dimanche 22 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

relevant Plugin up to 1.0.7 on WordPress cross site scripting

A vulnerability, which was classified as problematic, was found in relevant Plugin up to 1.0.7 on WordPress. Affected is an unknown code block. Upgrading to version 1.0.8 eliminates this vulnerability.
Auteur: VulDB

VMware Releases Security Updates for Multiple Products

Original release date: September 20, 2019VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The...
Auteur: US Cert

CISA Releases Four New Insights Products

Original release date: September 20, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released four new CISA Insights products informed by U.S. intelligence and real-world events. Each of the following products provides a...
Auteur: US Cert

CERTFR-2019-AVI-454 : Multiples vulnérabilités dans les produits VMware (20 septembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2019-AVI-453 : Multiples vulnérabilités dans IBM QRadar Packet Capture (20 septembre 2019)

De multiples vulnérabilités ont été découvertes dans IBM QRadar Packet Capture. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-452 : Vulnérabilité dans F5 BIG-IP (20 septembre 2019)

Une vulnérabilité a été découverte dans F5 BIG-IP. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-451 : Multiples vulnérabilités dans le noyau Linux de Red Hat (20 septembre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

libavcodec 12.3 Subtitle Decoder libavcodec/srtdec.c srt_to_ass Video File memory corruption

A vulnerability, which was classified as critical, has been found in libavcodec 12.3 (Multimedia Player Software). This issue affects the function srt_to_ass of the file libavcodec/srtdec.c of the component Subtitle Decoder. There is no...
Auteur: VulDB

libav 12.3 Subtitle Decoder libavcodec/srtdec.c srt_to_ass Video File memory corruption

A vulnerability classified as critical was found in libav 12.3 (Multimedia Player Software). This vulnerability affects the function srt_to_ass of the file libavcodec/srtdec.c of the component Subtitle Decoder. There is no information about...
Auteur: VulDB

libav 12.3 Subtitle Decoder libavcodec/srtdec.c srt_to_ass Video File denial of service

A vulnerability classified as problematic has been found in libav 12.3 (Multimedia Player Software). This affects the function srt_to_ass of the file libavcodec/srtdec.c of the component Subtitle Decoder. There is no information about possible...
Auteur: VulDB

LayerBB up to 1.1.3 System Settings admin/general.php cross site request forgery

A vulnerability was found in LayerBB up to 1.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file admin/general.php of the component System Settings. Upgrading to version 1.1.4 eliminates...
Auteur: VulDB

checklist Plugin up to 1.1.8 on WordPress checklist-icon.php fill cross site scripting

A vulnerability was found in checklist Plugin up to 1.1.8 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is some unknown processing of the file checklist-icon.php. Upgrading to version 1.1.9 eliminates this...
Auteur: VulDB

Linux Kernel up to 5.3 KVM Hypervisor /dev/kvm memory corruption

A vulnerability was found in Linux Kernel up to 5.3 (Operating System) and classified as critical. This issue affects an unknown code block of the file /dev/kvm of the component KVM Hypervisor. There is no information about possible...
Auteur: VulDB

LINE up to 9.15.1 on Android Integer Overflow memory corruption

A vulnerability has been found in LINE up to 9.15.1 on Android (Android App Software) and classified as critical. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SuSE Linux Enterprise Server 15/up to 12 nfs-utils Package /var/lib/nfs privilege escalation

A vulnerability, which was classified as critical, was found in SuSE Linux Enterprise Server up to 12/15 (Operating System). This affects an unknown part in the library /var/lib/nfs of the component nfs-utils Package. Applying a patch is able to...
Auteur: VulDB

FireGiant WiX Toolset up to 3.11.1 DTF Microsoft.Deployment.Compression.Cab.dll Archive File directory traversal

A vulnerability, which was classified as critical, has been found in FireGiant WiX Toolset up to 3.11.1. Affected by this issue is some unknown functionality in the library Microsoft.Deployment.Compression.Cab.dll of the component DTF. Upgrading...
Auteur: VulDB

libIEC61850 up to 1.3.3 mms_server.c MmsServer_waitReady memory corruption

A vulnerability classified as critical was found in libIEC61850 up to 1.3.3. Affected by this vulnerability is the function MmsServer_waitReady of the file mms/iso_mms/server/mms_server.c. There is no information about possible countermeasures...
Auteur: VulDB

Tenda N301 Wireless Router wanMTU goform/setSysTools denial of service

A vulnerability classified as critical has been found in Tenda N301 Wireless Router (Router Operating System) (version unknown). Affected is an unknown function of the file goform/setSysTools of the component wanMTU Handler. There is no...
Auteur: VulDB

Keeper K5 20.1.0.25/20.1.0.63 SD Card Data zskj_script_run.sh File Name Code Execution

A vulnerability was found in Keeper K5 20.1.0.25/20.1.0.63. It has been rated as critical. This issue affects some unknown processing of the file zskj_script_run.sh of the component SD Card Data Handler. There is no information about possible...
Auteur: VulDB

Counter-Strike: Global Offensive up to 1.37.1.0 Map vphysics.dll memory corruption

A vulnerability was found in Counter-Strike: Global Offensive up to 1.37.1.0. It has been declared as critical. This vulnerability affects an unknown code block in the library vphysics.dll of the component Map Handler. Upgrading to version...
Auteur: VulDB

Pydio 6.0.8 Remote Link index.php file Server-Side Request Forgery

A vulnerability was found in Pydio 6.0.8. It has been classified as critical. This affects an unknown code of the file index.php of the component Remote Link Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Pydio 6.0.8 Error Reporting information disclosure

A vulnerability was found in Pydio 6.0.8 and classified as problematic. Affected by this issue is an unknown part of the component Error Reporting. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.4.0 Jira Importers Plugin PUT Request Remote Code Execution

A vulnerability has been found in Atlassian JIRA Server and Data Center up to 8.4.0 (Bug Tracking Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component Jira Importers Plugin. Upgrading...
Auteur: VulDB

Bitbucket Server/Data Center up to 6.5.1 REST Endpoint Argument privilege escalation

A vulnerability, which was classified as critical, was found in Bitbucket Server and Data Center up to 6.5.1. Affected is an unknown functionality of the component REST Endpoint. Upgrading to version 5.16.10, 6.0.10, 6.1.8, 6.2.6, 6.3.5, 6.4.3 or...
Auteur: VulDB

Atlassian Jira Service Desk Server up to 3.9.15/3.16.8/4.1.2/4.2.4/4.3.3 Customer Context Filter Request directory traversal

A vulnerability, which was classified as problematic, has been found in Atlassian Jira Service Desk Server and Jira Service Desk Data Center up to 3.9.15/3.16.8/4.1.2/4.2.4/4.3.3 (Bug Tracking Software). This issue affects an unknown function of...
Auteur: VulDB
12345678910Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS