lundi 18 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

invenio-records up to 1.2.1 cross site scripting [CVE-2019-1020003]

A vulnerability was found in invenio-records up to 1.2.1 and classified as problematic. Affected by this issue is an unknown code block. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare...
Auteur: VulDB

Pterodactyl up to 0.7.13 2FA weak encryption

A vulnerability has been found in Pterodactyl up to 0.7.13 and classified as critical. Affected by this vulnerability is an unknown code of the component 2FA. The manipulation with an unknown input leads to a weak encryption vulnerability. The...
Auteur: VulDB

YARD up to 0.9.19 directory traversal [CVE-2019-1020001]

A vulnerability, which was classified as critical, was found in YARD up to 0.9.19. Affected is an unknown part. The manipulation with an unknown input leads to a directory traversal vulnerability. CWE is classifying the issue as CWE-22. This is...
Auteur: VulDB

Planon prior Live Build 41 cross site scripting [CVE-2018-18570]

A vulnerability, which was classified as problematic, has been found in Planon. This issue affects some unknown functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem...
Auteur: VulDB

PrinterOn Central Print Services up to 4.1.4 guest/pseudo-guest weak authentication

A vulnerability classified as critical was found in PrinterOn Central Print Services up to 4.1.4 (Printing Software). This vulnerability affects an unknown functionality of the file guest/pseudo-guest. The manipulation with an unknown input...
Auteur: VulDB

PrinterOn Central Print Services up to 4.1.4 HTTP GET Request information disclosure

A vulnerability classified as problematic has been found in PrinterOn Central Print Services up to 4.1.4 (Printing Software). This affects an unknown function. The manipulation as part of a HTTP GET Request leads to a information disclosure...
Auteur: VulDB

Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection

A vulnerability was found in Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5. It has been rated as critical. Affected by this issue is some unknown processing of the component VM Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation

A vulnerability was found in Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Block Handler. The manipulation as part of a Argument leads to a...
Auteur: VulDB

Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection

A vulnerability was found in Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5. It has been classified as critical. Affected is an unknown code of the component Cookie Handler. The manipulation with an unknown input leads to a sql injection...
Auteur: VulDB

edx-platform cross site request forgery [CVE-2016-10766]

A vulnerability was found in edx-platform (unknown version) and classified as problematic. This issue affects an unknown part. The manipulation with an unknown input leads to a cross site request forgery vulnerability. Using CWE to declare the...
Auteur: VulDB

edx-platform Account Activation spoofing weak authentication

A vulnerability has been found in edx-platform (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component Account Activation Handler. The manipulation with an unknown...
Auteur: VulDB

Unity Web Player Plugin up to 4.6.6f1/5.0.3f1 privilege escalation

A vulnerability, which was classified as critical, was found in Unity Web Player Plugin up to 4.6.6f1/5.0.3f1. This affects an unknown functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

edx-platform Team Name cross site scripting [CVE-2015-6960]

A vulnerability, which was classified as problematic, has been found in edx-platform (affected version not known). Affected by this issue is an unknown function of the component Team Name Handler. The manipulation with an unknown input leads to...
Auteur: VulDB

edx-platform Studio Listing cross site scripting [CVE-2015-6253]

A vulnerability classified as problematic was found in edx-platform (affected version unknown). Affected by this vulnerability is some unknown processing of the component Studio Listing. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

edx-platform .tar.gz File Code Execution [CVE-2015-5601]

A vulnerability classified as critical has been found in edx-platform (version unknown). Affected is an unknown code block of the component .tar.gz File Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

libslirp 4.0.0 Fragment ip_input.c ip_reass Large Packet memory corruption

A vulnerability was found in libslirp 4.0.0. It has been rated as critical. This issue affects the function ip_reass of the file ip_input.c of the component Fragment Handler. The manipulation as part of a Large Packet leads to a memory...
Auteur: VulDB

Free Lossless Image Format 0.3 LibPNG image/image-png.cpp flif File memory corruption

A vulnerability was found in Free Lossless Image Format 0.3. It has been declared as critical. This vulnerability affects an unknown part of the file image/image-png.cpp of the component LibPNG. The manipulation as part of a flif File leads to a...
Auteur: VulDB

libav 12.3 wvdec.c wv_read_block_header() denial of service

A vulnerability was found in libav 12.3 (Multimedia Player Software). It has been classified as problematic. This affects the function wv_read_block_header() of the file wvdec.c. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

libav 12.3 libavformat/mov.c mov_probe directory traversal

A vulnerability was found in libav 12.3 (Multimedia Player Software) and classified as critical. Affected by this issue is the function mov_probe of the file libavformat/mov.c. The manipulation with an unknown input leads to a directory...
Auteur: VulDB

Exiv2 0.27.99.0 mrwimage.cpp readMetadata() denial of service

A vulnerability has been found in Exiv2 0.27.99.0 (Image Processing Software) and classified as problematic. Affected by this vulnerability is the function Exiv2::MrwImage::readMetadata() of the file mrwimage.cpp. The manipulation with an...
Auteur: VulDB

Exiv2 0.27.99.0 pngimage.cpp readMetadata() Image File memory corruption

A vulnerability, which was classified as critical, was found in Exiv2 0.27.99.0 (Image Processing Software). Affected is the function Exiv2::PngImage::readMetadata() of the file pngimage.cpp. The manipulation as part of a Image File leads to a...
Auteur: VulDB

Exiv2 0.27.99.0 rafimage.cpp readMetadata() memory corruption

A vulnerability, which was classified as critical, has been found in Exiv2 0.27.99.0 (Image Processing Software). This issue affects the function Exiv2::RafImage::readMetadata() of the file rafimage.cpp. The manipulation with an unknown input...
Auteur: VulDB

Email Subscribers & Newsletters Plugin up to 4.1.6 on WordPress Subscription wp-admin/admin-ajax.php esfpx_name cross site scripting

A vulnerability classified as problematic was found in Email Subscribers & Newsletters Plugin up to 4.1.6 on WordPress (WordPress Plugin). This vulnerability affects an unknown code of the file wp-admin/admin-ajax.php of the component...
Auteur: VulDB

Netgear WNDR3400v3 1.0.1.18_1.0.63 upnpd UPnP SSDP Packet Stack-based memory corruption

A vulnerability classified as critical has been found in Netgear WNDR3400v3 1.0.1.18_1.0.63. This affects an unknown part of the component upnpd. The manipulation as part of a UPnP SSDP Packet leads to a memory corruption vulnerability...
Auteur: VulDB

Openbravo ERP up to 3.0PR19Q1.2 getAttachmentDirectoryForNewAttachment inpKey directory traversal

A vulnerability was found in Openbravo ERP up to 3.0PR19Q1.2 (Enterprise Resource Planning Software). It has been rated as critical. Affected by this issue is the function getAttachmentDirectoryForNewAttachment. The manipulation of the argument...
Auteur: VulDB
First266267268269270271272273274275Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS