lundi 27 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Samsung Tizen up to 5.0 system-popup System Service privilege escalation

A vulnerability classified as critical has been found in Samsung Tizen up to 5.0. This affects an unknown part of the component system-popup System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 Enlightenment System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Enlightenment System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 BT Core System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component BT Core System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 BlueZ System privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0. It has been classified as critical. Affected is an unknown function of the component BlueZ System. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 PulseAudio System Service privilege escalation

A vulnerability was found in Samsung Tizen up to 5.0 and classified as critical. This issue affects some unknown processing of the component PulseAudio System Service. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Samsung Tizen up to 5.0 Package Management privilege escalation

A vulnerability has been found in Samsung Tizen up to 5.0 and classified as critical. This vulnerability affects an unknown code block of the component Package Management Handler. Upgrading to version 5.0 M1 eliminates this vulnerability.
Auteur: VulDB

Increased Emotet Malware Activity

Original release date: January 22, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or...
Auteur: US Cert

Inria et la CNIL recompensent une équipe de recherche européenne avec le prix CNIL-Inria 2019 pour la protection de la vie privée

La CNIL et Inria ont remis le prix 2019 pour la protection de la vie privée à une équipe de recherche européenne lors de la 13e conférence international Computers, Privacy and Data Protection (CPDP). Julien Gamba, Mohammed Rashed, Abbas...
Auteur: Cnil

IC3 Issues Alert on Employment Scams

Original release date: January 22, 2020The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as...
Auteur: US Cert

Simple Machines Forum up to 2.0.15 unknown vulnerability [CVE-2019-12490]

A vulnerability, which was classified as problematic, was found in Simple Machines Forum up to 2.0.15. Upgrading to version 2.0.16 eliminates this vulnerability.
Auteur: VulDB

libxml2 2.9.10 parser.c xmlStringLenDecodeEntities denial of service

A vulnerability, which was classified as problematic, has been found in libxml2 2.9.10. Affected by this issue is the function xmlStringLenDecodeEntities of the file parser.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 Debug Options Page ping JSON privilege escalation

A vulnerability classified as critical was found in Multitech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592. Affected by this vulnerability is the function ping of the component Debug Options Page. There is no information about possible...
Auteur: VulDB

Sonoff TH 10/TH 16 6.6.0.21 Friendly Name cross site scripting

A vulnerability classified as problematic has been found in Sonoff TH 10 and TH 16 6.6.0.21. Affected is an unknown functionality of the component Friendly Name Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

qdPM up to 9.1 Profile Photo users['photop_preview'] Code Execution directory traversal

A vulnerability was found in qdPM up to 9.1. It has been rated as critical. This issue affects an unknown function of the component Profile Photo Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Simplejobscript.com SJS up to 1.64 Search Engine _lib/class.Job.php countSearchedJobs() landing_location sql injection

A vulnerability was found in Simplejobscript.com SJS up to 1.64. It has been declared as critical. This vulnerability affects the function countSearchedJobs() in the library _lib/class.Job.php of the component Search Engine. Upgrading to version...
Auteur: VulDB

Parallels 13 Update Process Man-in-the-Middle weak encryption

A vulnerability was found in Parallels 13. It has been classified as problematic. This affects an unknown code block of the component Update Process. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

libslirp 4.1.0 on Windows tftp.c directory traversal

A vulnerability was found in libslirp 4.1.0 on Windows and classified as critical. Affected by this issue is an unknown code of the file tftp.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

storeBackup up to 3.5 storeBackup.pl File Name privilege escalation

A vulnerability has been found in storeBackup up to 3.5 and classified as critical. Affected by this vulnerability is an unknown part of the file storeBackup.pl. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CarbonFTP 1.4 Default Credentials weak encryption

A vulnerability, which was classified as critical, was found in CarbonFTP 1.4. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

marketo-forms-and-tracking Plugin up to 1.0.2 on WordPress admin.php cross site request forgery

A vulnerability, which was classified as problematic, has been found in marketo-forms-and-tracking Plugin up to 1.0.2 on WordPress. This issue affects an unknown functionality of the file wp-admin/admin.php?page=marketo_fat. There is no...
Auteur: VulDB

Grin up to 2.1.1 unknown vulnerability [CVE-2020-6638]

A vulnerability classified as problematic was found in Grin up to 2.1.1. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

apt-cacher-ng up to 3.3 acngtool information disclosure

A vulnerability was found in apt-cacher-ng up to 3.3. It has been rated as problematic. Affected by this issue is an unknown code block in the library /usr/lib/apt-cacher-ng/acngtool. There is no information about possible countermeasures known....
Auteur: VulDB

Huawei Mate 20 prior 10.0.0.175(C00E70R3P8) privilege escalation

A vulnerability was found in Huawei Mate 20. It has been declared as critical. Affected by this vulnerability is an unknown code. Upgrading to version 10.0.0.175(C00E70R3P8) eliminates this vulnerability.
Auteur: VulDB

Huawei Honor V30 prior 10.0.1.135(C00E130R4P1) Authentication Application privilege escalation

A vulnerability was found in Huawei Honor V30. It has been classified as problematic. Affected is an unknown part of the component Authentication. Upgrading to version 10.0.1.135(C00E130R4P1) eliminates this vulnerability.
Auteur: VulDB

Quay up to 2.x Web GUI POST Request cross site request forgery

A vulnerability, which was classified as problematic, has been found in Quay up to 2.x. This issue affects an unknown code of the component Web GUI. Upgrading to version 3.0.0 eliminates this vulnerability.
Auteur: VulDB
First234567891011Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS