samedi 25 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IC3 Issues Alert on Employment Scams

Original release date: January 22, 2020The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as...
Auteur: US Cert

Simple Machines Forum up to 2.0.15 unknown vulnerability [CVE-2019-12490]

A vulnerability, which was classified as problematic, was found in Simple Machines Forum up to 2.0.15. Upgrading to version 2.0.16 eliminates this vulnerability.
Auteur: VulDB

libxml2 2.9.10 parser.c xmlStringLenDecodeEntities denial of service

A vulnerability, which was classified as problematic, has been found in libxml2 2.9.10. Affected by this issue is the function xmlStringLenDecodeEntities of the file parser.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 Debug Options Page ping JSON privilege escalation

A vulnerability classified as critical was found in Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592. Affected by this vulnerability is the function ping of the component Debug Options Page. There is no information about possible...
Auteur: VulDB

Sonoff TH 10/TH 16 6.6.0.21 Friendly Name cross site scripting

A vulnerability classified as problematic has been found in Sonoff TH 10 and TH 16 6.6.0.21. Affected is an unknown functionality of the component Friendly Name Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

qdPM up to 9.1 Profile Photo users['photop_preview'] Code Execution directory traversal

A vulnerability was found in qdPM up to 9.1. It has been rated as critical. This issue affects an unknown function of the component Profile Photo Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Simplejobscript.com SJS up to 1.64 Search Engine _lib/class.Job.php countSearchedJobs() landing_location sql injection

A vulnerability was found in Simplejobscript.com SJS up to 1.64. It has been declared as critical. This vulnerability affects the function countSearchedJobs() in the library _lib/class.Job.php of the component Search Engine. Upgrading to version...
Auteur: VulDB

Parallels 13 Update Process Man-in-the-Middle weak encryption

A vulnerability was found in Parallels 13. It has been classified as problematic. This affects an unknown code block of the component Update Process. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

libslirp 4.1.0 on Windows tftp.c directory traversal

A vulnerability was found in libslirp 4.1.0 on Windows and classified as critical. Affected by this issue is an unknown code of the file tftp.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

storeBackup up to 3.5 storeBackup.pl File Name privilege escalation

A vulnerability has been found in storeBackup up to 3.5 and classified as critical. Affected by this vulnerability is an unknown part of the file storeBackup.pl. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CarbonFTP 1.4 Default Credentials weak encryption

A vulnerability, which was classified as critical, was found in CarbonFTP 1.4. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

marketo-forms-and-tracking Plugin up to 1.0.2 on WordPress admin.php cross site request forgery

A vulnerability, which was classified as problematic, has been found in marketo-forms-and-tracking Plugin up to 1.0.2 on WordPress. This issue affects an unknown functionality of the file wp-admin/admin.php?page=marketo_fat. There is no...
Auteur: VulDB

Grin up to 2.1.1 unknown vulnerability [CVE-2020-6638]

A vulnerability classified as problematic was found in Grin up to 2.1.1. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

apt-cacher-ng up to 3.3 acngtool information disclosure

A vulnerability was found in apt-cacher-ng up to 3.3. It has been rated as problematic. Affected by this issue is an unknown code block in the library /usr/lib/apt-cacher-ng/acngtool. There is no information about possible countermeasures known....
Auteur: VulDB

Huawei Mate 20 prior 10.0.0.175(C00E70R3P8) privilege escalation

A vulnerability was found in Huawei Mate 20. It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 10.0.0.175(C00E70R3P8) eliminates this vulnerability.
Auteur: VulDB

Huawei Honor V30 prior 10.0.1.135(C00E130R4P1) Authentication Application privilege escalation

A vulnerability was found in Huawei Honor V30. It has been classified as problematic. Affected is an unknown part of the component Authentication. Upgrading to version 10.0.1.135(C00E130R4P1) eliminates this vulnerability.
Auteur: VulDB

Quay up to 2.x Web GUI POST Request cross site request forgery

A vulnerability, which was classified as problematic, has been found in Quay up to 2.x. This issue affects an unknown code of the component Web GUI. Upgrading to version 3.0.0 eliminates this vulnerability.
Auteur: VulDB

libxml2 2.9.10 xmlschemas.c xmlSchemaPreRun denial of service

A vulnerability classified as problematic was found in libxml2 2.9.10. This vulnerability affects the function xmlSchemaPreRun of the file xmlschemas.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

libsolv up to 0.7.5 repodata.c repodata_schema2id memory corruption

A vulnerability classified as critical has been found in libsolv up to 0.7.5. This affects the function repodata_schema2id of the file repodata.c. Upgrading to version 0.7.6 eliminates this vulnerability.
Auteur: VulDB

Trustwave ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3 transaction.cc addRequestHeader Request denial of service

A vulnerability was found in Trustwave ModSecurity 3.0.0/3.0.1/3.0.2/3.0.3. It has been rated as problematic. Affected by this issue is the function Transaction::addRequestHeader of the file transaction.cc. There is no information about possible...
Auteur: VulDB

Jama Connect 8.44.0 Data Import Wizard cross site scripting

A vulnerability was found in Jama Connect 8.44.0. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Data Import Wizard. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Huawei Products LDAP Server Malformed Packet Crash denial of service

A vulnerability was found in Huawei Products (version unknown). It has been classified as problematic. Affected is some unknown processing of the component LDAP Server. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Huawei Products LDAP Client Malformed Packet Integer Overflow denial of service

A vulnerability was found in Huawei Products (Smartphone Operating System) (unknown version) and classified as problematic. This issue affects an unknown code block of the component LDAP Client. There is no information about possible...
Auteur: VulDB

Huawei USG9500 up to V500R005C00SPC200 weak encryption [CVE-2019-19411]

A vulnerability has been found in Huawei USG9500 and classified as problematic. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

forDNN.UsersExportImport Module up to 1.1.x on DNN User privilege escalation

A vulnerability, which was classified as critical, was found in forDNN.UsersExportImport Module up to 1.1.x on DNN. This affects an unknown part. Upgrading to version 1.2.0 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS