 2.0.x cross site scripting

A vulnerability classified as problematic has been found in Rocket.Chat up to 2.0.x. Affected is an unknown part of the file Rocket.Chat. Upgrading to version 2.1.0 eliminates this vulnerability.
Auteur: VulDB

FusionPBX up to 4.5.7 contact_times.php id cross site scripting

A vulnerability was found in FusionPBX up to 4.5.7. It has been rated as problematic. This issue affects some unknown functionality of the file app\contacts\contact_times.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

FusionPBX up to 4.5.7 sip_status.php savemsg cross site scripting

A vulnerability was found in FusionPBX up to 4.5.7. It has been declared as problematic. This vulnerability affects an unknown functionality of the file app\sip_status\sip_status.php. There is no information about possible countermeasures known....
Auteur: VulDB

FusionPBX up to 4.5.7 conference_control_details.php id cross site scripting

A vulnerability was found in FusionPBX up to 4.5.7 and classified as problematic. Affected by this issue is some unknown processing of the file app\conference_controls\conference_control_details.php. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS