Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

all-in-one-wp-security-and-firewall Plugin up to 4.0.5 on WordPress Settings Page cross site scripting

A vulnerability was found in all-in-one-wp-security-and-firewall Plugin up to 4.0.5 on WordPress (Firewall Software). It has been rated as problematic. Affected by this issue is an unknown code of the component Settings Page. Upgrading to version...
Auteur: VulDB

all-in-one-wp-security-and-firewall Plugin up to 4.1.x on WordPress cross site scripting

A vulnerability was found in all-in-one-wp-security-and-firewall Plugin up to 4.1.x on WordPress (Firewall Software). It has been declared as problematic. Affected by this vulnerability is an unknown part. Upgrading to version 4.2.0 eliminates...
Auteur: VulDB

eXosip up to 4.x Content-Header eXtl_tls.c handle_messages Negative Value unknown vulnerability

A vulnerability was found in eXosip up to 4.x. It has been classified as problematic. Affected is the function handle_messages of the file eXtl_tls.c of the component Content-Header Handler. Upgrading to version 5.0.0 eliminates this...
Auteur: VulDB

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

Original release date: August 14, 2019The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of...
Auteur: US Cert

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Original release date: August 14, 2019Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2...
Auteur: US Cert

Multiple HTTP/2 Implementation Vulnerabilities

Original release date: August 14, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS)...
Auteur: US Cert

VU#918987: Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Bluetooth is a short-range wireless technology based off of a core specification that defines six different core configurations,including the Bluetooth Basic Rate/Enhanced Data Rate Core Configurations. Bluetooth BR/EDR is used for low-power...
Auteur: US Cert

CERTFR-2019-ALE-012 : Multiples vulnérabilités dans Microsoft Remote Desktop Services (14 août 2019)

Le 13 août 2019, lors de la publication mensuelle de ses correctifs, Microsoft a corrigé plusieurs vulnérabilités affectant les services de bureau à distance (Remote Desktop Services, RDS). Parmi les failles corrigées, quatre d'entre elles,...
Auteur: Cert FR

CERTFR-2019-AVI-399 : Multiples vulnérabilités dans les produits Intel (14 août 2019)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des...
Auteur: Cert FR

JIRA up to 7.13.3/8.2.1 login.jsp information disclosure

A vulnerability was found in JIRA up to 7.13.3/8.2.1 and classified as problematic. Affected by this issue is an unknown function of the file login.jsp. Upgrading to version 7.13.4 or 8.2.2 eliminates this vulnerability.
Auteur: VulDB

NVIDIA Shield TV Experience up to 7.x API Code Execution

A vulnerability has been found in NVIDIA Shield TV Experience up to 7.x and classified as critical. Affected by this vulnerability is some unknown processing of the component API. Upgrading to version 8.0 eliminates this vulnerability.
Auteur: VulDB

OpenEMR up to 5.0.1 custom/ajax_download.php fileName directory traversal

A vulnerability, which was classified as problematic, has been found in OpenEMR up to 5.0.1 (Business Process Management Software). This issue affects an unknown code of the file custom/ajax_download.php. Upgrading to version 5.0.2 eliminates...
Auteur: VulDB

mAadhaar App 1.2.7 on Android SSL Certificate Validator Man-in-the-Middle weak authentication

A vulnerability classified as critical was found in mAadhaar App 1.2.7 on Android (Android App Software). This vulnerability affects an unknown part of the component SSL Certificate Validator. There is no information about possible...
Auteur: VulDB

Search Guard up to 20.x User Database Side-Channel information disclosure

A vulnerability classified as problematic has been found in Search Guard up to 20.x. This affects some unknown functionality of the component User Database. Upgrading to version 21.0 eliminates this vulnerability.
Auteur: VulDB

Search Guard up to 23.0 Aggregation Cleartext information disclosure

A vulnerability was found in Search Guard up to 23.0. It has been rated as problematic. Affected by this issue is an unknown functionality of the component Aggregation. Upgrading to version 23.1 eliminates this vulnerability.
Auteur: VulDB

contact-form-to-email Plugin up to 1.2.65 on WordPress cross site request forgery

A vulnerability was found in contact-form-to-email Plugin up to 1.2.65 on WordPress (WordPress Plugin). It has been declared as problematic. Affected by this vulnerability is an unknown function. Upgrading to version 1.2.66 eliminates this...
Auteur: VulDB

contact-form-to-email Plugin up to 1.2.65 on WordPress cross site scripting

A vulnerability was found in contact-form-to-email Plugin up to 1.2.65 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is some unknown processing. Upgrading to version 1.2.66 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel up to 4.10 Socket Option net/ipv6/ip6mr.c memory corruption

A vulnerability was found in Linux Kernel up to 4.10 (Operating System) and classified as critical. This issue affects an unknown code block of the file net/ipv6/ip6mr.c of the component Socket Option Handler. Upgrading to version 4.11 eliminates...
Auteur: VulDB

wp-live-chat-support Plugin up to 7.1.4 on WordPress cross site scripting

A vulnerability has been found in wp-live-chat-support Plugin up to 7.1.4 on WordPress (Chat Software) and classified as problematic. This vulnerability affects an unknown code. Upgrading to version 7.1.05 eliminates this vulnerability.
Auteur: VulDB

simple-job-board Plugin up to 2.4.3 on WordPress Keyword Search Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in simple-job-board Plugin up to 2.4.3 on WordPress (Forum Software). This affects an unknown part of the component Keyword Search. Upgrading to version 2.4.4 eliminates this...
Auteur: VulDB

liveforms Plugin up to 3.3.x on WordPress cross site scripting

A vulnerability, which was classified as problematic, has been found in liveforms Plugin up to 3.3.x on WordPress (WordPress Plugin). Affected by this issue is some unknown functionality. Upgrading to version 3.4.0 eliminates this vulnerability.
Auteur: VulDB

htaccess Plugin up to 1.7.5 on WordPress cross site scripting

A vulnerability classified as problematic was found in htaccess Plugin up to 1.7.5 on WordPress (WordPress Plugin). Affected by this vulnerability is an unknown functionality. Upgrading to version 1.7.6 eliminates this vulnerability.
Auteur: VulDB

gravity-forms-sms-notifications Plugin up to 2.3.x on WordPress cross site scripting

A vulnerability classified as problematic has been found in gravity-forms-sms-notifications Plugin up to 2.3.x on WordPress (WordPress Plugin). Affected is an unknown function. Upgrading to version 2.4.0 eliminates this vulnerability.
Auteur: VulDB

custom-search-plugin Plugin up to 1.35 on WordPress cross site scripting

A vulnerability was found in custom-search-plugin Plugin up to 1.35 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects some unknown processing. Upgrading to version 1.36 eliminates this vulnerability.
Auteur: VulDB

Microsoft Windows 10 1903/Server 1903 Subsystem for Linux memory corruption

A vulnerability was found in Microsoft Windows 10 1903/Server 1903 (Operating System) and classified as critical. This issue affects an unknown functionality of the component Subsystem for Linux. Applying a patch is able to eliminate this...
Auteur: VulDB
First752753754755756757758759760761Last

Événements SSI