lundi 18 novembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

ImageMagick up to 7.0.7-29 coders/meta.c formatIPTCfromBuffer denial of service

A vulnerability, which was classified as problematic, has been found in ImageMagick up to 7.0.7-29. Affected by this issue is the function formatIPTCfromBuffer of the file coders/meta.c. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

ImageMagick up to 7.0.7-29 coders/png.c ReadOneJNGImage denial of service

A vulnerability classified as problematic was found in ImageMagick up to 7.0.7-29. Affected by this vulnerability is the function ReadOneJNGImage of the file coders/png.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

rcfilters Plugin 2.1.6 on RoundCube _whatfilter/_messages cross site scripting

A vulnerability classified as problematic has been found in rcfilters Plugin 2.1.6 on RoundCube. Affected is an unknown function. The manipulation of the argument _whatfilter/_messages as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

Go Ethereum up to 1.8.13 eth/api_tracer.go TraceChain unknown vulnerability

A vulnerability was found in Go Ethereum up to 1.8.13. It has been rated as problematic. This issue affects the function TraceChain of the file eth/api_tracer.go. The impact remains unknown. The summary by CVE is:In Go Ethereum (aka geth) before...
Auteur: VulDB

CScms 4.1 Setting.php cross site request forgery

A vulnerability was found in CScms 4.1. It has been declared as problematic. This vulnerability affects an unknown function of the file upload\plugins\sys\admin\Setting.php. The manipulation with an unknown input leads to a cross site request...
Auteur: VulDB

CScms 4.1 JSON Data File Upload privilege escalation

A vulnerability was found in CScms 4.1. It has been classified as critical. This affects an unknown function of the component JSON Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability (File Upload)....
Auteur: VulDB

CScms 4.1 Site name Install.php cross site scripting

A vulnerability was found in CScms 4.1 and classified as problematic. Affected by this issue is an unknown function of the file upload\plugins\sys\Install.php of the component Site name. The manipulation with an unknown input leads to a cross...
Auteur: VulDB

baijiacms V4 ZeroClipboard.swf id cross site scripting

A vulnerability has been found in baijiacms V4 and classified as problematic. Affected by this vulnerability is an unknown function of the file assets/weengine/components/zclip/ZeroClipboard.swf. The manipulation of the argument id as part of a...
Auteur: VulDB

baijiacms V4 index.php order sql injection

A vulnerability, which was classified as critical, was found in baijiacms V4. Affected is an unknown function of the file index.php?act=index. The manipulation of the argument order as part of a Parameter leads to a sql injection vulnerability...
Auteur: VulDB

Absolute CTES Windows Agent up to 1.0.0.1479 Permission %ProgramData%\CTES privilege escalation

A vulnerability, which was classified as critical, has been found in Absolute CTES Windows Agent up to 1.0.0.1479. This issue affects an unknown function of the file %ProgramData%\CTES of the component Permission. The manipulation with an...
Auteur: VulDB

CERTFR-2018-AVI-426 : Multiples vulnérabilités dans le noyau Linux de SUSE (07 septembre 2018)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE . Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

CremeCRM 1.6.12 Stored cross site scripting

A vulnerability classified as problematic was found in CremeCRM 1.6.12. This vulnerability affects an unknown function. The manipulation of the argument...
Auteur: VulDB

ProtonVPN VPN Client 1.5.1 Configuration File Code Execution

A vulnerability classified as critical has been found in ProtonVPN VPN Client 1.5.1. This affects an unknown function of the component Configuration File. The manipulation with an unknown input leads to a privilege escalation vulnerability (Code...
Auteur: VulDB

NordVPN 6.14.28.0 Configuration File Code Execution

A vulnerability was found in NordVPN 6.14.28.0. It has been rated as critical. Affected by this issue is an unknown function of the component Configuration File. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

IBM API Connect up to 2018.3.4 Server-Side Request Forgery [CVE-2018-1789]

A vulnerability was found in IBM API Connect up to 2018.3.4. It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (SSRF)....
Auteur: VulDB

IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4 IGI information disclosure

A vulnerability was found in IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4. It has been classified as problematic. Affected is an unknown function of the component IGI. The manipulation with an unknown input leads to a...
Auteur: VulDB

Gleez CMS 1.2.0 Profile Page information disclosure

A vulnerability, which was classified as problematic, has been found in Gleez CMS 1.2.0. Affected by this issue is an unknown function of the component Profile Page. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Contiki-NG up to 4.1 AQL lvm.c memory corruption

A vulnerability classified as critical has been found in Contiki-NG up to 4.1. Affected is the function lvm_register_variable/lvm_set_variable_value/create_intersection/create_union of the file os/storage/antelope/lvm.c of the component AQL...
Auteur: VulDB

Contiki-NG up to 4.1 AQL aql-lexer.c next_string memory corruption

A vulnerability was found in Contiki-NG up to 4.1. It has been rated as critical. This issue affects the function next_string of the file os/storage/antelope/aql-lexer.c of the component AQL Handler. The manipulation with an unknown input leads...
Auteur: VulDB

Contiki-NG up to 4.1 AQL lvm.c lvm_shift_for_operator memory corruption

A vulnerability was found in Contiki-NG up to 4.1. It has been declared as critical. This vulnerability affects the function lvm_shift_for_operator of the file os/storage/antelope/lvm.c of the component AQL Handler. The manipulation with an...
Auteur: VulDB

Contiki-NG up to 4.1 AQL lvm.c lvm_set_type memory corruption

A vulnerability was found in Contiki-NG up to 4.1. It has been classified as critical. This affects the function lvm_set_type of the file os/storage/antelope/lvm.c of the component AQL Handler. The manipulation with an unknown input leads to a...
Auteur: VulDB

Contiki-NG up to 4.1 AQL aql-parser.c parse_relations memory corruption

A vulnerability was found in Contiki-NG up to 4.1 and classified as critical. Affected by this issue is the function parse_relations of the file os/storage/antelope/aql-parser.c of the component AQL Handler. The manipulation with an unknown...
Auteur: VulDB

Kamailio up to 5.0.6/5.1.3 SIP Message crcitt_string_array denial of service

A vulnerability, which was classified as problematic, was found in Kamailio up to 5.0.6/5.1.3. Affected is the function crcitt_string_array of the component SIP Message Handler. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

Gxlcms 1.0 ThinkException.tpl.php PATH_INFO cross site scripting

A vulnerability, which was classified as problematic, has been found in Gxlcms 1.0. This issue affects an unknown function in the library gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. The manipulation of the argument PATH_INFO with an unknown...
Auteur: VulDB

Zurmo 3.2.4 details cross site scripting

A vulnerability classified as problematic was found in Zurmo 3.2.4. This vulnerability affects an unknown function of the file app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. The manipulation with an unknown input leads...
Auteur: VulDB
First818819820821822823824825826827Last

Événements SSI

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS