mercredi 13 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

mod_ruid2 up to 0.9.7 Descriptor File Descriptor privilege escalation

A vulnerability was found in mod_ruid2 up to 0.9.7. It has been classified as critical. Affected is an unknown code block of the component Descriptor Handler. Upgrading to version 0.9.8 eliminates this vulnerability.
Auteur: VulDB

tuned up to 1.x ktune Service denial of service

A vulnerability was found in tuned up to 1.x and classified as problematic. This issue affects an unknown code of the component ktune Service. Upgrading to version 2.0 eliminates this vulnerability.
Auteur: VulDB

qpid-cpp 1.0 Message Crash denial of service

A vulnerability has been found in qpid-cpp 1.0 and classified as problematic. This vulnerability affects an unknown part of the component Message Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

dtc-xen 0.5.0/0.5.1/0.5.2/0.5.3 privilege escalation [CVE-2009-4011]

A vulnerability, which was classified as critical, was found in dtc-xen 0.5.0/0.5.1/0.5.2/0.5.3 (Virtualization Software). This affects some unknown functionality. Upgrading to version 0.5.4 eliminates this vulnerability.
Auteur: VulDB

liboping 1.3.2 information disclosure [CVE-2009-3614]

A vulnerability, which was classified as problematic, has been found in liboping 1.3.2. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Red Hat Enterprise Virtualization Manager 2.2.0 SSL Certificate Verification Service Man-in-the-Middle weak authentication

A vulnerability classified as critical was found in Red Hat Enterprise Virtualization Manager 2.2.0 (Virtualization Software). Affected by this vulnerability is an unknown function of the component SSL Certificate Verification Service. Upgrading...
Auteur: VulDB

MantisBT 1.2.0/1.2.1 Attachment MIME Attacgment unknown vulnerability

A vulnerability classified as problematic has been found in MantisBT 1.2.0/1.2.1. Affected is some unknown processing of the component Attachment Handler. Upgrading to version 1.2.2 eliminates this vulnerability.
Auteur: VulDB

alsa-utils 1.0.19 /usr/bin/alsa-info privilege escalation

A vulnerability was found in alsa-utils 1.0.19. It has been rated as problematic. This issue affects an unknown code block of the file /usr/bin/alsa-info. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Holiday Shopping, Phishing, and Malware Scams

Original release date: November 8, 2019As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when...
Auteur: US Cert

CERTFR-2019-AVI-549 : Vulnérabilité dans Fortinet FortiClient pour MacOS (08 novembre 2019)

Une vulnérabilité a été découverte dans FortiClient pour MacOS. Elle permet à un attaquant d'afficher le mot de passe en clair des clients qui se connectent à une passerelle SSL VPN.

Auteur: Cert FR

Troubleshooting and Support Tools Plugin up to 1.17.1 on Atlassian Bitbucket Server Log Scan information disclosure

A vulnerability was found in Troubleshooting and Support Tools Plugin up to 1.17.1 on Atlassian Bitbucket Server. It has been declared as problematic. This vulnerability affects an unknown code of the component Log Scan Handler. Upgrading to...
Auteur: VulDB

HP Inkjet Printer Print File denial of service [CVE-2019-6337]

A vulnerability was found in HP Inkjet Printer (the affected version unknown). It has been classified as problematic. This affects an unknown part of the component Print File Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Dell EMC iDRAC8/iDRAC9 Password information disclosure [CVE-2019-3764]

A vulnerability was found in Dell EMC iDRAC8 and iDRAC9 (affected version not known) and classified as problematic. Affected by this issue is some unknown functionality. Upgrading eliminates this vulnerability.
Auteur: VulDB

Rob Richards XmlSecLibs up to 3.0.2 Signature XML Message spoofing

A vulnerability has been found in Rob Richards XmlSecLibs up to 3.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Signature Handler. Upgrading to version 3.0.3 eliminates this...
Auteur: VulDB

ZTE MF910S One Click Update Tool Password information disclosure

A vulnerability, which was classified as problematic, was found in ZTE MF910S (version unknown). Affected is an unknown function of the component One Click Update Tool. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Matrix Synapse up to 1.4.x Signature /send_join unknown vulnerability

A vulnerability, which was classified as problematic, has been found in Matrix Synapse up to 1.4.x. This issue affects some unknown processing of the file /send_join of the component Signature Handler. Upgrading to version 1.5.0 eliminates this...
Auteur: VulDB

Eximious Logo Designer 3.82 User Mode BuildGradientColorsTable+0x0000000000000053 memory corruption

A vulnerability classified as critical was found in Eximious Logo Designer 3.82 (Mail Server Software). This vulnerability affects the function ExiCustomPathLib!ExiCustomPathLib::CGradientColorsProfile::BuildGradientColorsTable+0x0000000000000053...
Auteur: VulDB

Eximious Logo Designer 3.82 Heap-based memory corruption

A vulnerability classified as critical has been found in Eximious Logo Designer 3.82 (Mail Server Software). This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Eximious Logo Designer 3.82 User Mode memory corruption

A vulnerability was found in Eximious Logo Designer 3.82 (Mail Server Software). It has been rated as critical. Affected by this issue is an unknown part of the component User Mode. There is no information about possible countermeasures known. It...
Auteur: VulDB

strapi up to 3.0.0-beta.17.4 Password Reset Auth.js unknown vulnerability

A vulnerability was found in strapi up to 3.0.0-beta.17.4. It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the file packages/strapi-admin/controllers/Auth.js of the component Password Reset....
Auteur: VulDB

PopojiCMS 2.0.1 route.php post[1][content] cross site scripting

A vulnerability was found in PopojiCMS 2.0.1. It has been classified as problematic. Affected is an unknown functionality of the file po-admin/route.php?mod=post&act=edit. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

PopojiCMS 2.0.1 refer Open Redirect

A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Linux Kernel up to 5.3.9 audit.c aa_label_parse() memory corruption

A vulnerability has been found in Linux Kernel up to 5.3.9 and classified as critical. This vulnerability affects the function aa_label_parse() of the file security/apparmor/audit.c. There is no information about possible countermeasures known....
Auteur: VulDB

Linux Kernel up to 5.3.9 dwc3-pci.c dwc3_pci_probe() denial of service

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9. This affects the function dwc3_pci_probe() of the file drivers/usb/dwc3/dwc3-pci.c. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Linux Kernel up to 5.3.9 sound/soc/sof/debug.c sof_dfsentry_write() denial of service

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.3.9. Affected by this issue is the function sof_dfsentry_write() of the file sound/soc/sof/debug.c. There is no information about possible...
Auteur: VulDB
First3456789101112Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS