samedi 25 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Ruckus Wireless Unleashed up to 200.7.10.102.64 admin/_cmdstat.jsp xcmd privilege escalation

A vulnerability was found in Ruckus Wireless Unleashed up to 200.7.10.102.64. It has been rated as critical. Affected by this issue is some unknown processing of the file admin/_cmdstat.jsp. There is no information about possible countermeasures...
Auteur: VulDB

Ruckus Wireless Unleashed up to 200.7.10.102.64 emfd admin/_cmdstat.jsp xcmd privilege escalation

A vulnerability was found in Ruckus Wireless Unleashed up to 200.7.10.102.64. It has been declared as critical. Affected by this vulnerability is an unknown code block of the file admin/_cmdstat.jsp of the component emfd. There is no information...
Auteur: VulDB

Ruckus Wireless Unleashed up to 200.7.10.102.64 zap.c zap_parse_args HTTP Request memory corruption

A vulnerability was found in Ruckus Wireless Unleashed up to 200.7.10.102.64. It has been classified as critical. Affected is the function zap_parse_args of the file zap.c. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Ruckus Wireless Unleashed up to 200.7.10.102.64 zap tools/_rcmdstat.jsp AjaxRestrictedCmdStat POST Request Remote Code Execution

A vulnerability was found in Ruckus Wireless Unleashed up to 200.7.10.102.64 and classified as critical. This issue affects the function AjaxRestrictedCmdStat of the file tools/_rcmdstat.jsp of the component zap. There is no information about...
Auteur: VulDB

Ruckus Wireless Unleashed up to 200.7.10.102.64 ruckus_cli2 directory traversal

A vulnerability has been found in Ruckus Wireless Unleashed up to 200.7.10.102.64 and classified as critical. This vulnerability affects some unknown functionality of the component ruckus_cli2. There is no information about possible...
Auteur: VulDB

Waitress up to 1.3.1 HTTP Header Content-Length HTTP Smuggling privilege escalation

A vulnerability was found in Waitress up to 1.3.1. It has been rated as critical. This issue affects an unknown code of the component HTTP Header Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

schema-inspector up to 1.6.8 Javascript privilege escalation

A vulnerability was found in schema-inspector up to 1.6.8. It has been declared as critical. This vulnerability affects an unknown part of the component Javascript Handler. Upgrading to version 1.6.9 eliminates this vulnerability.
Auteur: VulDB

BibTeX-ruby up to 5.0.x command injection [CVE-2019-10780]

A vulnerability was found in BibTeX-ruby up to 5.0.x. It has been classified as critical. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Samsung Galaxy Gear up to Build RE1 wpa_supplicant System Service privilege escalation

A vulnerability was found in Samsung Galaxy Gear up to Build RE1 (Smartphone Operating System) and classified as critical. Affected by this issue is an unknown functionality of the component wpa_supplicant System Service. Upgrading to version...
Auteur: VulDB

Samsung Galaxy Gear up to Build RE1 wemail_consumer_service privilege escalation

A vulnerability has been found in Samsung Galaxy Gear up to Build RE1 (Smartphone Operating System) and classified as critical. Affected by this vulnerability is an unknown function of the component wemail_consumer_service. Upgrading to version...
Auteur: VulDB

Samsung Galaxy Gear up to Build RE1 hcidump Utility Bluetooth HCI Packet information disclosure

A vulnerability, which was classified as problematic, was found in Samsung Galaxy Gear up to Build RE1 (Smartphone Operating System). Affected is some unknown processing of the component hcidump Utility. Upgrading to version Build RE2 eliminates...
Auteur: VulDB

Samsung Galaxy Gear up to Build RE1 wnoti System Service privilege escalation

A vulnerability, which was classified as critical, has been found in Samsung Galaxy Gear up to Build RE1 (Smartphone Operating System). This issue affects an unknown code block of the component wnoti System Service. Upgrading to version Build RE2...
Auteur: VulDB

Samsung Tizen up to 5.0 SoundServer/FocusServer privilege escalation

A vulnerability classified as critical was found in Samsung Tizen up to 5.0. This vulnerability affects an unknown code of the component SoundServer/FocusServer. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 system-popup System Service privilege escalation

A vulnerability classified as critical has been found in Samsung Tizen up to 5.0. This affects an unknown part of the component system-popup System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 Enlightenment System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Enlightenment System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 BT Core System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component BT Core System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 BlueZ System privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been classified as critical. Affected is an unknown function of the component BlueZ System. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 PulseAudio System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0 and classified as critical. This issue affects some unknown processing of the component PulseAudio System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 Package Management privilege escalation

A vulnerability has been found in Samsung Tizen up to 5.0 and classified as critical. This vulnerability affects an unknown code block of the component Package Management Handler. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Increased Emotet Malware Activity

Original release date: January 22, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or...
Auteur: US Cert

Inria et la CNIL recompensent une équipe de recherche européenne avec le prix CNIL-Inria 2019 pour la protection de la vie privée

La CNIL et Inria ont remis le prix 2019 pour la protection de la vie privée à une équipe de recherche européenne lors de la 13e conférence international Computers, Privacy and Data Protection (CPDP). Julien Gamba, Mohammed Rashed, Abbas...
Auteur: Cnil

IC3 Issues Alert on Employment Scams

Original release date: January 22, 2020The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as...
Auteur: US Cert

Simple Machines Forum up to 2.0.15 unknown vulnerability [CVE-2019-12490]

A vulnerability, which was classified as problematic, was found in Simple Machines Forum up to 2.0.15. Upgrading to version 2.0.16 eliminates this vulnerability.
Auteur: VulDB

libxml2 2.9.10 parser.c xmlStringLenDecodeEntities denial of service

A vulnerability, which was classified as problematic, has been found in libxml2 2.9.10. Affected by this issue is the function xmlStringLenDecodeEntities of the file parser.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 Debug Options Page ping JSON privilege escalation

A vulnerability classified as critical was found in Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592. Affected by this vulnerability is the function ping of the component Debug Options Page. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS