samedi 21 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Cloud Foundry Stratos up to 2.2.x Session Store Secret weak authentication

A vulnerability has been found in Cloud Foundry Stratos up to 2.2.x (Cloud Software) and classified as critical. This vulnerability affects a functionality of the component Session Store Secret Handler. The manipulation with an unknown input...
Auteur: VulDB

Cloud Foundry CLI prior 6.43.0 Log information disclosure

A vulnerability, which was classified as problematic, was found in Cloud Foundry CLI (Cloud Software). This affects a function of the component Log Handler. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

Spring Security OAuth up to 2.0.16/2.1.3/2.2.3/2.3.4 Authorization Endpoint redirect_uri Open Redirect

A vulnerability, which was classified as problematic, has been found in Spring Security OAuth up to 2.0.16/2.1.3/2.2.3/2.3.4. Affected by this issue is some functionality of the component Authorization Endpoint. The manipulation of the argument...
Auteur: VulDB

Pivotal Application Service up to 2.2.11/2.3.6/2.4.2 Cloud Controller Proxy Certificate weak authentication

A vulnerability classified as critical was found in Pivotal Application Service up to 2.2.11/2.3.6/2.4.2. Affected by this vulnerability is the functionality of the component Cloud Controller Proxy. The manipulation with an unknown input leads...
Auteur: VulDB

Pivotal Operations Manager up to 2.1.19/2.2.15/2.3.9/2.4.2 Reflected cross site scripting

A vulnerability classified as problematic has been found in Pivotal Operations Manager up to 2.1.19/2.2.15/2.3.9/2.4.2 (Web Browser). Affected is an unknown function. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

Cloud Foundry UAA prior v70.0 Email Address spoofing

A vulnerability was found in Cloud Foundry UAA (Cloud Software). It has been rated as critical. This issue affects some processing of the component Email Address Handler. The manipulation with an unknown input leads to a spoofing vulnerability....
Auteur: VulDB

Dell WES Wyse Device Agent/Wyse ThinLinux Hagent FTP Client memory corruption

A vulnerability was found in Dell WES Wyse Device Agent and Wyse ThinLinux Hagent. It has been declared as critical. This vulnerability affects a code block of the component FTP Client. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Cisco FXOS/NX-OS File System Permission information disclosure

A vulnerability was found in Cisco FXOS and NX-OS (Router Operating System). It has been classified as problematic. This affects code of the component File System Permission. The manipulation with an unknown input leads to a information...
Auteur: VulDB

Cisco NX-OS Network Stack denial of service [CVE-2019-1599]

A vulnerability was found in Cisco NX-OS (Router Operating System) and classified as problematic. Affected by this issue is a part of the component Network Stack. The manipulation with an unknown input leads to a denial of service vulnerability....
Auteur: VulDB

Cisco FXOS/NX-OS LDAP Basic Encoding Rule denial of service

A vulnerability has been found in Cisco FXOS and NX-OS (Router Operating System) and classified as problematic. Affected by this vulnerability is a functionality of the component LDAP. The manipulation as part of a Basic Encoding Rule leads to a...
Auteur: VulDB

Cisco FXOS/NX-OS LDAP Basic Encoding Rule denial of service

A vulnerability, which was classified as problematic, was found in Cisco FXOS and NX-OS (Router Operating System). Affected is a function of the component LDAP. The manipulation as part of a Basic Encoding Rule leads to a denial of service...
Auteur: VulDB

Cisco NX-OS bash privilege escalation [CVE-2019-1596]

A vulnerability, which was classified as critical, has been found in Cisco NX-OS (Router Operating System). This issue affects some functionality of the component bash. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution

A vulnerability classified as critical was found in Apache Solr up to 5.0.5/6.6.5. This vulnerability affects the functionality of the component Config API. The manipulation as part of a HTTP POST Request leads to a privilege escalation...
Auteur: VulDB

FlowPaper Flexpaper up to 2.3.6 Command privilege escalation

A vulnerability was found in FlowPaper Flexpaper up to 2.3.6. It has been classified as critical. Affected is code. The manipulation with an unknown input leads to a privilege escalation vulnerability (Command). CWE is classifying the issue as...
Auteur: VulDB

Cisco Releases Security Updates

Original release date: March 06, 2019 Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system.The...
Auteur: US Cert

CERTFR-2019-AVI-091 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (06 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité...
Auteur: Cert FR

CERTFR-2019-AVI-090 : Multiples vulnérabilités dans Google Chrome (06 mars 2019)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.

Auteur: Cert FR

phpScheduleIt Booked Scheduler 2.7.5 File Upload Web/custom-favicon.php Favicon privilege escalation

A vulnerability was found in phpScheduleIt Booked Scheduler 2.7.5. It has been rated as critical. Affected by this issue is some processing of the file Web/custom-favicon.php of the component File Upload. The manipulation of the argument Favicon...
Auteur: VulDB

Xpdf 4.01 PSOutputDev.cc setupResources() PDF File denial of service

A vulnerability, which was classified as problematic, was found in Xpdf 4.01 (Document Reader Software). Affected is the function PSOutputDev::setupResources() of the file PSOutputDev.cc. The manipulation as part of a PDF File leads to a denial...
Auteur: VulDB

Xpdf 4.01 GMutex.h gAtomicIncrement() PDF File memory corruption

A vulnerability, which was classified as critical, has been found in Xpdf 4.01 (Document Reader Software). This issue affects the function gAtomicIncrement() of the file GMutex.h. The manipulation as part of a PDF File leads to a memory...
Auteur: VulDB

Xpdf 4.01 Decrypt.cc md5Round1() PDF File denial of service

A vulnerability classified as problematic was found in Xpdf 4.01 (Document Reader Software). This vulnerability affects the function md5Round1() of the file Decrypt.cc. The manipulation as part of a PDF File leads to a denial of service...
Auteur: VulDB

AppCMS 2.0.101 upload/callback.php params cross site scripting

A vulnerability classified as problematic was found in AppCMS 2.0.101 (Content Management System). Affected by this vulnerability is the functionality of the file upload/callback.php. The manipulation of the argument params as part of a...
Auteur: VulDB

BlueCMS 1.6 user.php user_id sql injection

A vulnerability classified as critical has been found in BlueCMS 1.6 (Content Management System). Affected is an unknown function of the file uploads/admin/user.php?act=edit. The manipulation of the argument user_id as part of a Parameter leads...
Auteur: VulDB

ShoreTel Connect ONSITE 18.82.2000.0 page Reflected cross site scripting

A vulnerability was found in ShoreTel Connect ONSITE 18.82.2000.0. It has been rated as problematic. This issue affects some processing. The manipulation of the argument page as part of a Parameter leads to a cross site scripting vulnerability...
Auteur: VulDB

ShoreTel Connect ONSITE 19.45.1602.0 url Reflected cross site scripting

A vulnerability was found in ShoreTel Connect ONSITE 19.45.1602.0. It has been declared as problematic. This vulnerability affects a code block. The manipulation of the argument url as part of a Parameter leads to a cross site scripting...
Auteur: VulDB
First388389390391392393394395396397Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS