vendredi 20 septembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-446 : Multiples vulnérabilités dans les produits VMware (17 septembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

OpenEMR 5.0.1-6 cross site scripting

A vulnerability, which was classified as problematic, was found in OpenEMR 5.0.1-6 (Business Process Management Software). This affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

cURL up to 7.65.3 TFTP Protocol Heap-based memory corruption

A vulnerability, which was classified as critical, has been found in cURL up to 7.65.3 (Network Utility Software). Affected by this issue is some unknown functionality of the component TFTP Protocol Handler. There is no information about possible...
Auteur: VulDB

cURL up to 7.65.3 FTP-Kerberos Double-Free memory corruption

A vulnerability classified as critical was found in cURL up to 7.65.3 (Network Utility Software). Affected by this vulnerability is an unknown functionality of the component FTP-Kerberos. There is no information about possible countermeasures...
Auteur: VulDB

IBM Sterling File Gateway up to 6.0.1.0 Back-End Database sql injection

A vulnerability classified as critical has been found in IBM Sterling File Gateway up to 6.0.1.0 (Business Process Management Software). Affected is an unknown function of the component Back-End Database. There is no information about possible...
Auteur: VulDB

LogMeIn LastPass up to 4.32.x Clickjacking information disclosure

A vulnerability was found in LogMeIn LastPass up to 4.32.x. It has been rated as problematic. This issue affects some unknown processing. Upgrading to version 4.33.0 eliminates this vulnerability.
Auteur: VulDB

Gradle up to 5.x PGP Signing SHA1 weak authentication

A vulnerability was found in Gradle up to 5.x. It has been declared as problematic. This vulnerability affects an unknown code block of the component PGP Signing. Upgrading to version 6.0 eliminates this vulnerability.
Auteur: VulDB

GitLab Omnibus up to 12.2.1 logrotate privilege escalation

A vulnerability was found in GitLab Omnibus up to 12.2.1 (Bug Tracking Software). It has been classified as critical. This affects an unknown code of the component logrotate. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Image Upload Location information disclosure

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software) and classified as problematic. Affected by this issue is an unknown part of the component Image Upload. There is no information...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Markdown cross site scripting

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component Markdown Handler....
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 ID Merge Request Email information disclosure

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). Affected is an unknown functionality of the component ID Handler. There is no information...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Session Management weak authentication

A vulnerability, which was classified as critical, has been found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). This issue affects an unknown function of the component Session Management. There is no...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 CI Pipeline denial of service

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). This vulnerability affects some unknown processing of the component CI Pipeline Handler. There is no...
Auteur: VulDB

GitLab Community Edition/Enterprise Edition up to 12.2.1 Commit Title information disclosure

A vulnerability classified as problematic has been found in GitLab Community Edition and Enterprise Edition up to 12.2.1 (Bug Tracking Software). This affects an unknown code block of the component Commit Title Handler. There is no information...
Auteur: VulDB

OpenEMR v5.0.1-6 Remote Code Execution

A vulnerability was found in OpenEMR v5.0.1-6. It has been rated as critical. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

XS 9.0.0 Javascript xsAPI.c fxBeginHost memory corruption

A vulnerability was found in XS 9.0.0. It has been declared as critical. Affected by this vulnerability is the function fxBeginHost of the file xsAPI.c of the component Javascript Handler. There is no information about possible countermeasures...
Auteur: VulDB

Beego 1.10.0 File Session Manager information disclosure

A vulnerability was found in Beego 1.10.0. It has been classified as problematic. Affected is some unknown functionality of the component File Session Manager. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Beego 1.10.0 File Session Manager race condition directory traversal

A vulnerability was found in Beego 1.10.0 and classified as problematic. This issue affects an unknown functionality of the component File Session Manager. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Emerson GE Automation Proficy Machine Edition 8.0 Traffic Crash denial of service

A vulnerability has been found in Emerson GE Automation Proficy Machine Edition 8.0 and classified as problematic. This vulnerability affects an unknown function of the component Traffic Handler. There is no information about possible...
Auteur: VulDB

ffjpeg jfif.c jfif_load() memory corruption

A vulnerability, which was classified as critical, was found in ffjpeg (the affected version unknown). This affects the function jfif_load() of the file jfif.c. Upgrading eliminates this vulnerability. A possible mitigation has been published...
Auteur: VulDB

ffjpeg huffman.c huffman_decode_step() denial of service

A vulnerability, which was classified as problematic, has been found in ffjpeg (affected version not known). Affected by this issue is the function huffman_decode_step() of the file huffman.c. Upgrading eliminates this vulnerability. A possible...
Auteur: VulDB

ffjpeg dct.c idct2d8x8() denial of service

A vulnerability classified as problematic was found in ffjpeg (affected version unknown). Affected by this vulnerability is the function idct2d8x8() of the file dct.c. Upgrading eliminates this vulnerability. A possible mitigation has been...
Auteur: VulDB

Bento4 1.5.1-628 Core/Ap4ByteStream.cpp AP4_ByteStream::ReadUI32 denial of service

A vulnerability classified as problematic has been found in Bento4 1.5.1-628 (Multimedia Player Software). Affected is the function AP4_ByteStream::ReadUI32 of the file Core/Ap4ByteStream.cpp. There is no information about possible...
Auteur: VulDB

marc-q libwav up to 2019-08-15 wav_gain.c gain_file() denial of service

A vulnerability was found in marc-q libwav up to 2019-08-15 (Audio Processing Software). It has been rated as problematic. This issue affects the function gain_file() of the file wav_gain.c. There is no information about possible countermeasures...
Auteur: VulDB

ngiflib 0.4 ngiflib.c WritePixels() memory corruption

A vulnerability was found in ngiflib 0.4. It has been declared as critical. This vulnerability affects the function WritePixels() in the library ngiflib.c. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB
12345678910Last

Événements SSI

LES ASSISES

Grand rendez-vous annuel des RSSI, les Assises de la sécurité des systèmes d'information se tiennent à Monaco (Grimaldi Forum) du 9 au 12 octobre 2019. Organisées par DG Consultants.

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS