jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Mozilla Firefox up to 53.0.3 Graphite2 Library getClassGlyph memory corruption

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 53.0.3 (Web Browser). Affected is the function graphite2::Silf::getClassGlyph of the component Graphite2 Library. The manipulation with an unknown input leads...
Auteur: VulDB

Mozilla Firefox up to 53.0.3 Graphite2 Library readGraphite memory corruption

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 53.0.3 (Web Browser). This issue affects the function graphite2::Silf::readGraphite of the component Graphite2 Library. The manipulation with an unknown...
Auteur: VulDB

Mozilla Firefox up to 53.0.3 Graphite2 Library src/Decompressor lz4::decompress memory corruption

A vulnerability classified as critical was found in Mozilla Firefox up to 53.0.3 (Web Browser). This vulnerability affects the function lz4::decompress of the file src/Decompressor of the component Graphite2 Library. The manipulation with an...
Auteur: VulDB

Mozilla Firefox up to 53.0.3 Graphite2 Library readPass memory corruption

A vulnerability classified as critical has been found in Mozilla Firefox up to 53.0.3 (Web Browser). This affects the function graphite2::Pass::readPass of the component Graphite2 Library. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

Subrion CMS 4.1.5 blog/delete/ cross site request forgery

A vulnerability was found in Subrion CMS 4.1.5 (Content Management System). It has been rated as critical. Affected by this issue is some processing of the file blog/delete/. The manipulation with an unknown input leads to a cross site request...
Auteur: VulDB

F5 BIG-IP APM up to 12.1.4/13.1.1.3/14.1.0.1 Secure Vault Key weak encryption

A vulnerability was found in F5 BIG-IP APM up to 12.1.4/13.1.1.3/14.1.0.1 (Firewall Software). It has been classified as critical. Affected is code of the component Secure Vault. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

Moxa IKS-G6824A/EDS-405A/EDS-408A/EDS-510A Plaintext weak encryption

A vulnerability was found in Moxa IKS-G6824A, EDS-405A, EDS-408A and EDS-510A and classified as critical. This issue affects a part. The manipulation with an unknown input leads to a weak encryption vulnerability (Plaintext). Using CWE to...
Auteur: VulDB

VMware ESXi/Workstation/Fusion 3D Graphics Out-of-Bounds memory corruption

A vulnerability has been found in VMware ESXi, Workstation and Fusion (Virtualization Software) and classified as critical. This vulnerability affects a functionality of the component 3D Graphics. The manipulation with an unknown input leads to...
Auteur: VulDB

VMware ESXi/Workstation/Fusion Shader Translator Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, was found in VMware ESXi, Workstation and Fusion (Virtualization Software). This affects a function of the component Shader Translator. The manipulation with an unknown input leads to a memory...
Auteur: VulDB

VMware ESXi/Workstation/Fusion Vertex Shader Out-of-Bounds memory corruption

A vulnerability, which was classified as critical, has been found in VMware ESXi, Workstation and Fusion (Virtualization Software). Affected by this issue is some functionality of the component Vertex Shader. The manipulation with an unknown...
Auteur: VulDB

IBM API Connect 5.0.0.0/5.0.8.6 Developer Portal Server-Side Request Forgery

A vulnerability classified as critical was found in IBM API Connect 5.0.0.0/5.0.8.6. Affected by this vulnerability is the functionality of the component Developer Portal. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IBM API Connect 5.0.0.0/5.0.8.6 Developer Portal command injection

A vulnerability classified as critical has been found in IBM API Connect 5.0.0.0/5.0.8.6. Affected is an unknown function of the component Developer Portal. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

IBM Cognos Analytics 11 URL Request directory traversal

A vulnerability was found in IBM Cognos Analytics 11 (Business Process Management Software). It has been rated as critical. This issue affects some processing of the component URL Handler. The manipulation as part of a Request leads to a...
Auteur: VulDB

ZyXEL ATP500/USG40/USG1900/ZyWALL310/ZyWALL1100 /?mobile=1 mp_idx cross site scripting

A vulnerability was found in ZyXEL ATP500, USG40, USG1900, ZyWALL310 and ZyWALL1100 (Firewall Software). It has been declared as problematic. Affected by this vulnerability is a code block of the file /?mobile=1. The manipulation of the argument...
Auteur: VulDB

Présentation du Rapport d’activité 2018 et des enjeux 2019 de la CNIL

L’entrée en application du RGPD a marqué une prise de conscience inédite des enjeux de protection des données auprès des professionnels et des particuliers. Cela s’est logiquement traduit par une augmentation considérable des plaintes adressées à...
Auteur: Cnil

Apache Releases Security Updates for Apache Tomcat

Original release date: April 14, 2019 The Apache Software Foundation has released Apache Tomcat versions 7.0.94 and 8.5.40 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected...
Auteur: US Cert

Multiple Vulnerabilities in WPA3 Protocol

Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take...
Auteur: US Cert

VU#871675: Multiple vulnerabilities identified in WPA3 protocol design and implementations of hostapd and wpa_supplicant components

CERT continues to review the WPA3 protocol in support of this body of research. The root cause of the numerous"implementation"vulnerabilities may involve modifying the protocol. WPA3 uses Simultaneous Authentication of Equals(SAE),also known as...
Auteur: US Cert

VMware Releases Security Updates

Original release date: April 12, 2019 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information.The...
Auteur: US Cert

Vulnerability in Multiple VPN Applications

Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take...
Auteur: US Cert

CERTFR-2019-AVI-167 : Multiples vulnérabilités dans les produits VMware (12 avril 2019)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service et une élévation de privilèges.

Auteur: Cert FR

ValuePLUS Integrated University Management System Teachers Web Panel User ID/Password weak authentication

A vulnerability classified as critical has been found in ValuePLUS Integrated University Management System. This affects an unknown function of the component Teachers Web Panel. The manipulation of the argument User ID/Password with an unknown...
Auteur: VulDB

Linux Kernel up to 5.0.7 fs/binfmt_aout.c install_exec_creds() race condition

A vulnerability was found in Linux Kernel up to 5.0.7 (Operating System). It has been rated as problematic. Affected by this issue is the function install_exec_creds() of the file fs/binfmt_aout.c. The manipulation with an unknown input leads to...
Auteur: VulDB

Linux Kernel up to 4.7 setuid Program fs/binfmt_elf.c install_exec_creds() race condition

A vulnerability was found in Linux Kernel up to 4.7 (Operating System). It has been declared as problematic. Affected by this vulnerability is the function install_exec_creds() of the file fs/binfmt_elf.c of the component setuid Program Handler....
Auteur: VulDB

Palo Alto Expedition Migration Tool up to 1.1.12 Devices View cross site scripting

A vulnerability was found in Palo Alto Expedition Migration Tool up to 1.1.12 and classified as problematic. Affected by this issue is a part of the component Devices View. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB
First396397398399400401402403404405Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS