vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-114 : Multiples vulnérabilités dans le noyau Linux de SUSE (18 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-113 : Multiples vulnérabilités dans les produits VMware (18 mars 2019)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Lenovo Dynamic Power Reduction Utility up to 2.2.1.x Unquoted Search Path privilege escalation

A vulnerability was found in Lenovo Dynamic Power Reduction Utility up to 2.2.1.x. It has been declared as critical. This vulnerability affects a code block of the component Unquoted Search Path. The manipulation with an unknown input leads to a...
Auteur: VulDB

Five9 Agent Desktop Plus 10.0.70 Access Control privilege escalation

A vulnerability was found in Five9 Agent Desktop Plus 10.0.70 and classified as critical. Affected by this issue is a part of the component Access Control. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

abine Blur 7.24 on MacOS Context Menu Credentials information disclosure

A vulnerability classified as problematic was found in abine Blur 7.24 on MacOS. Affected by this vulnerability is the functionality of the component Context Menu Handler. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Phamm 0.6.8 Login Page /public/main.php action cross site scripting

A vulnerability was found in Phamm 0.6.8. It has been classified as problematic. This affects code of the file /public/main.php of the component Login Page. The manipulation of the argument action as part of a Parameter leads to a cross site...
Auteur: VulDB

JFrog Artifactory Pro 6.5.9 SAML SSO Signature Validator privilege escalation

A vulnerability classified as critical has been found in JFrog Artifactory Pro 6.5.9 (Network Encryption Software). Affected is an unknown function of the component SAML SSO Signature Validator. The manipulation with an unknown input leads to a...
Auteur: VulDB

New Zealand-Related Scams and Malware Campaigns

Original release date: March 15, 2019 In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize...
Auteur: US Cert

Intel Releases Security Advisories on Multiple Products

Original release date: March 15, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

VMware Releases Security Updates for Workstation and Horizon

Original release date: March 15, 2019 VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Microsoft Releases Security Update for Azure Linux Guest Agent

Original release date: March 14, 2019 Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.The Cybersecurity and...
Auteur: US Cert

MacCMS 10 art privilege escalation

A vulnerability, which was classified as critical, has been found in MacCMS 10 (Content Management System). Affected by this issue is some functionality of the file template/default_pc/html/art. The manipulation with an unknown input leads to a...
Auteur: VulDB

Fujitsu Wireless Keyboard Set LX901 GK900 2.4 Receiver Packet weak encryption

A vulnerability has been found in Fujitsu Wireless Keyboard Set LX901 GK900 2.4 (Forum Software) and classified as problematic. Affected by this vulnerability is a functionality of the component Receiver. The manipulation as part of a Packet...
Auteur: VulDB

Netdata Web Application up to 1.13.0 Snapshot HTML Injection cross site scripting

A vulnerability, which was classified as problematic, was found in Netdata Web Application up to 1.13.0. Affected is a function of the component Snapshot Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Screen Stream up to 3.0.15 on Android /start-stop denial of service

A vulnerability, which was classified as problematic, has been found in Screen Stream up to 3.0.15 on Android. This issue affects some functionality of the file /start-stop. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

AirDrop up to 2.0 on Android Socket Flooding denial of service

A vulnerability classified as problematic was found in AirDrop up to 2.0 on Android. This vulnerability affects the functionality of the component Socket Handler. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

AirMore up to 1.6.1 on Android ?Key=PhoneRequestAuthorization denial of service

A vulnerability classified as problematic has been found in AirMore up to 1.6.1 on Android. This affects an unknown function of the file /?Key=PhoneRequestAuthorization. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

CircuitWerkes Sicon-8 Web-based Front-end Controller weak authentication

A vulnerability was found in CircuitWerkes Sicon-8. It has been rated as critical. Affected by this issue is some processing of the component Web-based Front-end Controller. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

rdesktop up to 1.8.3 seamless_process_line() memory corruption

A vulnerability was found in rdesktop up to 1.8.3. It has been declared as critical. Affected by this vulnerability is the function seamless_process_line(). The manipulation with an unknown input leads to a memory corruption vulnerability (Code...
Auteur: VulDB

rdesktop up to 1.8.3 seamless_process() memory corruption

A vulnerability was found in rdesktop up to 1.8.3. It has been classified as critical. Affected is the function seamless_process(). The manipulation with an unknown input leads to a memory corruption vulnerability (Integer Underflow). CWE is...
Auteur: VulDB

rdesktop up to 1.8.3 rdpsnddbg_process() memory corruption

A vulnerability was found in rdesktop up to 1.8.3 and classified as critical. This issue affects the function rdpsnddbg_process(). The manipulation with an unknown input leads to a memory corruption vulnerability (Integer Underflow). Using CWE...
Auteur: VulDB

rdesktop up to 1.8.3 lspci_process() memory corruption

A vulnerability has been found in rdesktop up to 1.8.3 and classified as critical. This vulnerability affects the function lspci_process(). The manipulation with an unknown input leads to a memory corruption vulnerability (Integer Underflow)....
Auteur: VulDB

rdesktop up to 1.8.3 process_demand_active() memory corruption

A vulnerability, which was classified as critical, was found in rdesktop up to 1.8.3. This affects the function process_demand_active(). The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). CWE is...
Auteur: VulDB

rdesktop up to 1.8.3 rdp_in_unistr() memory corruption

A vulnerability, which was classified as critical, has been found in rdesktop up to 1.8.3. Affected by this issue is the function rdp_in_unistr(). The manipulation with an unknown input leads to a memory corruption vulnerability (Integer...
Auteur: VulDB

rdesktop up to 1.8.3 secure.c memory corruption

A vulnerability classified as critical was found in rdesktop up to 1.8.3. Affected by this vulnerability is the functionality of the file secure.c. The manipulation with an unknown input leads to a memory corruption vulnerability...
Auteur: VulDB
12345678910Last

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS