samedi 18 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SimpliSafe SS3 1.0-1.3 Keyboard weak authentication

A vulnerability was found in SimpliSafe SS3 1.0-1.3. It has been classified as problematic. Affected is an unknown part of the component Keyboard Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Centreon Infrastructure Monitoring Software up to 19.10 Perl cwrapper_perl privilege escalation

A vulnerability was found in Centreon Infrastructure Monitoring Software up to 19.10 and classified as critical. This issue affects some unknown functionality of the file cwrapper_perl of the component Perl Handler. There is no information about...
Auteur: VulDB

Siemens SINAMICS PERFECT HARMONY GH180 privilege escalation [CVE-2019-19278]

A vulnerability has been found in Siemens SINAMICS PERFECT HARMONY GH180 (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9. This affects an unknown function of the file net/core/flow_dissector.c of the component Flow Dissector. Upgrading to version 5.3.10 eliminates this...
Auteur: VulDB

Apache CXF Endpoint /services cross site scripting

A vulnerability, which was classified as problematic, has been found in Apache CXF (affected version not known). Affected by this issue is some unknown processing of the file /services of the component Endpoint Handler. There is no information...
Auteur: VulDB

Plantronics Hub up to 3.13 on Windows Client Application privilege escalation

A vulnerability classified as critical was found in Plantronics Hub up to 3.13 on Windows. Affected by this vulnerability is an unknown code block of the component Client Application. Upgrading to version 3.14 eliminates this vulnerability.
Auteur: VulDB

Nucleus NET V2017.02.2 DHCP Packet privilege escalation

A vulnerability classified as critical has been found in Nucleus NET, RTOS, ReadyStart for ARM, ReadyStart for MIPS, ReadyStart for PPC, SafetyCert, Source Code and VSTAR V2017.02.2. Affected is an unknown code. There is no information about...
Auteur: VulDB

Siemens SCALANCE X-200RNA/SCALANCE X-300 Web Configuration Interface GET Request privilege escalation

A vulnerability was found in Siemens SCALANCE X-200RNA and SCALANCE X-300 (unknown version). It has been rated as critical. This issue affects an unknown part of the component Web Configuration Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

GE PACSystems RX3i Packet denial of service [CVE-2019-13524]

A vulnerability was found in GE PACSystems RX3i (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality. Upgrading eliminates this vulnerability.
Auteur: VulDB

Apache CXF 3.3.5 OpenId Connect JWK Keys Service Key information disclosure

A vulnerability was found in Apache CXF 3.3.5 (Application Server Software). It has been classified as problematic. This affects an unknown functionality of the component OpenId Connect JWK Keys Service. There is no information about possible...
Auteur: VulDB

HPE Superdome Flex Server prior 3.20.206/3.20.186 privilege escalation

A vulnerability was found in HPE Superdome Flex Server and classified as critical. Affected by this issue is an unknown function. Upgrading to version 3.20.206 or 3.20.186 eliminates this vulnerability.
Auteur: VulDB

HPE enhanced Internet Usage Manager 8.3/9.0 cross site scripting

A vulnerability has been found in HPE enhanced Internet Usage Manager 8.3/9.0 and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading to version 9.0 FP02 PI5 eliminates this vulnerability. Applying the...
Auteur: VulDB

Siemens SINEMA Server V14.0 SP2 Session privilege escalation

A vulnerability, which was classified as critical, was found in Siemens SINEMA Server V14.0 SP2. Affected is an unknown code block of the component Session Handler. Applying the patch V14.0 SP2 Update 1 is able to eliminate this problem.
Auteur: VulDB

TIA Portal V14/V15.1/V16 Configuration File privilege escalation

A vulnerability, which was classified as critical, has been found in TIA Portal V14/V15.1/V16. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

CERTFR-2020-AVI-042 : Multiples vulnérabilités dans FoxIT Reader et PhantomPDF (16 janvier 2020)

De multiples vulnérabilités ont été découvertes dans FoxIT Reader et PhantomPDF. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à...
Auteur: Cert FR

Ultimate FAQ Plugin up to 1.8.29 on WordPress DisplayFAQs.php Display_FAQ cross site scripting

A vulnerability classified as problematic has been found in Ultimate FAQ Plugin up to 1.8.29 on WordPress (WordPress Plugin). This affects some unknown functionality of the file Shortcodes/DisplayFAQs.php. Upgrading to version 1.8.30 eliminates...
Auteur: VulDB

Cacti 1.2.8 data_sources.php header cross site scripting

A vulnerability was found in Cacti 1.2.8 (Log Management Software). It has been rated as problematic. Affected by this issue is an unknown functionality of the file data_sources.php. There is no information about possible countermeasures known....
Auteur: VulDB

hiredis up to 0.14.0 async.c Return Value denial of service

A vulnerability was found in hiredis up to 0.14.0. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file async.c. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Cacti 1.2.8 data_input.php Remote Code Execution [Disputed]

A vulnerability was found in Cacti 1.2.8 (Log Management Software). It has been classified as critical. Affected is some unknown processing of the file data_input.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Wireshark up to 3.0.7 BT ATT Dissector packet-btatt.c Opcode denial of service

A vulnerability was found in Wireshark up to 3.0.7 (Packet Analyzer Software) and classified as problematic. This issue affects an unknown code block of the file epan/dissectors/packet-btatt.c of the component BT ATT Dissector. Upgrading to...
Auteur: VulDB

Wireshark 3.2.0 WASSP Dissector packet-wassp.c Packet denial of service

A vulnerability has been found in Wireshark 3.2.0 (Packet Analyzer Software) and classified as problematic. This vulnerability affects an unknown code of the file epan/dissectors/packet-wassp.c of the component WASSP Dissector. Upgrading to...
Auteur: VulDB

VMware Tools on Windows privilege escalation [CVE-2020-3941]

A vulnerability, which was classified as critical, was found in VMware Tools on Windows (the affected version unknown). This affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Sounds Plugin up to 0.5 on Jenkins cross site request forgery

A vulnerability, which was classified as problematic, has been found in Sounds Plugin up to 0.5 on Jenkins (Jenkins Plugin). Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Sounds Plugin up to 0.5 on Jenkins Permission Check OS Command Injection privilege escalation

A vulnerability classified as critical was found in Sounds Plugin up to 0.5 on Jenkins. Affected by this vulnerability is an unknown functionality of the component Permission Check. There is no information about possible countermeasures known. It...
Auteur: VulDB

Gitlab Hook Plugin up to 1.4.2 on Jenkins build_now Endpoint Reflected cross site scripting

A vulnerability classified as problematic has been found in Gitlab Hook Plugin up to 1.4.2 on Jenkins. Affected is an unknown function of the component build_now Endpoint. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS