jeudi 17 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

DoorDash App up to 11.5.2 on Android Log Credentials information disclosure

A vulnerability was found in DoorDash App up to 11.5.2 on Android (Android App Software) and classified as problematic. Affected by this issue is some unknown processing of the component Log Handler. There is no information about possible...
Auteur: VulDB

PowerSchool Mobile App 1.1.8 on Android Log Credentials information disclosure

A vulnerability has been found in PowerSchool Mobile App 1.1.8 on Android (Android App Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component Log Handler. There is no information about...
Auteur: VulDB

Rapid Gator App 0.7.1 on Android Log Credentials information disclosure

A vulnerability, which was classified as problematic, was found in Rapid Gator App 0.7.1 on Android (Android App Software). Affected is an unknown code of the component Log Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Seesaw Parent and Family App 6.2.5 on Android Log Credentials information disclosure

A vulnerability, which was classified as problematic, has been found in Seesaw Parent and Family App 6.2.5 on Android (Android App Software). This issue affects an unknown part of the component Log Handler. There is no information about possible...
Auteur: VulDB

Infinite Design App 3.4.12 on Android Authentication weak encryption

A vulnerability classified as problematic was found in Infinite Design App 3.4.12 on Android (Android App Software). This vulnerability affects some unknown functionality of the component Authentication. There is no information about possible...
Auteur: VulDB

Orbitz App 19.31.1 on Android Log Credentials information disclosure

A vulnerability classified as problematic has been found in Orbitz App 19.31.1 on Android (Android App Software). This affects an unknown functionality of the component Log Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Dolibarr ERP/CRM 10.0.2 user/note.php Note cross site scripting

A vulnerability was found in Dolibarr ERP and CRM 10.0.2. It has been rated as problematic. Affected by this issue is an unknown function of the file user/note.php. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Connect2id Nimbus JOSE+JWT up to 7.8 JWT Parser privilege escalation

A vulnerability was found in Connect2id Nimbus JOSE+JWT up to 7.8. It has been declared as critical. Affected by this vulnerability is some unknown processing of the component JWT Parser. Upgrading to version 7.9 eliminates this vulnerability.
Auteur: VulDB

KeyCloak up to 7.x REST API privilege escalation

A vulnerability was found in KeyCloak up to 7.x. It has been classified as critical. Affected is an unknown code block of the component REST API. Upgrading to version 8.0.0 eliminates this vulnerability.
Auteur: VulDB

Glue Smart Lock 2.7.8 Guest Access privilege escalation

A vulnerability was found in Glue Smart Lock 2.7.8 and classified as critical. This issue affects an unknown code of the component Guest Access. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

safer-eval up to 1.3.1 Sandbox Remote Code Execution

A vulnerability has been found in safer-eval up to 1.3.1 and classified as critical. This vulnerability affects an unknown part of the component Sandbox. Upgrading to version 1.3.2 eliminates this vulnerability.
Auteur: VulDB

safer-eval up to 1.3.3 Sandbox Remote Code Execution

A vulnerability, which was classified as critical, was found in safer-eval up to 1.3.3. This affects some unknown functionality of the component Sandbox. Upgrading to version 1.3.4 eliminates this vulnerability.
Auteur: VulDB

haml up to 5.0.0.beta.1 Code Execution [CVE-2017-1002201]

A vulnerability classified as critical was found in haml up to 5.0.0.beta.1. Affected by this vulnerability is an unknown function. Upgrading to version 5.0.0.beta.2 eliminates this vulnerability.
Auteur: VulDB

Oracle Releases October 2019 Security Bulletin

Original release date: October 15, 2019Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

La CNIL, alliée de confiance du quotidien numérique des Français

Dans sa nouvelle feuille de route stratégique, la CNIL fixe cinq priorités jusqu’en 2021, afin de mieux exercer sa mission de service public à l’égard de ses différents publics en répondant davantage à leurs attentes, dans un contexte de...
Auteur: Cnil

Adobe Releases Security Updates for Multiple Products

Original release date: October 15, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...
Auteur: US Cert

WordPress Releases Security Update

Original release date: October 15, 2019WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and...
Auteur: US Cert

Dell ImageAssist up to 8.7.14 Image information disclosure

A vulnerability classified as problematic has been found in Dell ImageAssist up to 8.7.14. Affected is some unknown processing of the component Image Handler. Upgrading to version 8.7.15 eliminates this vulnerability.
Auteur: VulDB

ncurses prior 6.1-20191012 terminfo Library tinfo/comp_hash.c fmt_entry memory corruption

A vulnerability was found in ncurses. It has been rated as critical. This issue affects the function fmt_entry of the file tinfo/comp_hash.c of the component terminfo Library. Upgrading to version 6.1-20191012 eliminates this vulnerability.
Auteur: VulDB

ncurses prior 6.1-20191012 terminfo Library tinfo/comp_hash.c _nc_find_entry memory corruption

A vulnerability was found in ncurses. It has been declared as critical. This vulnerability affects the function _nc_find_entry of the file tinfo/comp_hash.c of the component terminfo Library. Upgrading to version 6.1-20191012 eliminates this...
Auteur: VulDB

JIZHICMS 1.5.1 adminadd.html cross site request forgery

A vulnerability was found in JIZHICMS 1.5.1 (Content Management System). It has been classified as problematic. This affects an unknown part of the file admin.php/Admin/adminadd.html. There is no information about possible countermeasures known....
Auteur: VulDB

csv-parse Module up to 4.4.5 on Node.js Regular Expression __isInt() denial of service

A vulnerability was found in csv-parse Module up to 4.4.5 on Node.js (JavaScript Library) and classified as problematic. Affected by this issue is the function __isInt() of the component Regular Expression. Upgrading to version 4.4.6 eliminates...
Auteur: VulDB

NCH Express Invoice 7.12 Quotes Invoices/Items/Customers cross site scripting

A vulnerability has been found in NCH Express Invoice 7.12 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file Invoices/Items/Customers/Quotes. There is no information about possible...
Auteur: VulDB

JSS CryptoManager OCSP Policy Man-in-the-Middle weak authentication

A vulnerability, which was classified as critical, was found in JSS CryptoManager (version unknown). Affected is an unknown function of the component OCSP Policy. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Ubisoft Uplay 92.0.0.6280 Permission privilege escalation

A vulnerability, which was classified as critical, has been found in Ubisoft Uplay 92.0.0.6280. This issue affects some unknown processing of the component Permission. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First3456789101112Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS