lundi 18 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

cPanel up to 76.0.7 PostgreSQL Password Change privilege escalation

A vulnerability was found in cPanel up to 76.0.7 (Hosting Control Software). It has been rated as critical. Affected by this issue is an unknown code of the component PostgreSQL Password Change Handler. The manipulation with an unknown input...
Auteur: VulDB

libopenmpt up to 0.3.10 MPTM File Crash denial of service

A vulnerability was found in libopenmpt up to 0.3.10. It has been declared as problematic. Affected by this vulnerability is an unknown part of the component MPTM File Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

libopenmpt up to 0.3.12 MED File Crash denial of service

A vulnerability was found in libopenmpt up to 0.3.12. It has been classified as problematic. Affected is some unknown functionality of the component MED File Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

edx-platform Chemical Equation cross site scripting [CVE-2018-20859]

A vulnerability was found in edx-platform (unknown version) and classified as problematic. This issue affects an unknown functionality of the component Chemical Equation Handler. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Linux Kernel up to 3.x/4.20 NFS NULL Pointer Dereference denial of service

A vulnerability has been found in Linux Kernel up to 3.x/4.20 (Operating System) and classified as problematic. This vulnerability affects an unknown function of the component NFS. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Open edX Installation Default Credentials weak authentication

A vulnerability, which was classified as critical, was found in Open edX (the affected version unknown). This affects some unknown processing of the component Installation. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

edx-platform Password Reset Open Redirect [CVE-2017-18380]

A vulnerability, which was classified as critical, has been found in edx-platform (affected version not known). Affected by this issue is an unknown code block of the component Password Reset. The manipulation with an unknown input leads to a...
Auteur: VulDB

FreeType up to 2.6.0 type1/t1parse.c T1_Get_Private_Dict memory corruption

A vulnerability classified as critical was found in FreeType up to 2.6.0 (Software Library). Affected by this vulnerability is the function T1_Get_Private_Dict of the file type1/t1parse.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

CISA Releases Advisory on Wind River VxWorks Platform

Original release date: July 30, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could...
Auteur: US Cert

Steps to Safeguard Against Ransomware Attacks

Original release date: July 30, 2019The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing & Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief...
Auteur: US Cert

FasterXML jackson-databind up to 2.9.9.1 Default Typing unknown vulnerability

A vulnerability classified as problematic has been found in FasterXML jackson-databind up to 2.9.9.1. Affected is an unknown part of the component Default Typing. The impact remains unknown. CVE summarizes:A Polymorphic Typing issue was...
Auteur: VulDB

CERTFR-2019-AVI-361 : Multiples vulnérabilités dans le noyau Linux de Red Hat (30 juillet 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une élévation de privilèges et un déni de service.

Auteur: Cert FR

WP Fastest Cache Plugin up to 0.8.9.0 on WordPress wpFastestCache.php Referer Header directory traversal

A vulnerability was found in WP Fastest Cache Plugin up to 0.8.9.0 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects the function wp_postratings_clear_fastest_cache/rm_folder_recursively of the file...
Auteur: VulDB

Amcrest IP2M-841B V2.520.AC00.18.R HTTP Endpoint /videotalk weak authentication

A vulnerability was found in Amcrest IP2M-841B V2.520.AC00.18.R. It has been declared as critical. This vulnerability affects an unknown functionality of the file /videotalk of the component HTTP Endpoint. The manipulation with an unknown input...
Auteur: VulDB

MatrixSSL up to 4.2.1 DTLS Server sslDecode.c parseSSLHandshake Fragment Length memory corruption

A vulnerability was found in MatrixSSL up to 4.2.1. It has been classified as critical. This affects the function parseSSLHandshake of the file sslDecode.c of the component DTLS Server. The manipulation as part of a Fragment Length leads to a...
Auteur: VulDB

Veritas Resiliency Platform up to 3.4 Application Bundle directory traversal

A vulnerability was found in Veritas Resiliency Platform up to 3.4 and classified as critical. Affected by this issue is some unknown processing of the component Application Bundle Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Veritas Resiliency Platform up to 3.4 DNS privilege escalation

A vulnerability has been found in Veritas Resiliency Platform up to 3.4 and classified as critical. Affected by this vulnerability is an unknown code block of the component DNS Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Veritas Resiliency Platform up to 3.4 Resiliency Plan privilege escalation

A vulnerability, which was classified as critical, was found in Veritas Resiliency Platform up to 3.4. Affected is an unknown code of the component Resiliency Plan Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Veritas Resiliency Platform up to 3.4 Resiliency Plan cross site scripting

A vulnerability, which was classified as problematic, has been found in Veritas Resiliency Platform up to 3.4. This issue affects an unknown part of the component Resiliency Plan Handler. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

FasterXML jackson-databind up to 2.9.9.1 SubTypeValidator.java Remote Code Execution

A vulnerability classified as critical was found in FasterXML jackson-databind up to 2.9.9.1. This vulnerability affects some unknown functionality of the file SubTypeValidator.java. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Docker 19.03.0 GNU C Library Code Injection privilege escalation

A vulnerability classified as critical has been found in Docker 19.03.0. This affects an unknown functionality of the component GNU C Library. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Injection)....
Auteur: VulDB

PDFResurrect 0.15 PDF File memory corruption

A vulnerability was found in PDFResurrect 0.15. It has been rated as critical. Affected by this issue is an unknown function. The manipulation as part of a PDF File leads to a memory corruption vulnerability. Using CWE to declare the problem...
Auteur: VulDB

Imgix up to 2019-06-19 Image JPEG File denial of service

A vulnerability was found in Imgix up to 2019-06-19. It has been declared as problematic. Affected by this vulnerability is some unknown processing of the component Image Handler. The manipulation as part of a JPEG File leads to a denial of...
Auteur: VulDB

Vsourz Digital Advanced CF7 DB Plugin up to 1.6.1 on WordPress sql injection

A vulnerability was found in Vsourz Digital Advanced CF7 DB Plugin up to 1.6.1 on WordPress. It has been classified as critical. Affected is an unknown code block. The manipulation with an unknown input leads to a sql injection vulnerability....
Auteur: VulDB

One Identity Cloud Access Manager 8.1.3 HSTS weak encryption

A vulnerability was found in One Identity Cloud Access Manager 8.1.3 and classified as critical. This issue affects an unknown code of the component Access Manager. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB
First264265266267268269270271272273Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS