lundi 18 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2018-AVI-480 : Multiples vulnérabilités dans le noyau Linux de SUSE (10 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et un déni de...
Auteur: Cert FR

CERTFR-2018-AVI-479 : Multiples vulnérabilités dans Joomla! (10 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une injection de requêtes illégitimes par rebond (CSRF).
Auteur: Cert FR

CERTFR-2018-AVI-478 : Multiples vulnérabilités dans le noyau Linux de RedHat (10 octobre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2018-AVI-477 : Multiples vulnérabilités dans Google Chrome OS (10 octobre 2018)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Bytom up to 1.0.5 p2p/discover/net.go checkTopicRegister denial of service

A vulnerability, which was classified as problematic, has been found in Bytom up to 1.0.5. Affected by this issue is the function checkTopicRegister of the file p2p/discover/net.go. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

QLogic 4Gb Fibre Channel/4-8Gb SAN on BladeCenter Default Credentials weak authentication

A vulnerability classified as critical was found in QLogic 4Gb Fibre Channel and 4-8Gb SAN on BladeCenter (the affected version is unknown). Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a...
Auteur: VulDB

Echange de données de santé par messagerie sécurisée : la CNIL et l’ASIP travaillent à l’élaboration d’un référentiel

Suite à l’entrée en application du Règlement général sur la protection des données et loi Informatique et Libertés modifiée, l'autorisation unique AU-037  n’a plus de valeur juridique.
Auteur: Cnil

Facebook WhatsApp Messenger on iOS/Android RTP Packet Video Call Heap-based denial of service

A vulnerability was found in Facebook WhatsApp Messenger on iOS/Android (the affected version is unknown). It has been rated as critical. This issue affects an unknown function of the component RTP Packet Handler. The manipulation as part of a...
Auteur: VulDB

Juniper Junos Space Security Director up to 17.2R1 UI Framework Persistent cross site scripting

A vulnerability has been found in Juniper Junos Space Security Director up to 17.2R1 and classified as problematic. This vulnerability affects an unknown function of the component UI Framework. The manipulation with an unknown input leads to a...
Auteur: VulDB

Juniper Junos Space up to 18.2R OpenNMS Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in Juniper Junos Space up to 18.2R. This affects an unknown function of the component OpenNMS. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

Juniper Junos OS RPD Draft-Rosen MVPN Control Packet Restart memory corruption

A vulnerability, which was classified as critical, has been found in Juniper Junos OS (the affected version is unknown). Affected by this issue is an unknown function of the component RPD. The manipulation as part of a Draft-Rosen MVPN Control...
Auteur: VulDB

Juniper Junos OS prior IPv6 RPD MPLS Packet Crash denial of service

A vulnerability classified as problematic has been found in Juniper Junos OS. Affected is an unknown function of the component RPD. The manipulation as part of a MPLS Packet leads to a denial of service vulnerability (Crash). CWE is classifying...
Auteur: VulDB

Juniper Junos OS up to 18.1R3 on NFX JDM weak authentication

A vulnerability classified as problematic was found in Juniper Junos OS up to 18.1R3 on NFX. Affected by this vulnerability is an unknown function of the component JDM. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

DiliCMS 2.4.0 site attachment_url cross site scripting

A vulnerability, which was classified as problematic, has been found in DiliCMS 2.4.0. Affected by this issue is an unknown function of the file admin/index.php/setting/site?tab=site_attachment. The manipulation of the argument attachment_url as...
Auteur: VulDB

DiliCMS 2.4.0 site attachment_type cross site scripting

A vulnerability classified as problematic was found in DiliCMS 2.4.0. Affected by this vulnerability is an unknown function of the file admin/index.php/setting/site?tab=site_attachment. The manipulation of the argument attachment_type as part of...
Auteur: VulDB

Virtualmin 6.03 webmin_search.cgi Query String cross site scripting

A vulnerability classified as problematic has been found in Virtualmin 6.03. Affected is an unknown function of the file webmin_search.cgi. The manipulation as part of a Query String leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

Virtualmin 6.03 settings-editor_read.cgi file cross site scripting

A vulnerability was found in Virtualmin 6.03. It has been rated as problematic. This issue affects an unknown function of the file settings-editor_read.cgi. The manipulation of the argument file as part of a Parameter leads to a cross site...
Auteur: VulDB

Responsive FileManager 9.8.1 Interface dialog.php privilege escalation

A vulnerability was found in Responsive FileManager 9.8.1. It has been classified as critical. This affects an unknown function of the file dialog.php of the component Interface. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Gigasoft GE iFIX up to 5.8 unknown vulnerability [CVE-2018-17925]

A vulnerability was found in Gigasoft GE iFIX up to 5.8 and classified as critical. The impact remains unknown. CVE summarizes:Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the...
Auteur: VulDB

Hangzhou Xiongmai XMeye P2P Cloud Server Default Credentials weak authentication

A vulnerability has been found in Hangzhou Xiongmai XMeye P2P Cloud Server (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a...
Auteur: VulDB

Hangzhou Xiongmai XMeye P2P Cloud Server MAC Address information disclosure

A vulnerability, which was classified as problematic, was found in Hangzhou Xiongmai XMeye P2P Cloud Server (the affected version is unknown). Affected is an unknown function of the component MAC Address Handler. The manipulation with an unknown...
Auteur: VulDB

Hangzhou Xiongmai XMeye P2P Cloud Server weak encryption [CVE-2018-17915]

A vulnerability, which was classified as critical, has been found in Hangzhou Xiongmai XMeye P2P Cloud Server (the affected version is unknown). This issue affects an unknown function. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Intelbras NPLUG 1.0.0.14 SSID cross site scripting

A vulnerability classified as problematic has been found in Intelbras NPLUG 1.0.0.14. This affects an unknown function of the component SSID Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

tinc up to 1.0.34 VPN Packet Man-in-the-Middle weak encryption

A vulnerability was found in tinc up to 1.0.34. It has been rated as critical. Affected by this issue is an unknown function of the component VPN Packet Handler. The manipulation with an unknown input leads to a weak encryption vulnerability...
Auteur: VulDB

tinc 1.0.30/1.0.31/1.0.32/1.0.33/1.0.34 Authentication Protocol unknown vulnerability

A vulnerability was found in tinc 1.0.30/1.0.31/1.0.32/1.0.33/1.0.34. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Authentication Protocol Handler. The impact remains unknown. The...
Auteur: VulDB
First757758759760761762763764765766Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS