vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Cloud Application Performance Management 8.1.4 Clickjacking privilege escalation

A vulnerability, which was classified as critical, has been found in IBM Cloud Application Performance Management 8.1.4 (Cloud Software). This issue affects an unknown code block. There is no information about possible countermeasures known. It...
Auteur: VulDB

GnuCOBOL 2.2 COBOL Source cobc/parser.y end_scope_of_program_name() memory corruption

A vulnerability classified as critical was found in GnuCOBOL 2.2. This vulnerability affects the function end_scope_of_program_name() of the file cobc/parser.y of the component COBOL Source Handler. There is no information about possible...
Auteur: VulDB

GnuCOBOL 2.2 COBOL Source cobc/tree.c cb_name() memory corruption

A vulnerability classified as critical has been found in GnuCOBOL 2.2. This affects the function cb_name() of the file cobc/tree.c of the component COBOL Source Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SPIP up to 3.1.10/3.2.4 URL ecrire/inc/headers.php unknown vulnerability

A vulnerability was found in SPIP up to 3.1.10/3.2.4 (Content Management System). It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ecrire/inc/headers.php of the component URL Handler....
Auteur: VulDB

SPIP up to 3.1.10/3.2.4 Error Message login.php cross site scripting

A vulnerability was found in SPIP up to 3.1.10/3.2.4 (Content Management System). It has been classified as problematic. Affected is an unknown function of the file prive/formulaires/login.php of the component Error Message Handler. Upgrading to...
Auteur: VulDB

SPIP up to 3.1.10/3.2.4 ecrire/inc/meta.php privilege escalation

A vulnerability was found in SPIP up to 3.1.10/3.2.4 (Content Management System) and classified as critical. This issue affects some unknown processing of the file ecrire/inc/meta.php. Upgrading to version 3.1.11 or 3.2.5 eliminates this...
Auteur: VulDB

eQ-3 Homematic CCU2/Homematic CCU3 Web Interface HTTP POST Request Code Execution

A vulnerability has been found in eQ-3 Homematic CCU2 and Homematic CCU3 (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code block of the component Web Interface. Upgrading eliminates this...
Auteur: VulDB

Linux Kernel up to 5.2.x virtqueue Buffer memory corruption

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.2.x (Operating System). This affects an unknown code of the component virtqueue Buffer Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

FreeIPA 4.5.0 Session weak authentication

A vulnerability, which was classified as critical, has been found in FreeIPA 4.5.0 (Directory Service Software). Affected by this issue is an unknown part of the component Session Handler. There is no information about possible countermeasures...
Auteur: VulDB

3S-Smart CODESYS V3 up to 3.5.15.0 Request NULL Pointer Dereference denial of service

A vulnerability classified as problematic was found in 3S-Smart CODESYS V3 up to 3.5.15.0. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

3S-Smart CODESYS V3 up to 3.5 Library privilege escalation

A vulnerability classified as critical has been found in 3S-Smart CODESYS V3 up to 3.5. Affected is an unknown functionality of the component Library Handler. Upgrading to version 3.5.15.0 eliminates this vulnerability.
Auteur: VulDB

Norton Password Manager up to 6.5.0 information disclosure

A vulnerability was found in Norton Password Manager up to 6.5.0. It has been rated as problematic. This issue affects an unknown function. Upgrading to version 6.5.0.2104 eliminates this vulnerability.
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Contact Information information disclosure

A vulnerability was found in Micro Focus Service Manager up to 9.62. It has been declared as problematic. This vulnerability affects some unknown processing of the component Contact Information Handler. There is no information about possible...
Auteur: VulDB

SPIP up to 3.1.10/3.2.4 Password Reminder Email information disclosure

A vulnerability was found in SPIP up to 3.1.10/3.2.4 (Content Management System). It has been rated as problematic. Affected by this issue is some unknown functionality of the component Password Reminder Handler. Upgrading to version 3.1.11 or...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Deserialization unknown vulnerability

A vulnerability was found in Micro Focus Service Manager up to 9.62. It has been classified as critical. This affects an unknown code block of the component Deserialization. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 information disclosure

A vulnerability was found in Micro Focus Service Manager up to 9.62 and classified as problematic. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

APC UPS Network Management Card 2 AOS 6.5.6 Remote Monitoring Credentials information disclosure

A vulnerability has been found in APC UPS Network Management Card 2 AOS 6.5.6 and classified as problematic. Affected by this vulnerability is an unknown part of the component Remote Monitoring. There is no information about possible...
Auteur: VulDB

Asuswrt-Merlin 384.6 UDP wanduck.c parse_req_queries Long String memory corruption

A vulnerability, which was classified as critical, was found in Asuswrt-Merlin 384.6. Affected is the function parse_req_queries of the file wanduck.c of the component UDP Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Adopter les six bons réflexes

Ces 6 réflexes reprennent des notions ou principes qui peuvent vous être utiles pour sensibiliser les agents au sein de votre collectivité.
Auteur: Cnil

Collectivités territoriales : la CNIL publie un guide de sensibilisation au RGPD

Afin d’accompagner les collectivités territoriales dans leur mise en conformité au RGPD, la CNIL a élaboré un guide de sensibilisation disponible sur son site web.
Auteur: Cnil

Adopter les six bons réflexes dans sa collectivité

Ces 6 réflexes reprennent des notions ou principes qui peuvent vous être utiles pour sensibiliser les agents au sein de votre collectivité.
Auteur: Cnil

3S-Smart CODESYS V3 up to 3.5.12.30 privilege escalation

A vulnerability, which was classified as critical, has been found in 3S-Smart CODESYS V3 up to 3.5.12.30. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

OpenDMARC up to 1.3.2/1.4.0-Beta1 Signature weak authentication

A vulnerability classified as critical was found in OpenDMARC up to 1.3.2/1.4.0-Beta1. This vulnerability affects an unknown function of the component Signature Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

OpenConnect up to 8.04 process_http_response memory corruption

A vulnerability classified as critical has been found in OpenConnect up to 8.04. This affects the function process_http_response. Upgrading to version 8.05 eliminates this vulnerability.
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Internal Endpoint information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). It has been rated as problematic. Affected by this issue is an unknown code block of the component Internal Endpoint. There is no...
Auteur: VulDB
12345678910Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS