jeudi 12 décembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Red Hat JBoss Enterprise Application Platform up to 7.0.3 RBAC information disclosure

A vulnerability was found in Red Hat JBoss Enterprise Application Platform up to 7.0.3. It has been rated as problematic. Affected by this issue is an unknown function of the component RBAC. The manipulation with an unknown input leads to a...
Auteur: VulDB

Pacemaker up to 1.1.15 IPC Interface privilege escalation

A vulnerability was found in Pacemaker up to 1.1.15. It has been classified as critical. Affected is an unknown function of the component IPC Interface. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

PotPlayer 1.8.7556 PotPlayerMini.exe BytesPerSec/SamplesPerSec/Data_Chunk_Size memory corruption

A vulnerability was found in PotPlayer 1.8.7556. It has been classified as critical. Affected is an unknown function of the file PotPlayerMini.exe. The manipulation of the argument BytesPerSec/SamplesPerSec/Data_Chunk_Size as part of a WAV File...
Auteur: VulDB

FURUNO FELCOM 250/FELCOM 500 xml/permission.xml information disclosure

A vulnerability has been found in FURUNO FELCOM 250 and FELCOM 500 (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function of the file xml/permission.xml. The manipulation with an unknown...
Auteur: VulDB

FURUNO FELCOM 250/FELCOM 500 Password sm_changepassword.cgi weak authentication

A vulnerability, which was classified as critical, has been found in FURUNO FELCOM 250 and FELCOM 500 (the affected version is unknown). Affected by this issue is an unknown function of the file /cgi-bin/sm_changepassword.cgi of the component...
Auteur: VulDB

PowerDNS Authoritative Server up to 3.4.10/4.0.1 Web Server TCP Connection denial of service

A vulnerability, which was classified as problematic, has been found in PowerDNS Authoritative Server up to 3.4.10/4.0.1. This issue affects an unknown function of the component Web Server. The manipulation as part of a TCP Connection leads to a...
Auteur: VulDB

CloudForms up to 5.6.2.1/5.7.0.6 Permission privilege escalation

A vulnerability classified as critical was found in CloudForms up to 5.6.2.1/5.7.0.6. This vulnerability affects an unknown function of the component Permission. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Drools Workbench directory traversal [CVE-2016-7041]

A vulnerability was found in Drools Workbench (the affected version is unknown). It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption

A vulnerability classified as critical has been found in Samsung SmartThings Hub 0.20.17. This affects an unknown function of the file /cameras/XXXX/clips of the component Video-Core Process. The manipulation with an unknown input leads to a...
Auteur: VulDB

Samsung SmartThings Hub 0.20.17 Video-Core Process /cameras/XXXX/clips memory corruption

A vulnerability was found in Samsung SmartThings Hub 0.20.17. It has been rated as critical. Affected by this issue is an unknown function of the file /cameras/XXXX/clips of the component Video-Core Process. The manipulation with an unknown...
Auteur: VulDB

Samsung SmartThings Hub STH-ETH-250 0.20.17 Credentials Stack-based memory corruption

A vulnerability classified as critical has been found in Samsung SmartThings Hub STH-ETH-250 0.20.17. Affected is an unknown function of the component Credentials Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Pektron Passive Keyless Entry and Start 5.4 DST40 weak encryption

A vulnerability was found in Pektron Passive Keyless Entry and Start 5.4. It has been declared as critical. This vulnerability affects an unknown function of the component DST40. The manipulation with an unknown input leads to a weak encryption...
Auteur: VulDB

openstack-neutron up to 11.0.4/12.0.2/13.0.0.0b1 privilege escalation

A vulnerability has been found in openstack-neutron up to 11.0.4/12.0.2/13.0.0.0b1 and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

openstack-neutron up to 11.0.4/12.0.2/13.0.0.0b1 Linux Bridge ml2 Driver denial of service

A vulnerability, which was classified as problematic, was found in openstack-neutron up to 11.0.4/12.0.2/13.0.0.0b1. Affected is an unknown function of the component Linux Bridge ml2 Driver. The manipulation with an unknown input leads to a...
Auteur: VulDB

OpenStack rabbitmq privilege escalation [CVE-2018-14620]

A vulnerability, which was classified as critical, has been found in OpenStack rabbitmq (the affected version is unknown). This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication

A vulnerability classified as critical was found in Apache ActiveMQ Client up to 5.15.5. This vulnerability affects an unknown function of the component TLS Hostname Verification. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

b3log Solo 2.9.3 Site name Stored cross site scripting

A vulnerability was found in b3log Solo 2.9.3. It has been classified as problematic. This affects an unknown function of the component Site name. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). CWE...
Auteur: VulDB

Fuel CMS 1.4.1 filter/data PHP Code Execution privilege escalation

A vulnerability was found in Fuel CMS 1.4.1. It has been classified as critical. Affected is an unknown function. The manipulation of the argument filter/data as part of a Parameter leads to a privilege escalation vulnerability (PHP Code...
Auteur: VulDB

Fuel CMS 1.4.1 layout/published/search_term sql injection

A vulnerability was found in Fuel CMS 1.4.1 and classified as critical. This issue affects an unknown function. The manipulation of the argument layout/published/search_term as part of a Parameter leads to a sql injection vulnerability. Using...
Auteur: VulDB

Eventum up to 3.3.x Open Redirect [CVE-2018-16761]

A vulnerability has been found in Eventum up to 3.3.x and classified as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (Redirect). The CWE...
Auteur: VulDB

EasyCMS v1.4 App/Common/common.php removeXSS cross site scripting

A vulnerability, which was classified as problematic, was found in EasyCMS v1.4. This affects the function removeXSS of the file App/Common/common.php. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

ImageMagick up to 7.0.7-29 coders/meta.c formatIPTCfromBuffer denial of service

A vulnerability, which was classified as problematic, has been found in ImageMagick up to 7.0.7-29. Affected by this issue is the function formatIPTCfromBuffer of the file coders/meta.c. The manipulation with an unknown input leads to a denial...
Auteur: VulDB

ImageMagick up to 7.0.7-29 coders/png.c ReadOneJNGImage denial of service

A vulnerability classified as problematic was found in ImageMagick up to 7.0.7-29. Affected by this vulnerability is the function ReadOneJNGImage of the file coders/png.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

rcfilters Plugin 2.1.6 on RoundCube _whatfilter/_messages cross site scripting

A vulnerability classified as problematic has been found in rcfilters Plugin 2.1.6 on RoundCube. Affected is an unknown function. The manipulation of the argument _whatfilter/_messages as part of a Parameter leads to a cross site scripting...
Auteur: VulDB

Go Ethereum up to 1.8.13 eth/api_tracer.go TraceChain unknown vulnerability

A vulnerability was found in Go Ethereum up to 1.8.13. It has been rated as problematic. This issue affects the function TraceChain of the file eth/api_tracer.go. The impact remains unknown. The summary by CVE is:In Go Ethereum (aka geth) before...
Auteur: VulDB
First869870871872873874875876877878Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS