dimanche 17 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Adobe Bridge CC up to 9.1 memory corruption [CVE-2019-8239]

A vulnerability was found in Adobe Bridge CC up to 9.1. It has been classified as critical. Affected is an unknown part. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Illustrator CC up to 23.1 Library Loader privilege escalation

A vulnerability was found in Adobe Illustrator CC up to 23.1 and classified as critical. This issue affects some unknown functionality of the component Library Loader. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Adobe Animate CC up to 19.2.1 Library Loader privilege escalation

A vulnerability has been found in Adobe Animate CC up to 19.2.1 and classified as critical. This vulnerability affects an unknown functionality of the component Library Loader. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 API weak authentication

A vulnerability, which was classified as critical, was found in Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656. This affects an unknown function of the component API. There is no information about possible countermeasures known....
Auteur: VulDB

rack-cors Gem up to 1.0.3 on Ruby directory traversal [CVE-2019-18978]

A vulnerability, which was classified as critical, has been found in rack-cors Gem up to 1.0.3 on Ruby. Affected by this issue is some unknown processing. Upgrading to version 1.0.4 eliminates this vulnerability.
Auteur: VulDB

MicroStrategy up to 11.1.2 Library Reflected cross site scripting

A vulnerability classified as problematic was found in MicroStrategy up to 11.1.2. Affected by this vulnerability is an unknown code block of the component Library. Upgrading to version 11.1.3 eliminates this vulnerability.
Auteur: VulDB

SnowHaze up to 2.6.5 cross site scripting [CVE-2019-18949]

A vulnerability classified as problematic has been found in SnowHaze up to 2.6.5. Affected is an unknown code. Upgrading to version 2.6.6 eliminates this vulnerability.
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface exec.cgi HTTP POST Request Remote Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (unknown version). It has been rated as critical. This issue affects an unknown part of the file exec.cgi of the component Web Interface. There is no information about possible...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface save.cgi Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version is unknown). It has been declared as critical. This vulnerability affects some unknown functionality of the file save.cgi of the component Web Interface....
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface exec.cgi HTTP POST Request Code Execution

A vulnerability was found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version unknown). It has been classified as critical. This affects an unknown functionality of the file exec.cgi of the component Web Interface. There is no...
Auteur: VulDB

Scanguard up to 2019-11-12 on Windows privilege escalation [CVE-2019-18895]

A vulnerability was found in Scanguard up to 2019-11-12 on Windows and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Linux Kernel up to 5.0 fs/btrfs/volumes.c denial of service

A vulnerability has been found in Linux Kernel up to 5.0 (Operating System) and classified as problematic. Affected by this vulnerability is some unknown processing of the file fs/btrfs/volumes.c. Upgrading to version 5.1 eliminates this...
Auteur: VulDB

3xLogic Infinias Access Control up to 6.6.9586.0 cross site request forgery

A vulnerability, which was classified as problematic, was found in 3xLogic Infinias Access Control up to 6.6.9586.0. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Untangle NG Firewall 14.2.0 Report Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Untangle NG Firewall 14.2.0 (Firewall Software). This issue affects an unknown code of the component Report Handler. There is no information about possible countermeasures...
Auteur: VulDB

Untangle NG Firewall 14.2.0 Reflected cross site scripting

A vulnerability classified as problematic was found in Untangle NG Firewall 14.2.0 (Firewall Software). This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Untangle NG Firewall 14.2.0 command injection [CVE-2019-18647]

A vulnerability classified as critical has been found in Untangle NG Firewall 14.2.0. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with...
Auteur: VulDB

Intel fTPM 2.0 information disclosure [CVE-2019-11090]

A vulnerability was found in Intel fTPM 2.0. It has been classified as problematic. This affects an unknown code block. Applying a patch is able to eliminate this problem. The bugfix is ready for download at heise.de.
Auteur: VulDB

Espressif ESP32 Secure Boot information disclosure [CVE-2019-17391]

A vulnerability was found in Espressif ESP32 (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Secure Boot. There is no information about possible...
Auteur: VulDB

STMicroelectronics ST33TPHF2ESPI TPM Private Key TPM-Fail information disclosure

A vulnerability was found in STMicroelectronics ST33TPHF2ESPI TPM (version unknown). It has been classified as problematic. Affected is some unknown processing of the component Private Key. Upgrading eliminates this vulnerability. A possible...
Auteur: VulDB

Blade Shadow 2.13.3 Network Protocol UDP Packet Code Injection privilege escalation

A vulnerability was found in Blade Shadow 2.13.3 and classified as critical. This issue affects an unknown code block of the component Network Protocol Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Within Authenticate 14.2.0 Firewall timeDataDynamicColumn sql injection

A vulnerability was found in Within Authenticate 14.2.0. It has been rated as critical. Affected by this issue is an unknown functionality of the component Firewall. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ZyXEL GS1900 Password Recovery privilege escalation [CVE-2019-15804]

A vulnerability has been found in ZyXEL GS1900 (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code of the component Password Recovery. There is no information about possible countermeasures...
Auteur: VulDB

ZyXEL GS1900 prior 2.50(AAHH.0)C0 libfds.so fds_sys_passDebugPasswd_ret() Parameter privilege escalation

A vulnerability, which was classified as critical, was found in ZyXEL GS1900. This affects the function fds_sys_passDebugPasswd_ret() of the file libfds.so. Upgrading to version 2.50(AAHH.0)C0 eliminates this vulnerability.
Auteur: VulDB

ZyXEL GS1900 prior 2.50(AAHH.0)C0 Configuration Backup libsal.so.0.0 sal_util_str_encrypt() weak encryption

A vulnerability, which was classified as critical, has been found in ZyXEL GS1900. Affected by this issue is the function sal_util_str_encrypt() of the file libsal.so.0.0 of the component Configuration Backup. Upgrading to version 2.50(AAHH.0)C0...
Auteur: VulDB

ZyXEL GS1900 prior 2.50(AAHH.0)C0 libfds.so.0.0 fds_sys_passDebugPasswd_ret() weak encryption

A vulnerability classified as critical was found in ZyXEL GS1900. Affected by this vulnerability is the function fds_sys_passDebugPasswd_ret() of the file libfds.so.0.0. Upgrading to version 2.50(AAHH.0)C0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS