vendredi 22 mars 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

rdesktop up to 1.8.3 mcs.c memory corruption

A vulnerability classified as critical has been found in rdesktop up to 1.8.3. Affected is an unknown function of the file mcs.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Integer). CWE is classifying the...
Auteur: VulDB

rdesktop up to 1.8.3 ui_clip_handle_data() memory corruption

A vulnerability was found in rdesktop up to 1.8.3. It has been rated as critical. This issue affects the function ui_clip_handle_data(). The manipulation with an unknown input leads to a memory corruption vulnerability (Out-of-Bounds). Using CWE...
Auteur: VulDB

yast2-printer up to 4.0.2 SMB Printer Settings Password Code Injection privilege escalation

A vulnerability was found in yast2-printer up to 4.0.2 (Printing Software). It has been declared as critical. This vulnerability affects a code block of the component SMB Printer Settings Handler. The manipulation as part of a Password leads to...
Auteur: VulDB

Cobham Satcom Sailor 800/Satcom Sailor 900 Configuration File Persistent cross site scripting

A vulnerability was found in Cobham Satcom Sailor 800 and Satcom Sailor 900. It has been classified as problematic. This affects code of the component Configuration File Handler. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Cobham Satcom Sailor 800/Satcom Sailor 900 Configuration File denial of service

A vulnerability was found in Cobham Satcom Sailor 800 and Satcom Sailor 900 and classified as critical. Affected by this issue is a part of the component Configuration File Handler. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Cobham Satcom Sailor 250/Satcom Sailor 500 up to 1.24 index.lua privilege escalation

A vulnerability has been found in Cobham Satcom Sailor 250 and Satcom Sailor 500 up to 1.24 and classified as critical. Affected by this vulnerability is a functionality of the file /index.lua?pageID=Administration. The manipulation of the...
Auteur: VulDB

Cobham Satcom Sailor 250/Satcom Sailor 500 up to 1.24 index.lua name cross site scripting

A vulnerability, which was classified as problematic, was found in Cobham Satcom Sailor 250 and Satcom Sailor 500 up to 1.24. Affected is a function of the file /index.lua?pageID=Phone%20book. The manipulation of the argument name with an...
Auteur: VulDB

CapMon Access Manager up to 5.4.1.1005 Custom App Launcher Application privilege escalation

A vulnerability, which was classified as critical, has been found in CapMon Access Manager up to 5.4.1.1005 (Access Management Software). This issue affects some functionality of the component Custom App Launcher. The manipulation as part of a...
Auteur: VulDB

CapMon Access Manager up to 5.4.1.1005 Client Application AccessManagerCoreService.exe privilege escalation

A vulnerability classified as critical was found in CapMon Access Manager up to 5.4.1.1005 (Access Management Software). This vulnerability affects the functionality of the file AccessManagerCoreService.exe of the component Client Application....
Auteur: VulDB

CapMon Access Manager 5.4.1.1005 Whitelist Table privilege escalation

A vulnerability classified as critical has been found in CapMon Access Manager 5.4.1.1005 (Access Management Software). This affects an unknown function of the component Whitelist Table Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

CapMon Access Manager 5.4.1.1005 CALRunElevated.exe privilege escalation

A vulnerability was found in CapMon Access Manager 5.4.1.1005 (Access Management Software). It has been rated as critical. Affected by this issue is some processing of the file CALRunElevated.exe. The manipulation with an unknown input leads to...
Auteur: VulDB

CapMon Access Manager 5.4.1.1005 CALRunElevated.exe privilege escalation

A vulnerability was found in CapMon Access Manager 5.4.1.1005 (Access Management Software). It has been declared as critical. Affected by this vulnerability is a code block of the file CALRunElevated.exe. The manipulation with an unknown input...
Auteur: VulDB

Topvision CC8800 CMTS C-E Cookie startup.tar.gz userName information disclosure

A vulnerability was found in Topvision CC8800 CMTS C-E. It has been classified as problematic. Affected is code of the file /WebContent/startup.tar.gz of the component Cookie Handler. The manipulation of the argument userName with the input...
Auteur: VulDB

yast2-samba-provision up to 1.0.1 Samba Share Password information disclosure

A vulnerability was found in yast2-samba-provision up to 1.0.1 (File Transfer Software) and classified as problematic. This issue affects a part of the component Samba Share Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

yast2-multipath up to 4.1.0 Temp File Name Symlink privilege escalation

A vulnerability has been found in yast2-multipath up to 4.1.0 and classified as problematic. This vulnerability affects a functionality of the component Temp File Name Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

CryptoBotsBattle batchTransfer Smart Contract memory corruption

A vulnerability, which was classified as critical, was found in CryptoBotsBattle. This affects the function batchTransfer. The manipulation as part of a Smart Contract leads to a memory corruption vulnerability (Integer Overflow). CWE is...
Auteur: VulDB

MS-ISAC Releases Security Primer on TrickBot Malware

Original release date: March 14, 2019 The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and...
Auteur: US Cert

WordPress Releases Security Update

Original release date: March 14, 2019 WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security...
Auteur: US Cert

CERTFR-2019-AVI-112 : Multiples vulnérabilités dans le noyau Linux de RedHat (14 mars 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2019-AVI-111 : Multiples vulnérabilités dans Ruby On Rails (14 mars 2019)

De multiples vulnérabilités ont été découvertes dans Ruby On Rails. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-110 : Vulnérabilité dans Cisco Common Services Platform Collector (CSPC) (14 mars 2019)

Une vulnérabilité a été découverte dans Cisco Common Services Platform Collector. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

PHPSHE 1.7 pay.php id sql injection

A vulnerability classified as critical was found in PHPSHE 1.7. This vulnerability affects the functionality of the file include/plugin/payment/alipay/pay.php. The manipulation of the argument id as part of a Parameter leads to a sql injection...
Auteur: VulDB

PHPSHE 1.7 notify_url.php wechat_getxml XML External Entity

A vulnerability classified as critical has been found in PHPSHE 1.7. This affects the function wechat_getxml of the file include/plugin/payment/wechat/notify_url.php. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

FTPGetter Standard 5.97.0.177 Connection Response memory corruption

A vulnerability was found in FTPGetter Standard 5.97.0.177. It has been rated as critical. Affected by this issue is some processing of the component Connection Handler. The manipulation as part of a Response leads to a memory corruption...
Auteur: VulDB

GNU LibreDWG 0.7/0.7.1645 dwg_dxf_LTYPE denial of service

A vulnerability was found in GNU LibreDWG 0.7/0.7.1645. It has been declared as problematic. Affected by this vulnerability is the function dwg_dxf_LTYPE. The manipulation with an unknown input leads to a denial of service vulnerability (NULL...
Auteur: VulDB
12345678910Last

Événements SSI

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS