mardi 11 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2018-AVI-588 : Multiples vulnérabilités dans PHP (07 décembre 2018)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.

Auteur: Cert FR

Xiaomi Mi A2 Lite/RedMi6 Pro Goodix GT9xx Touchscreen Driver gt9xx.c gtp_read_Color denial of service

A vulnerability was found in Xiaomi Mi A2 Lite and RedMi6 Pro (unknown version) and classified as problematic. This issue affects the function gtp_read_Color of the file drivers/input/touchscreen/gt917d/gt9xx.c of the component Goodix GT9xx...
Auteur: VulDB

GNU binutils up to 2.31 libbfd elf.c File Descriptor memory corruption

A vulnerability, which was classified as critical, was found in GNU binutils up to 2.31. This affects an unknown function of the file elf.c of the component libbfd. The manipulation as part of a File Descriptor leads to a memory corruption...
Auteur: VulDB

GNU binutils up to 2.31 libbfd elfcode.h bfd_elf32_swap_phdr_in memory corruption

A vulnerability, which was classified as critical, has been found in GNU binutils up to 2.31. Affected by this issue is the function bfd_elf32_swap_phdr_in of the file elfcode.h of the component libbfd. The manipulation with an unknown input...
Auteur: VulDB

PHP up to 5.x/7.2.x ext/imap/php_imap.c imap_mail message denial of service

A vulnerability has been found in PHP up to 5.x/7.2.x and classified as problematic. This vulnerability affects the function imap_mail of the file ext/imap/php_imap.c. The manipulation of the argument message as part of a NULL Pointer...
Auteur: VulDB

Philips HealthSuite Health App on Android weak encryption [CVE-2018-19001]

A vulnerability classified as critical has been found in Philips HealthSuite Health App on Android (version unknown). Affected is an unknown function. The manipulation with an unknown input leads to a weak encryption vulnerability. CWE is...
Auteur: VulDB

IBM Connections 5.0/5.5/6.0 Host Header Injection privilege escalation

A vulnerability was found in IBM Connections 5.0/5.5/6.0. It has been rated as critical. This issue affects an unknown function of the component Host Header Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IBM MQ 9.0.2/9.0.3/9.0.4/9.0.5/9.1.0.0 Console REST API denial of service

A vulnerability was found in IBM MQ 9.0.2/9.0.3/9.0.4/9.0.5/9.1.0.0. It has been declared as problematic. This vulnerability affects an unknown function of the component Console REST API. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

Foreman up to 1.18.2/1.19.0 cross site scripting [CVE-2018-16861]

A vulnerability was found in Foreman up to 1.18.2/1.19.0 and classified as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the...
Auteur: VulDB

GE Proficy Cimplicity GDS 9.0 R2/9.5/10.0 XML Data XML External Entity

A vulnerability, which was classified as critical, was found in GE Proficy Cimplicity GDS 9.0 R2/9.5/10.0. Affected is an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Google Android WLAN memory corruption [CVE-2018-11905]

A vulnerability classified as critical was found in Google Android (the affected version is unknown). This vulnerability affects an unknown function of the component WLAN. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

LibRaw up to 0.18.5 dcraw_common.cpp xtrans_interpolate() denial of service

A vulnerability classified as problematic has been found in LibRaw up to 0.18.5. This affects the function LibRaw::xtrans_interpolate() of the file internal/dcraw_common.cpp. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

LibRaw up to 0.18.5 dcraw_common.cpp panasonic_load_raw() TIFF Image memory corruption

A vulnerability was found in LibRaw up to 0.18.5. It has been rated as critical. Affected by this issue is the function LibRaw::panasonic_load_raw() of the file dcraw_common.cpp. The manipulation as part of a TIFF Image leads to a memory...
Auteur: VulDB

Google Android 802.11 Frame Loop denial of service

A vulnerability was found in Google Android (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component 802.11 Frame Handler. The manipulation with an unknown input...
Auteur: VulDB

Google Android Host Driver Variable Heap-based memory corruption

A vulnerability was found in Google Android (version unknown). It has been classified as critical. Affected is an unknown function of the component Host Driver. The manipulation as part of a Variable leads to a memory corruption vulnerability...
Auteur: VulDB

OnionShare up to 1.3.1 web/web.py debug_mode privilege escalation

A vulnerability, which was classified as critical, has been found in OnionShare up to 1.3.1. Affected by this issue is the function debug_mode of the file web/web.py. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IBM Marketing Platform 9.1.0/9.1.2/10.1 XML Data XML External Entity

A vulnerability classified as critical was found in IBM Marketing Platform 9.1.0/9.1.2/10.1. Affected by this vulnerability is an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Rockwell MicroLogix 1400 Controller CIP Connection Request IP Address privilege escalation

A vulnerability was found in Rockwell MicroLogix 1400 Controller and 1756 ControlLogix Communications Module (the affected version unknown). It has been classified as critical. This affects an unknown function of the component CIP Connection...
Auteur: VulDB

IBM DataPower Gateways 7.5/7.5.1/7.5.2/7.6/2018.4 HSTS weak encryption

A vulnerability has been found in IBM DataPower Gateways 7.5/7.5.1/7.5.2/7.6/2018.4 and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

IBM Marketing Platform 9.1.0/9.1.2/10.1 XML Data XML External Entity

A vulnerability, which was classified as critical, has been found in IBM Marketing Platform 9.1.0/9.1.2/10.1. This issue affects an unknown function of the component XML Data Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Google Android 9.0 ixheaacd_adts_crc_check.c ixheaacd_adts_crc_start_reg memory corruption

A vulnerability was found in Google Android 9.0. It has been rated as critical. Affected by this issue is the function ixheaacd_adts_crc_start_reg of the file ixheaacd_adts_crc_check.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Google Android 9.0 impd_drc_static_payload.c impd_parametric_drc_parse_gain_set_params memory corruption

A vulnerability was found in Google Android 9.0. It has been declared as critical. Affected by this vulnerability is the function impd_parametric_drc_parse_gain_set_params of the file impd_drc_static_payload.c. The manipulation with an unknown...
Auteur: VulDB

Google Android 9.0 impd_drc_static_payload.c impd_parse_parametric_drc_instructions memory corruption

A vulnerability was found in Google Android 9.0. It has been classified as critical. Affected is the function impd_parse_parametric_drc_instructions of the file impd_drc_static_payload.c. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Google Android 9.0 impd_drc_static_payload.c impd_parse_dwnmix_instructions memory corruption

A vulnerability was found in Google Android 9.0 and classified as critical. This issue affects the function impd_parse_dwnmix_instructions of the file impd_drc_static_payload.c. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Google Android 9.0 impd_drc_static_payload.c impd_parse_split_drc_characteristic memory corruption

A vulnerability has been found in Google Android 9.0 and classified as critical. This vulnerability affects the function impd_parse_split_drc_characteristic of the file impd_drc_static_payload.c. The manipulation with an unknown input leads to a...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS