dimanche 16 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel up to 5.0.x Heap-based information disclosure

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.0.x (Operating System). This affects a function. The manipulation with an unknown input leads to a information disclosure vulnerability (Heap-based). CWE is...
Auteur: VulDB

Linux Kernel up to 5.0.x Heap-based information disclosure

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.0.x (Operating System). Affected by this issue is some functionality. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

D-Link DWR-921 /EXCU_SHELL GET Request privilege escalation

A vulnerability classified as very critical was found in D-Link DAP-1530, DAP-1610, DWR-111, DWR-116, DWR-512, DWR-711, DWR-712 and DWR-921. Affected by this vulnerability is the functionality of the file /EXCU_SHELL. The manipulation as part of...
Auteur: VulDB

UiPath Orchestrator up to 2018.2.4 Remote Code Execution [CVE-2018-17305]

A vulnerability classified as critical has been found in UiPath Orchestrator up to 2018.2.4. Affected is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code Execution). CWE is...
Auteur: VulDB

Verizon Fios Quantum Gateway G1100 02.01.00.05 Administrative Web Interface weak authentication

A vulnerability was found in Verizon Fios Quantum Gateway G1100 02.01.00.05. It has been declared as critical. Affected by this vulnerability is a code block of the component Administrative Web Interface. The manipulation with an unknown input...
Auteur: VulDB

JFrog Artifactory 6.7.3 HTTP Header X-Forwarded-For Password Reset privilege escalation

A vulnerability was found in JFrog Artifactory 6.7.3. It has been classified as critical. Affected is code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For with an unknown input leads to a privilege...
Auteur: VulDB

CMS Made Simple 2.2.8 FrontEndUsers class.FrontEndUsersManipulate.php __FEU__ privilege escalation

A vulnerability was found in CMS Made Simple 2.2.8 (Content Management System) and classified as critical. This issue affects a part of the file class.FrontEndUsersManipulate.php of the component FrontEndUsers. The manipulation of the argument...
Auteur: VulDB

Auth0 Auth0-WCF-Service-JWT up to 1.0.3 Error Message Signature information disclosure

A vulnerability has been found in Auth0 Auth0-WCF-Service-JWT up to 1.0.3 and classified as problematic. This vulnerability affects a functionality of the component Error Message Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Zarafa WebAccess 7.2.0-48204 Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in Zarafa WebAccess 7.2.0-48204. This affects a function. The manipulation with an unknown input leads to a cross site scripting vulnerability (Reflected). CWE is classifying the...
Auteur: VulDB

GitLab Community/Enterprise up to 11.5.7/11.6.5/11.7.0 Persistent cross site scripting

A vulnerability, which was classified as critical, has been found in GitLab Community and Enterprise up to 11.5.7/11.6.5/11.7.0. Affected by this issue is some functionality. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

F5 BIG-IP up to 11.5.8/11.6.3.4/12.1.4/13.1.1.1/14.0.0.4 URL Classification denial of service

A vulnerability classified as problematic was found in F5 BIG-IP up to 11.5.8/11.6.3.4/12.1.4/13.1.1.1/14.0.0.4 (Firewall Software). Affected by this vulnerability is the functionality of the component URL Classification. The manipulation with...
Auteur: VulDB

Gemalto Sentinel UltraPro Client Library 1.3.0/1.3.1/1.3.2 ux32w.dll Search Path privilege escalation

A vulnerability classified as problematic has been found in Gemalto Sentinel UltraPro Client Library 1.3.0/1.3.1/1.3.2. Affected is an unknown function in the library ux32w.dll. The manipulation as part of a Search Path leads to a privilege...
Auteur: VulDB

AVEVA Wonderware System Platform up to 2017 Update 2 IPC Credentials information disclosure

A vulnerability was found in AVEVA Wonderware System Platform up to 2017 Update 2. It has been rated as problematic. This issue affects some processing of the component IPC Handler. The manipulation with an unknown input leads to a information...
Auteur: VulDB

IObit Smart Defrag 6 Driver SmartDefragDriver.sys information disclosure

A vulnerability was found in IObit Smart Defrag 6. It has been declared as problematic. This vulnerability affects a code block in the library SmartDefragDriver.sys of the component Driver. The manipulation with an unknown input leads to a...
Auteur: VulDB

SilverStripe up to 3.6.6/3.7.2/4.0.6/4.2.3/4.3.0 Form/DataObject Reflected sql injection

A vulnerability was found in SilverStripe up to 3.6.6/3.7.2/4.0.6/4.2.3/4.3.0 (Content Management System). It has been classified as critical. This affects code of the component Form/DataObject Handler. The manipulation with an unknown input...
Auteur: VulDB

Capsule SmartLinx Neuron 2 6.9.1 Kiosk Mode privilege escalation

A vulnerability was found in Capsule SmartLinx Neuron 2 6.9.1 and classified as critical. Affected by this issue is a part of the component Kiosk Mode. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB

Inteno iopsys up to 1.x/2.x/3.16 JSON-RPC path privilege escalation

A vulnerability has been found in Inteno iopsys up to 1.x/2.x/3.16 and classified as critical. Affected by this vulnerability is a functionality of the component JSON-RPC Handler. The manipulation of the argument path as part of a Argument leads...
Auteur: VulDB

MyBB up to 1.8.19 index.php upsetting[bburl] cross site scripting

A vulnerability, which was classified as problematic, was found in MyBB (Content Management System). Affected is a function of the file index.php. The manipulation of the argument upsetting[bburl] as part of a Parameter leads to a cross site...
Auteur: VulDB

Gestion des ressources humaines et des alertes professionnelles : la CNIL lance une consultation publique sur deux futurs référentiels

Depuis la mise en œuvre du RGPD et l’adoption de la nouvelle loi Informatique et Libertés, la CNIL peut édicter des référentiels afin de guider les organismes dans la mise en conformité de leur traitement. Ces référentiels actualisent les normes...
Auteur: Cnil

Juniper Networks Releases Multiple Security Updates

Original release date: April 10, 2019 Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected...
Auteur: US Cert

North Korean Malicious Cyber Activity

Original release date: April 10, 2019 The Department of Homeland Security and the Federal Bureau of Investigation have released a Malware Analysis Report (MAR), identifying a Trojan malware variant—referred to as HOPLIGHT—used by the North...
Auteur: US Cert

CERTFR-2019-AVI-160 : Multiples vulnérabilités dans les produits Microsoft (10 avril 2019)

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation...
Auteur: Cert FR

CERTFR-2019-AVI-159 : Vulnérabilité dans Microsoft .Net (10 avril 2019)

Une vulnérabilité a été corrigée dans Microsoft .Net. Elle permet à un attaquant de provoquer un déni de service.

Auteur: Cert FR

CERTFR-2019-AVI-158 : Multiples vulnérabilités dans Microsoft Windows (10 avril 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et un contournement de...
Auteur: Cert FR

CERTFR-2019-AVI-157 : Multiples vulnérabilités dans Microsoft Office (10 avril 2019)

De multiples vulnérabilités ont été corrigées dans Microsoft Office. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Auteur: Cert FR
First627628629630631632633634635636Last

Événements SSI