jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-524 : Vulnérabilité dans les produits VMware (21 octobre 2019)

Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-523 : Multiples vulnérabilités dans les produits Fortinet (21 octobre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-522 : Multiples vulnérabilités dans le noyau Linux de SUSE (21 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2019-AVI-521 : Vulnérabilité dans Citrix ADC et Gateway (21 octobre 2019)

Une vulnérabilité a été découverte dans Citrix ADC et Gateway. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-520 : Vulnérabilité dans Apache OpenOffice (21 octobre 2019)

Une vulnérabilité a été découverte dans Apache OpenOffice. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

File up to 5.37 cdf.c cdf_read_property_info memory corruption

A vulnerability classified as critical has been found in File up to 5.37. This affects the function cdf_read_property_info of the file cdf.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2019-CTI-006 : Synthèse sur le rançongiciel BITPAYMER/IENCRYPT (21 octobre 2019)

Le rançongiciel BitPaymer, également connu sous les noms FriedEx et IEncrypt, est utilisé depuis 2017 dans le cadre d’opérations d’extorsion …
Auteur: Cert FR

ProFTPD up to 1.3.6a/1.3.7rc1 Command main.c denial of service

A vulnerability was found in ProFTPD up to 1.3.6a/1.3.7rc1 (File Transfer Software). It has been rated as problematic. Affected by this issue is an unknown part of the file main.c of the component Command Handler. Upgrading to version 1.3.6b or...
Auteur: VulDB

OpenEMR up to 5.0.2.0 view.php id cross site scripting

A vulnerability was found in OpenEMR up to 5.0.2.0 (Business Process Management Software). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the file interface/forms/eye_mag/view.php. Upgrading...
Auteur: VulDB

OpenEMR up to 5.0.2.0 view.php pid cross site scripting

A vulnerability was found in OpenEMR up to 5.0.2.0 (Business Process Management Software). It has been classified as problematic. Affected is an unknown functionality of the file interface/forms/eye_mag/view.php. Upgrading to version 5.0.2.1...
Auteur: VulDB

Verodin Director up to 3.5.3.1 JSON REST API /integrations.json API Request information disclosure

A vulnerability was found in Verodin Director up to 3.5.3.1 and classified as problematic. This issue affects an unknown function of the file /integrations.json of the component JSON REST API. There is no information about possible...
Auteur: VulDB

Verodin Director up to 3.5.3.x Stored cross site scripting

A vulnerability has been found in Verodin Director up to 3.5.3.x and classified as problematic. This vulnerability affects some unknown processing. Upgrading to version 3.5.4.0 eliminates this vulnerability.
Auteur: VulDB

Asus ROG Zephyrus M GM501GS 313 Battery privilege escalation

A vulnerability, which was classified as critical, was found in Asus ROG Zephyrus M GM501GS 313. This affects an unknown code block of the component Battery Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Video_Converter App 0.1.0 on Nextcloud FFmpeg Memory Consumption denial of service

A vulnerability, which was classified as problematic, has been found in Video_Converter App 0.1.0 on Nextcloud. Affected by this issue is an unknown code of the component FFmpeg. There is no information about possible countermeasures known. It...
Auteur: VulDB

Etherpad-Lite 1.7.5 URL templates/pad.html cross site scripting

A vulnerability classified as problematic was found in Etherpad-Lite 1.7.5. Affected by this vulnerability is an unknown part of the file templates/pad.html of the component URL Handler. There is no information about possible countermeasures...
Auteur: VulDB

WAGO PFC100/PFC200 prior FW12 Access Control HTTP Requests information disclosure

A vulnerability classified as problematic has been found in WAGO PFC100 and PFC200. Affected is some unknown functionality of the component Access Control. Upgrading to version FW12 eliminates this vulnerability.
Auteur: VulDB

Adobe Download Manager 2.0.0.363 privilege escalation [CVE-2019-8071]

A vulnerability was found in Adobe Download Manager 2.0.0.363. It has been rated as critical. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

HCL Traveler up to 9.x Problem Report Page Error Message cross site scripting

A vulnerability was found in HCL Traveler up to 9.x. It has been declared as problematic. This vulnerability affects an unknown function of the component Problem Report Page. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Linux Kernel up to 5.3.3 net/ipv6/fib6_rules.c fib6_rule_suppress() memory corruption

A vulnerability was found in Linux Kernel up to 5.3.3 (Operating System). It has been classified as critical. This affects the function fib6_rule_suppress() of the file net/ipv6/fib6_rules.c. Upgrading to version 5.3.4 eliminates this...
Auteur: VulDB

libxslt 1.1.33 transform.c xsltCopyText Variable memory corruption

A vulnerability was found in libxslt 1.1.33 and classified as critical. Affected by this issue is the function xsltCopyText of the file transform.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SageMath Sage Cell Server up to 2019-10-05 Python __import__('os').popen('whoami').read() privilege escalation

A vulnerability has been found in SageMath Sage Cell Server up to 2019-10-05 and classified as critical. Affected by this vulnerability is the function __import__('os').popen('whoami').read() of the component Python. The problem might be...
Auteur: VulDB

Tomedo Server 1.7.3 Vendor Communication weak encryption

A vulnerability, which was classified as problematic, was found in Tomedo Server 1.7.3. Affected is an unknown part of the component Vendor Communication Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

OpenWRT 18.06.4 wireless/radio0.network1 cross site request forgery

A vulnerability, which was classified as problematic, has been found in OpenWRT 18.06.4. This issue affects some unknown functionality of the file wireless/radio0.network1. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

broken-link-checker 1.11.8 on WordPress table-printer.php s_filter cross site scripting

A vulnerability classified as problematic was found in broken-link-checker 1.11.8 on WordPress. This vulnerability affects an unknown functionality of the file includes/admin/table-printer.php. There is no information about possible...
Auteur: VulDB

Harbor API Access Control API Request privilege escalation

A vulnerability classified as critical has been found in Harbor API (Automation Software) (the affected version unknown). This affects an unknown function of the component Access Control. There is no information about possible countermeasures...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS