jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Confluence Server Critical Remote Code Execution Vulnerability (CERT-EU Security Advisory 2019-009)

A server-side template injection vulnerability has been discovered in Confluence Server and Data Center, in the Widget Connector. An attacker able to exploit this issue could achieve path traversal and remote code execution on systems that run a...
Auteur: Cert EU

CERTFR-2019-AVI-169 : Multiples vulnérabilités dans Juniper Junos OS (15 avril 2019)

De multiples vulnérabilités ont été découvertes dans Juniper Junos OS. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2019-AVI-168 : Vulnérabilité dans Palo Alto Expedition (15 avril 2019)

Une vulnérabilité a été découverte dans Palo Alto Expedition. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

IBM BigFix WebUI Profile Management Back-End Database sql injection

A vulnerability was found in IBM BigFix WebUI Profile Management and BigFix Software Distribution. It has been declared as critical. This vulnerability affects a code block of the component Back-End Database. The manipulation with an unknown...
Auteur: VulDB

Red Hat Satellite 6.4 Candlepin Log information disclosure

A vulnerability was found in Red Hat Satellite 6.4. It has been classified as problematic. This affects code of the component Candlepin. The manipulation with an unknown input leads to a information disclosure vulnerability (Log). CWE is...
Auteur: VulDB

urllib3 up to 1.24.1 on Python Parameter CRLF privilege escalation

A vulnerability was found in urllib3 up to 1.24.1 on Python and classified as critical. Affected by this issue is a part. The manipulation as part of a Parameter leads to a privilege escalation vulnerability (CRLF). Using CWE to declare the...
Auteur: VulDB

Gitea up to 1.7.5/1.8-RC2 models/repo_mirror.go Remote Code Execution

A vulnerability has been found in Gitea up to 1.7.5/1.8-RC2 and classified as critical. Affected by this vulnerability is a functionality of the file models/repo_mirror.go. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Gitea up to 1.7.5/1.8-RC2 repo/setting.go form.MirrorAddress unknown vulnerability

A vulnerability, which was classified as problematic, was found in Gitea up to 1.7.5/1.8-RC2. Affected is a function of the file repo/setting.go. The manipulation of the argument form.MirrorAddress with an unknown input leads to a unknown...
Auteur: VulDB

GPAC 0.7.1 utils/os_divers.c gf_bin128_parse XML File memory corruption

A vulnerability, which was classified as critical, has been found in GPAC 0.7.1. This issue affects the function gf_bin128_parse of the file utils/os_divers.c. The manipulation as part of a XML File leads to a memory corruption vulnerability....
Auteur: VulDB

GPAC 0.7.1 media_import.c gf_import_message() memory corruption

A vulnerability classified as critical was found in GPAC 0.7.1. This vulnerability affects the function gf_import_message() of the file media_import.c. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE...
Auteur: VulDB

Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Remote Code Execution

A vulnerability classified as critical has been found in Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows (Application Server Software). This affects an unknown function of the component JRE. The manipulation as part of a Command Line...
Auteur: VulDB

Shimo VPN Helper Service privilege escalation [CVE-2018-4009]

A vulnerability was found in Shimo VPN (Network Encryption Software). It has been rated as critical. Affected by this issue is some processing of the component Helper Service. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Shimo VPN 4.1.5.1 Helper Service Argument privilege escalation

A vulnerability was found in Shimo VPN 4.1.5.1 (Network Encryption Software). It has been declared as critical. Affected by this vulnerability is a code block of the component Helper Service. The manipulation as part of a Argument leads to a...
Auteur: VulDB

IBM WebShere MQ 9.1.0.0/9.1.0.1/9.1.1 weak encryption [CVE-2018-1925]

A vulnerability was found in IBM WebShere MQ 9.1.0.0/9.1.0.1/9.1.1. It has been classified as critical. Affected is code. The manipulation with an unknown input leads to a weak encryption vulnerability. CWE is classifying the issue as CWE-326....
Auteur: VulDB

Waimai Super CMS 20150505 addsave fcname cross site scripting

A vulnerability was found in Waimai Super CMS 20150505 (Content Management System) and classified as problematic. This issue affects a part of the file /admin.php/Foodcat/addsave. The manipulation of the argument fcname as part of a Parameter...
Auteur: VulDB

Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress admin.php Slide[title]/Slide[media_file]/Slide[image_url] cross site scripting

A vulnerability has been found in Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress (Photo Gallery Software) and classified as problematic. This vulnerability affects a functionality of the file...
Auteur: VulDB

Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress admin.php Parameter sql injection

A vulnerability, which was classified as critical, was found in Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress (Photo Gallery Software). This affects a function of the file wp-admin/admin.php?page=slideshow-galleries&method=save. The...
Auteur: VulDB

Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress admin.php Gallery[id]/Gallery[title] cross site scripting

A vulnerability, which was classified as problematic, has been found in Tribulant Slideshow Gallery Plugin 1.6.8 on WordPress (Photo Gallery Software). Affected by this issue is some functionality of the file...
Auteur: VulDB

WP Fastest Cache Plugin 0.8.8.5 on WordPress rules[0][content] cross site scripting

A vulnerability classified as problematic was found in WP Fastest Cache Plugin 0.8.8.5 on WordPress (Plugin Software). Affected by this vulnerability is the functionality. The manipulation of the argument rules[0][content] as part of a Parameter...
Auteur: VulDB

WP Fastest Cache Plugin 0.8.8.5 on WordPress Parameter cross site scripting

A vulnerability classified as problematic has been found in WP Fastest Cache Plugin 0.8.8.5 on WordPress (Plugin Software). Affected is an unknown function. The manipulation of the argument wpFastestCachePreload_number/wpFastestCacheLanguage as...
Auteur: VulDB

WP Fastest Cache Plugin 0.8.8.5 on WordPress wp-admin/admin.php cross site request forgery

A vulnerability was found in WP Fastest Cache Plugin 0.8.8.5 on WordPress (Plugin Software). It has been rated as problematic. This issue affects some processing of the file wp-admin/admin.php. The manipulation with an unknown input leads to a...
Auteur: VulDB

WP Fastest Cache Plugin 0.8.8.5 on WordPress rules[0][content] cross site scripting

A vulnerability was found in WP Fastest Cache Plugin 0.8.8.5 on WordPress (Plugin Software). It has been declared as problematic. This vulnerability affects a code block. The manipulation of the argument rules[0][content] as part of a Parameter...
Auteur: VulDB

mndpsingh287 File Manager Plugin 3.0 on WordPress page cross site scripting

A vulnerability was found in mndpsingh287 File Manager Plugin 3.0 on WordPress (Plugin Software). It has been classified as problematic. This affects code. The manipulation of the argument page as part of a Parameter leads to a cross site...
Auteur: VulDB

mndpsingh287 File Manager Plugin 3.0 on WordPress page cross site request forgery

A vulnerability was found in mndpsingh287 File Manager Plugin 3.0 on WordPress (Plugin Software) and classified as problematic. Affected by this issue is a part. The manipulation of the argument page as part of a Parameter leads to a cross site...
Auteur: VulDB

Mozilla Firefox up to 53.0.3 Graphite2 Library read_glyph denial of service

A vulnerability has been found in Mozilla Firefox up to 53.0.3 (Web Browser) and classified as problematic. Affected by this vulnerability is the function graphite2::GlyphCache::Loader::read_glyph of the component Graphite2 Library. The...
Auteur: VulDB
First395396397398399400401402403404Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS