mercredi 13 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-558 : Multiples vulnérabilités dans les produits Citrix (13 novembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Hitachi Command Suite up to 7.x/8.6.4 information disclosure

A vulnerability was found in Hitachi Command Suite up to 7.x/8.6.4. It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 8.6.5-00 eliminates this vulnerability.
Auteur: VulDB

Huawei Smart Phone prior Harry-AL00C 9.1.0.206(C00E205R3P1) NULL Pointer Dereference denial of service

A vulnerability was found in Huawei Smart Phone (Smartphone Operating System). It has been classified as problematic. Affected is some unknown processing. Upgrading to version Harry-AL00C 9.1.0.206(C00E205R3P1) eliminates this vulnerability.
Auteur: VulDB

OpenStack Keystone Long Password Stack-based denial of service

A vulnerability was found in OpenStack Keystone (Cloud Software) (unknown version) and classified as problematic. This issue affects an unknown code block. Upgrading eliminates this vulnerability. A possible mitigation has been published before...
Auteur: VulDB

mwlib 0.13.0/0.13.1/0.13.2/0.13.3/0.13.4 denial of service [CVE-2012-1109]

A vulnerability has been found in mwlib 0.13.0/0.13.1/0.13.2/0.13.3/0.13.4 and classified as problematic. This vulnerability affects an unknown code. Upgrading eliminates this vulnerability.
Auteur: VulDB

atop Temp File Symlink privilege escalation

A vulnerability, which was classified as critical, was found in atop (the affected version unknown). This affects an unknown part of the component Temp File Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Google Chrome WebKit WebCore::CSSSelector memory corruption

A vulnerability, which was classified as critical, has been found in Google Chrome (Web Browser) (affected version not known). Affected by this issue is the function WebCore::CSSSelector of the component WebKit. Upgrading eliminates this...
Auteur: VulDB

Google Chrome WebKit Use-After-Free memory corruption

A vulnerability classified as critical was found in Google Chrome (Web Browser) (affected version unknown). Affected by this vulnerability is an unknown functionality of the component WebKit. Upgrading eliminates this vulnerability.
Auteur: VulDB

Google Chrome WebKit SVGSMILElement.h unknown vulnerability

A vulnerability classified as problematic has been found in Google Chrome (Web Browser) (version unknown). Affected is an unknown function of the file third_party/WebKit/Source/WebCore/svg/animation/SVGSMILElement.h of the component WebKit....
Auteur: VulDB

Google Chrome WebKit memory corruption [CVE-2011-1802]

A vulnerability was found in Google Chrome (Web Browser) (unknown version). It has been rated as critical. This issue affects some unknown processing of the component WebKit. Upgrading eliminates this vulnerability.
Auteur: VulDB

MySQL-GUI-tools up to 5.0r14+openSUSE-2.2 Process Password information disclosure

A vulnerability was found in MySQL-GUI-tools up to 5.0r14+openSUSE-2.2 (Database Software). It has been declared as problematic. This vulnerability affects an unknown part of the component Process Handler. Upgrading to version 5.0r14+openSUSE-2.3...
Auteur: VulDB

JBoss BRMS up to 5.0.x asset cross site scripting

A vulnerability was found in JBoss BRMS up to 5.0.x (Application Server Software). It has been classified as problematic. This affects some unknown functionality. Upgrading to version 5.1.0 eliminates this vulnerability.
Auteur: VulDB

Ettercap 0.7.3 ec_gtk_conf.c sscanf() memory corruption

A vulnerability was found in Ettercap 0.7.3 (Packet Analyzer Software) and classified as critical. Affected by this issue is the function sscanf() of the file src/interfaces/gtk/ec_gtk_conf.c. Upgrading eliminates this vulnerability. A possible...
Auteur: VulDB

babiloo 2.0.9/2.0.10 Dictionary File privilege escalation

A vulnerability has been found in babiloo 2.0.9/2.0.10 and classified as critical. Affected by this vulnerability is an unknown function of the component Dictionary File Handler. Upgrading to version 2.0.11 eliminates this vulnerability.
Auteur: VulDB

alien-arena 7.33 Download Invalid Parameter Crash denial of service

A vulnerability, which was classified as problematic, was found in alien-arena 7.33. Affected is some unknown processing of the component Download Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

libpoe-component-irc-perl up to 6.31 Line Feed Argument command injection

A vulnerability, which was classified as critical, has been found in libpoe-component-irc-perl up to 6.31 (Programming Language Software). This issue affects an unknown code block of the component Line Feed Handler. Upgrading to version 6.32...
Auteur: VulDB

gargoyle-free libgarglk.so LD_LIBRARY_PATH privilege escalation

A vulnerability classified as critical was found in gargoyle-free (the affected version is unknown). This vulnerability affects an unknown code of the file libgarglk.so. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Pixelpost 1.7.3 cross site request forgery [CVE-2010-3305]

A vulnerability classified as problematic has been found in Pixelpost 1.7.3. This affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

Ruby on Rails 2.3 Padding weak encryption

A vulnerability was found in Ruby on Rails 2.3 (Programming Language Software). It has been rated as critical. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Mailscanner 4.79.11-2 Configuration privilege escalation

A vulnerability was found in Mailscanner 4.79.11-2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Mailscanner up to 4.79.11-2.0 Incomplete Fix Symlink privilege escalation

A vulnerability was found in Mailscanner up to 4.79.11-2.0. It has been classified as problematic. Affected is an unknown function of the component Incomplete Fix. Upgrading to version 4.79.11-2.1 eliminates this vulnerability.
Auteur: VulDB

ZNC up to 0.091 Connection NULL Pointer Dereference denial of service

A vulnerability was found in ZNC up to 0.091 and classified as problematic. This issue affects some unknown processing of the component Connection Handler. Upgrading to version 0.092 eliminates this vulnerability.
Auteur: VulDB

Istio up to 1.3.4 denial of service [CVE-2019-18817]

A vulnerability has been found in Istio up to 1.3.4 and classified as problematic. This vulnerability affects an unknown code block. Upgrading to version 1.3.5 eliminates this vulnerability.
Auteur: VulDB

Helm up to 2.15.1 Chart privilege escalation

A vulnerability, which was classified as critical, was found in Helm up to 2.15.1. This affects an unknown code of the component Chart Handler. Upgrading to version 2.15.2 eliminates this vulnerability.
Auteur: VulDB

Mitel MiCollab/MiVoice Business Express Web Conference Chat Command privilege escalation

A vulnerability, which was classified as critical, has been found in Mitel MiCollab and MiVoice Business Express (affected version not known). Affected by this issue is an unknown part of the component Web Conference Chat. There is no information...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS