lundi 16 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Chamilo LMS 1.11.8 Gradebook Dependencies Tool gradebook_list.tpl cross site scripting

A vulnerability, which was classified as problematic, has been found in Chamilo LMS 1.11.8. Affected by this issue is some functionality of the file main/template/default/admin/gradebook_list.tpl of the component Gradebook Dependencies Tool. The...
Auteur: VulDB

Trend Micro OfficeScan XG File Permission privilege escalation

A vulnerability was found in Trend Micro OfficeScan XG (the affected version is unknown). It has been declared as critical. This vulnerability affects a code block of the component File Permission. The manipulation with an unknown input leads to...
Auteur: VulDB

Trend Micro OfficeScan XG File Permission privilege escalation

A vulnerability was found in Trend Micro OfficeScan XG (the affected version unknown). It has been classified as critical. This affects code of the component File Permission. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Trend Micro Dr. Safety for Android up to 3.0.1324 Address Bar spoofing

A vulnerability was found in Trend Micro Dr. Safety for Android up to 3.0.1324 and classified as critical. Affected by this issue is a part of the component Address Bar. The manipulation with an unknown input leads to a spoofing vulnerability....
Auteur: VulDB

Gigabyte App Center GDrv Low-Level Driver privilege escalation

A vulnerability was found in Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine and OC Guru II. It has been rated as critical. This issue affects some processing of the component GDrv Low-Level Driver. The manipulation with an...
Auteur: VulDB

D-Link DIR-140L/DIR-640L dirary0.js information disclosure

A vulnerability has been found in D-Link DIR-140L and DIR-640L (affected version unknown) and classified as problematic. Affected by this vulnerability is a functionality of the file dirary0.js. The manipulation with an unknown input leads to a...
Auteur: VulDB

D-Link DSL/DIR/DWR spaces.htm information disclosure

A vulnerability, which was classified as problematic, was found in D-Link DSL, DIR and DWR (version unknown). Affected is a function of the file spaces.htm. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

D-Link DSL-2770L atbox.htm information disclosure

A vulnerability, which was classified as problematic, has been found in D-Link DSL-2770L (unknown version). This issue affects some functionality of the file atbox.htm. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Jenzabar up to 9.2.0 query cross site scripting

A vulnerability classified as problematic was found in Jenzabar up to 9.2.0. This vulnerability affects the functionality. The manipulation of the argument query as part of a Parameter leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

Hancom Office 2010/Office 2014/Office 2018/Office NEO Compound File Document Heap-based memory corruption

A vulnerability was found in Hancom Office 2010, Office 2014, Office 2018 and Office NEO (affected version not known) and classified as critical. Affected by this issue is a part of the component Compound File Handler. The manipulation as part...
Auteur: VulDB

ALZip up to 10.76.0.0 LZH Archive Stack-based memory corruption

A vulnerability has been found in ALZip up to 10.76.0.0 and classified as critical. Affected by this vulnerability is a functionality of the component LZH Archive Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

StackStorm up to 2.9.1/2.10.0 st2api /v1/keys ?scope=all privilege escalation

A vulnerability was found in StackStorm up to 2.9.1/2.10.0. It has been rated as critical. Affected by this issue is some processing of the file /v1/keys of the component st2api. The manipulation of the argument ?scope=all as part of a Parameter...
Auteur: VulDB

Floureon IP Camera SP012 UART Serial Interface privilege escalation

A vulnerability was found in Floureon IP Camera SP012 (affected version unknown). It has been declared as critical. Affected by this vulnerability is a code block of the component UART Serial Interface. The manipulation with an unknown input...
Auteur: VulDB

Danijar Hafner Definitions Package on Python definitions/parser.py load() privilege escalation

A vulnerability was found in Danijar Hafner Definitions Package on Python (version unknown). It has been classified as critical. Affected is the function load() of the file definitions/parser.py. The manipulation with an unknown input leads to a...
Auteur: VulDB

LimeSurvey File Upload ZIP File Code Execution cross site scripting

A vulnerability was found in LimeSurvey (unknown version) and classified as problematic. This issue affects a part of the component File Upload. The manipulation as part of a ZIP File leads to a cross site scripting vulnerability (Code...
Auteur: VulDB

TheHive Project Cortex up to 2.1.2 Role.toString privilege escalation

A vulnerability has been found in TheHive Project Cortex up to 2.1.2 and classified as critical. This vulnerability affects the function Role.toString. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE...
Auteur: VulDB

Gigabyte App Center GDrv Low-Level Driver privilege escalation

A vulnerability, which was classified as critical, has been found in Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine and OC Guru II. Affected by this issue is some functionality of the component GDrv Low-Level Driver. The...
Auteur: VulDB

Gigabyte App Center GPCIDrv/GDrv privilege escalation [CVE-2018-19322]

A vulnerability classified as critical was found in Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine and OC Guru II. Affected by this vulnerability is the functionality of the component GPCIDrv/GDrv. The manipulation with an...
Auteur: VulDB

SKCertService up to 2.5.5 DLL privilege escalation

A vulnerability was found in SKCertService up to 2.5.5. It has been classified as critical. This affects the function SKCertService of the component DLL Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SQLite up to 3.25.2 FTS3 Extension Query Integer Overflow memory corruption

A vulnerability classified as critical has been found in SQLite up to 3.25.2. This affects an unknown function of the component FTS3 Extension. The manipulation as part of a Query leads to a memory corruption vulnerability (Integer Overflow)....
Auteur: VulDB

Pulse Secure Access SA 4.2/5.1R5 update.cgi privilege escalation

A vulnerability, which was classified as problematic, was found in Pulse Secure Access SA 4.2/5.1R5. This affects a function of the file /dana-admin/user/update.cgi. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Gigabyte App Center GPCIDrv/GDrv privilege escalation [CVE-2018-19321]

A vulnerability classified as critical has been found in Gigabyte App Center, Aorus Graphics Engine, Xtreme Gaming Engine and OC Guru II. Affected is an unknown function of the component GPCIDrv/GDrv. The manipulation with an unknown input leads...
Auteur: VulDB

VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The...
Auteur: US Cert

VU#741315: A Dokan file driver contains a stack-based buffer overflow

CWE-121:Stack-based Buffer Overflow - CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send...
Auteur: US Cert

Chinese Malicious Cyber Activity

Original release date: December 20, 2018 The Department of Homeland Security (DHS) Cybersecurity and Infrastructure and Security Agency (CISA) released information on Chinese government malicious cyber activity targeting global information...
Auteur: US Cert
First481482483484485486487488489490Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS