vendredi 13 décembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Xen up to 4.12.x Bit Iteration Out-of-Bounds denial of service

A vulnerability classified as problematic has been found in Xen up to 4.12.x (Virtualization Software). Affected is some unknown processing of the component Bit Iteration Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Xen up to 4.12.x Incomplete Fix PV Guest race condition

A vulnerability was found in Xen up to 4.12.x (Virtualization Software). It has been rated as problematic. This issue affects an unknown code block of the component Incomplete Fix. There is no information about possible countermeasures known. It...
Auteur: VulDB

Xen up to 4.12.x Pagetable PV Guest denial of service

A vulnerability was found in Xen up to 4.12.x (Virtualization Software). It has been declared as problematic. This vulnerability affects an unknown code of the component Pagetable Handler. There is no information about possible countermeasures...
Auteur: VulDB

Xen up to 4.12.x Pagetable HVM Guest privilege escalation

A vulnerability was found in Xen up to 4.12.x (Virtualization Software). It has been classified as critical. This affects an unknown part of the component Pagetable Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Squiz Matrix CMS up to 5.5.0.2/5.5.1.7/5.5.2.3/5.5.3.2 File Upload form_question_type_file_upload.inc denial of service

A vulnerability was found in Squiz Matrix CMS up to 5.5.0.2/5.5.1.7/5.5.2.3/5.5.3.2 (Content Management System) and classified as problematic. Affected by this issue is some unknown functionality of the file...
Auteur: VulDB

Squiz Matrix CMS up to 5.5.0.2/5.5.1.7/5.5.2.3/5.5.3.2 page_remote_content.inc POST Parameter Remote Code Execution

A vulnerability has been found in Squiz Matrix CMS up to 5.5.0.2/5.5.1.7/5.5.2.3/5.5.3.2 (Content Management System) and classified as critical. Affected by this vulnerability is an unknown functionality of the file...
Auteur: VulDB

Symantec Messaging Gateway up to 10.7.3 Server-Side Request Forgery

A vulnerability, which was classified as critical, was found in Symantec Messaging Gateway up to 10.7.3. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Symantec Messaging Gateway up to 10.7.2 cross site scripting

A vulnerability, which was classified as problematic, has been found in Symantec Messaging Gateway up to 10.7.2. This issue affects some unknown processing. Upgrading to version 10.7.3 eliminates this vulnerability.
Auteur: VulDB

Symantec Messaging Gateway up to 10.7.2 privilege escalation

A vulnerability classified as critical was found in Symantec Messaging Gateway up to 10.7.2. This vulnerability affects an unknown code block. Upgrading to version 10.7.3 eliminates this vulnerability.
Auteur: VulDB

Reliable Controls LicenseManager up to 3.4 Application privilege escalation

A vulnerability classified as critical has been found in Reliable Controls LicenseManager up to 3.4. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Safenet Sentinel LDK License Manager prior 7.101 on Windows Service privilege escalation

A vulnerability was found in Safenet Sentinel LDK License Manager on Windows. It has been rated as critical. Affected by this issue is an unknown part of the component Service Handler. Upgrading to version 7.101 eliminates this vulnerability.
Auteur: VulDB

Micro Focus AcuToWeb File Download information disclosure [CVE-2019-17087]

A vulnerability was found in Micro Focus AcuToWeb (affected version unknown). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component File Download. There is no information about possible...
Auteur: VulDB

Atlassian FishEye/Crucible up to 4.7.x removeStarAjax.do privilege escalation

A vulnerability was found in Atlassian FishEye and Crucible up to 4.7.x. It has been classified as critical. Affected is an unknown functionality of the file /json/profile/removeStarAjax.do. Upgrading to version 4.8.0 eliminates this...
Auteur: VulDB

Atlassian FishEye/Crucible up to 4.7.2 branchreview reviewedBranch cross site scripting

A vulnerability was found in Atlassian FishEye and Crucible up to 4.7.2 and classified as problematic. This issue affects an unknown function of the file /plugins/servlet/branchreview. Upgrading to version 4.7.3 eliminates this vulnerability.
Auteur: VulDB

Atlassian FishEye/Crucible up to 4.7.2 Branch cross site scripting

A vulnerability has been found in Atlassian FishEye and Crucible up to 4.7.2 and classified as problematic. This vulnerability affects some unknown processing of the component Branch Handler. Upgrading to version 4.7.3 eliminates this...
Auteur: VulDB

Linux/FreeBSD/OpenBSD/MacOS/iOS/Android VPN Stream weak encryption

A vulnerability, which was classified as critical, was found in Linux, FreeBSD, OpenBSD, MacOS, iOS and Android. This affects an unknown code block of the component VPN Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

wolfSSL/wolfCrypt up to 4.1.0 DSA Nonce Generator dsa.c weak encryption

A vulnerability, which was classified as problematic, has been found in wolfSSL and wolfCrypt up to 4.1.0. Affected by this issue is an unknown code of the file dsa.c of the component DSA Nonce Generator. There is no information about possible...
Auteur: VulDB

enshrined svg-sanitize up to 0.13.0 xlink:href privilege escalation

A vulnerability classified as critical was found in enshrined svg-sanitize up to 0.13.0. Affected by this vulnerability is an unknown part. Upgrading to version 0.13.1 eliminates this vulnerability.
Auteur: VulDB

Puppet Enterprise up to 1.2.0 root_configuration information disclosure

A vulnerability classified as problematic has been found in Puppet Enterprise up to 1.2.0. Affected is the function cd4pe::root_configuration. Upgrading to version 1.2.1 eliminates this vulnerability.
Auteur: VulDB

Puppet Enterprise prior 2018.1.9/2019.0.3 Express Install Default Admin Password weak authentication

A vulnerability was found in Puppet Enterprise. It has been rated as critical. This issue affects an unknown functionality of the component Express Install. Upgrading to version 2018.1.9 or 2019.0.3 eliminates this vulnerability.
Auteur: VulDB

SAP Enable Now prior 1911 User information disclosure

A vulnerability was found in SAP Enable Now. It has been declared as problematic. This vulnerability affects an unknown function. Upgrading to version 1911 eliminates this vulnerability.
Auteur: VulDB

SAP Enable Now prior 1911 Error Message information disclosure

A vulnerability was found in SAP Enable Now. It has been classified as problematic. This affects some unknown processing of the component Error Message Handler. Upgrading to version 1911 eliminates this vulnerability.
Auteur: VulDB

SAP Enable Now prior 1911 CSV File command injection [CVE-2019-0403]

A vulnerability was found in SAP Enable Now and classified as critical. Affected by this issue is an unknown code block. Upgrading to version 1911 eliminates this vulnerability.
Auteur: VulDB

SAP Adaptive Server Enterprise up to 15.6 information disclosure

A vulnerability has been found in SAP Adaptive Server Enterprise up to 15.6 and classified as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 15.7 or 16.0 eliminates this vulnerability.
Auteur: VulDB

SAP Project Management up to S4CORE 102 Project Dashboard information disclosure

A vulnerability, which was classified as problematic, was found in SAP Project Management up to S4CORE 102 (Project Management Software). Affected is an unknown part of the component Project Dashboard. There is no information about possible...
Auteur: VulDB
First234567891011Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS