mardi 11 décembre 2018    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

LibRaw up to 0.18.6 src/libraw_cxx.cpp LibRaw::unpack() denial of service

A vulnerability, which was classified as problematic, has been found in LibRaw up to 0.18.6. This issue affects the function LibRaw::unpack() of the file src/libraw_cxx.cpp. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

LibRaw up to 0.18.6 dcraw_common.cpp) kodak_ycbcr_load_raw() memory corruption

A vulnerability classified as critical was found in LibRaw up to 0.18.6. This vulnerability affects the function LibRaw::kodak_ycbcr_load_raw() of the file internal/dcraw_common.cpp). The manipulation with an unknown input leads to a memory...
Auteur: VulDB

ZTE ZXIN10 up to ZXINOS-RESV1.01.43 devcomm privilege escalation

A vulnerability has been found in ZTE ZXIN10 up to ZXINOS-RESV1.01.43 and classified as critical. Affected by this vulnerability is an unknown function of the component devcomm. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Adobe Releases Security Updates

Original release date: December 06, 2018 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

CERTFR-2018-AVI-587 : Multiples vulnérabilités dans Adobe Flash Player (06 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-586 : Multiples vulnérabilités dans les produits Apple (06 décembre 2018)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Auteur: Cert FR

Apple Releases Multiple Security Updates

Original release date: December 05, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages...
Auteur: US Cert

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability was found in Freeware Advanced Audio Coder 1.29.9.2. It has been classified as problematic. Affected is the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability was found in Freeware Advanced Audio Coder 1.29.9.2 and classified as problematic. This issue affects the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability has been found in Freeware Advanced Audio Coder 1.29.9.2 and classified as problematic. This vulnerability affects the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability, which was classified as problematic, was found in Freeware Advanced Audio Coder 1.29.9.2. This affects the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability, which was classified as problematic, has been found in Freeware Advanced Audio Coder 1.29.9.2. Affected by this issue is the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

Freeware Advanced Audio Coder 1.29.9.2 libfaac/huff2.c huffcode denial of service

A vulnerability classified as problematic was found in Freeware Advanced Audio Coder 1.29.9.2. Affected by this vulnerability is the function huffcode of the file libfaac/huff2.c. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Artifex MuPDF 1.14.0 svg/svg-run.c svg_run_image href_att denial of service

A vulnerability classified as problematic has been found in Artifex MuPDF 1.14.0. Affected is the function svg_run_image of the file svg/svg-run.c. The manipulation of the argument href_att with an unknown input leads to a denial of service...
Auteur: VulDB

Artifex MuPDF 1.14.0 svg/svg-run.c fz_xml_att SVG File denial of service

A vulnerability was found in Artifex MuPDF 1.14.0. It has been rated as problematic. This issue affects the function fz_xml_att of the file svg/svg-run.c. The manipulation as part of a SVG File leads to a denial of service vulnerability...
Auteur: VulDB

ThinkCMF X2.2.2 ArticleController.class.php edit_post post[id][1] sql injection

A vulnerability has been found in ThinkCMF X2.2.2 and classified as critical. Affected by this vulnerability is the function edit_post of the file ArticleController.class.php. The manipulation of the argument post[id][1] as part of a Parameter...
Auteur: VulDB

ThinkCMF X2.2.2 AdminbaseController.class.php listorders() listorders[key][1] sql injection

A vulnerability, which was classified as critical, was found in ThinkCMF X2.2.2. Affected is the function listorders() of the file AdminbaseController.class.php. The manipulation of the argument listorders[key][1] as part of a Parameter leads to...
Auteur: VulDB

ThinkCMF X2.2.2 SlideController.class.php delete() ids[] sql injection

A vulnerability, which was classified as critical, has been found in ThinkCMF X2.2.2. This issue affects the function delete() of the file SlideController.class.php. The manipulation of the argument ids[] as part of a Parameter leads to a sql...
Auteur: VulDB

ThinkCMF X2.2.2 NavController.class.php edit_post() parentid sql injection

A vulnerability classified as critical was found in ThinkCMF X2.2.2. This vulnerability affects the function edit_post() of the file NavController.class.php. The manipulation of the argument parentid as part of a Parameter leads to a sql...
Auteur: VulDB

ThinkCMF X2.2.2 CommentadminController.class.php check() ids[] sql injection

A vulnerability classified as critical has been found in ThinkCMF X2.2.2. This affects the function check() of the file CommentadminController.class.php. The manipulation of the argument ids[] as part of a Parameter leads to a sql injection...
Auteur: VulDB

PbootCMS 1.2.1 SearchController.php Query String sql injection

A vulnerability was found in PbootCMS 1.2.1. It has been rated as critical. Affected by this issue is an unknown function of the file SearchController.php. The manipulation as part of a Query String leads to a sql injection vulnerability. Using...
Auteur: VulDB

DomainMod up to 4.11.01 admin/dw/add-server.php DisplayName/HostName/UserName cross site scripting

A vulnerability was found in DomainMod up to 4.11.01. It has been declared as problematic. Affected by this vulnerability is an unknown function of the file admin/dw/add-server.php. The manipulation of the argument DisplayName/HostName/UserName...
Auteur: VulDB

Crafter CMS 3.0.18 Template Command privilege escalation

A vulnerability was found in Crafter CMS 3.0.18 and classified as critical. Affected by this issue is an unknown function of the component Template Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability...
Auteur: VulDB

Moxa NPort W2x50A up to 2.1 Web Server net_WebPingGetValue HTTP POST Request privilege escalation

A vulnerability was found in Moxa NPort W2x50A up to 2.1. It has been rated as critical. This issue affects an unknown function of the file /goform/net_WebPingGetValue of the component Web Server. The manipulation as part of a HTTP POST Request...
Auteur: VulDB

IBM 3.0.0/3.0.2/3.0.5 Web UI cross site scripting

A vulnerability was found in IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0/3.0.2/3.0.5. It has been classified as problematic. This affects an unknown function of the component Web UI. The manipulation with an...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Le 11ème Forum International de la Cybersécurité occupe les 22 et 23 janvier 2019 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RENCONTRES AMRAE

Les 27èmes Rencontres de l'AMRAE (Association française des professionnels de la gestion des risques et des assurances) , le congrès annuel de référence des métiers du risque et des assurances, ont lieu du 6 au 8 février 2019 à Deauville (Centre International) sur le thème : "Le risque au coeur de la transformation". Organisées par l'AMRAE.

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS