dimanche 22 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Micro Focus Service Manager up to 9.62 Browser weak encryption

A vulnerability has been found in Micro Focus Service Manager up to 9.62 and classified as problematic. This vulnerability affects an unknown part of the component Browser. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Tomcat weak encryption

A vulnerability, which was classified as problematic, was found in Micro Focus Service Manager up to 9.62. This affects some unknown functionality of the component Tomcat. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Error Message information disclosure

A vulnerability, which was classified as problematic, has been found in Micro Focus Service Manager up to 9.62. Affected by this issue is an unknown functionality of the component Error Message Handler. There is no information about possible...
Auteur: VulDB

Micro Focus Service Manager up to 9.62 Table privilege escalation

A vulnerability classified as critical was found in Micro Focus Service Manager up to 9.62. Affected by this vulnerability is an unknown function of the component Table Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

TIBCO Enterprise Runtime for R Server Remote Code Execution

A vulnerability classified as critical has been found in TIBCO Enterprise Runtime for R and Spotfire Analytics Platform for AWS Marketplace (version unknown). Affected is some unknown processing of the component Server. There is no information...
Auteur: VulDB

TIBCO Enterprise Runtime for R Server privilege escalation

A vulnerability was found in TIBCO Enterprise Runtime for R and Spotfire Analytics Platform for AWS Marketplace (unknown version). It has been rated as critical. This issue affects an unknown code block of the component Server. There is no...
Auteur: VulDB

Cisco HyperFlex Software Web-based Interface Clickjacking cross site scripting

A vulnerability was found in Cisco HyperFlex Software (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown code of the component Web-based Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Webkul Bagisto up to 0.1.4 privilege escalation

A vulnerability was found in Webkul Bagisto up to 0.1.4. It has been classified as critical. This affects an unknown part. Upgrading to version 0.1.5 eliminates this vulnerability.
Auteur: VulDB

Zulip Server up to 2.0.4 File Upload Stored cross site scripting

A vulnerability has been found in Zulip Server up to 2.0.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. Upgrading to version 2.0.5 eliminates this vulnerability.
Auteur: VulDB

Zulip Server up to 2.0.4 Markdown Parser Message CPU Exhaustion denial of service

A vulnerability, which was classified as problematic, was found in Zulip Server up to 2.0.4. Affected is an unknown function of the component Markdown Parser. Upgrading to version 2.0.5 eliminates this vulnerability.
Auteur: VulDB

Xiaomi Millet Mobile Phone 1-6.3.9.3 File Upload Man-in-the-Middle privilege escalation

A vulnerability, which was classified as critical, has been found in Xiaomi Millet Mobile Phone 1-6.3.9.3 (Smartphone Operating System). This issue affects some unknown processing of the component File Upload. There is no information about...
Auteur: VulDB

Western Digital WD My Book World up to II 1.02.12 /admin/ password weak authentication

A vulnerability was found in Western Digital WD My Book World up to II 1.02.12 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/. There is no information about possible countermeasures known. It...
Auteur: VulDB

Publisure 2.1.2 userAccFunctions.php sql injection

A vulnerability classified as critical was found in Publisure 2.1.2. This vulnerability affects an unknown code block of the file userAccFunctions.php. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Publisure 2.1.2 Secure Portal /AdminDir privilege escalation

A vulnerability classified as critical has been found in Publisure 2.1.2. This affects an unknown code of the file /AdminDir of the component Secure Portal. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Publisure 2.1.2 Secure Portal adminCons.php PHP File privilege escalation

A vulnerability was found in Publisure 2.1.2. It has been rated as critical. Affected by this issue is an unknown part of the file adminCons.php of the component Secure Portal. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Cisco HyperFlex Software Statistics Collection Service Injection privilege escalation

A vulnerability was found in Cisco HyperFlex Software (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Statistics Collection Service. Upgrading eliminates...
Auteur: VulDB

CERTFR-2019-AVI-450 : Vulnérabilité dans Mozilla Firefox (19 septembre 2019)

Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-449 : Multiples vulnérabilités dans Google Chrome (19 septembre 2019)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

IBM Financial Transaction Manager up to 2.0.0.5/2.1.0.4/2.1.1.4/3.0.0.8 URL Request directory traversal

A vulnerability was found in IBM Financial Transaction Manager up to 2.0.0.5/2.1.0.4/2.1.1.4/3.0.0.8 (Financial Software). It has been classified as problematic. Affected is an unknown functionality of the component URL Handler. There is no...
Auteur: VulDB

Tevolution Plugin up to 2.2.x File Upload single_upload.php privilege escalation

A vulnerability was found in Tevolution Plugin up to 2.2.x and classified as critical. This issue affects an unknown function of the file single_upload.php of the component File Upload. Upgrading to version 2.3.0 eliminates this vulnerability.
Auteur: VulDB

Truemag Theme 2016 Q2 on WordPress cross site scripting

A vulnerability has been found in Truemag Theme 2016 Q2 on WordPress (WordPress Plugin) and classified as problematic. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2019-AVI-448 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (18 septembre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

Dahua IPC-HDW1X2X Online Upgrade Reverse Engineering information disclosure

A vulnerability, which was classified as problematic, was found in Dahua IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X and IPC-HFW5X2X. This affects an unknown code block of the component...
Auteur: VulDB

3S-Smart CODESYS up to 3.5 Control Runtime Network Packet Crash denial of service

A vulnerability, which was classified as problematic, has been found in 3S-Smart CODESYS up to 3.5. Affected by this issue is an unknown code of the component Control Runtime. Upgrading to version 3.5.15.0 eliminates this vulnerability.
Auteur: VulDB

Schneider Electric U.motion Server Message Format String

A vulnerability classified as critical was found in Schneider Electric U.motion Server (Automation Software) (affected version unknown). Affected by this vulnerability is an unknown part of the component Message Handler. There is no information...
Auteur: VulDB
12345678910Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS