jeudi 27 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM DB2 10.5/11.1/11.5 Command denial of service

A vulnerability, which was classified as problematic, was found in IBM DB2 10.5/11.1/11.5 (Database Software). Affected is some unknown functionality of the component Command Handler. There is no information about possible countermeasures known....
Auteur: VulDB

IBM DB2 11.5 Command denial of service

A vulnerability, which was classified as problematic, has been found in IBM DB2 11.5 (Database Software). This issue affects an unknown functionality of the component Command Handler. There is no information about possible countermeasures known....
Auteur: VulDB

IBM DB2 9.7/10.1/10.5/11.1/11.5 Crafted Packet Memory Exhaustion denial of service

A vulnerability classified as problematic was found in IBM DB2 9.7/10.1/10.5/11.1/11.5 (Database Software). This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Security Secret Server 10.7 Update weak authentication

A vulnerability classified as critical has been found in IBM Security Secret Server 10.7. This affects some unknown processing of the component Update Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Jazz Foundation up to 6.0.6.1 information disclosure [CVE-2019-4457]

A vulnerability was found in IBM Jazz Foundation up to 6.0.6.1. It has been rated as problematic. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Maximo Asset Management 7.6.0/7.6.1 Web UI cross site scripting

A vulnerability was found in IBM Maximo Asset Management 7.6.0/7.6.1. It has been declared as problematic. Affected by this vulnerability is an unknown code of the component Web UI. There is no information about possible countermeasures known. It...
Auteur: VulDB

VMware Releases Security Updates for vRealize Operations for Horizon Adapter

Original release date: February 19, 2020VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an...
Auteur: US Cert

Critical Vulnerability in ThemeGrill Demo Importer Wordpress Plugin (CERT-EU Security Advisory 2020-009)

A critical vulnerability affecting the ThemeGrill Demo Importer plugin has been identified. Theme Grill Demo Importer is a plugin that can be used to import ThemeGrill official themes demo content, widgets and theme settings. The plugin is...
Auteur: Cert EU

ICE Hrm 26.2.0 User Creation service.php cross site request forgery

A vulnerability was found in ICE Hrm 26.2.0. It has been classified as problematic. Affected is an unknown part of the file service.php of the component User Creation. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ICE Hrm 26.2.0 Password Reset service.php cross site request forgery

A vulnerability was found in ICE Hrm 26.2.0 and classified as critical. This issue affects some unknown functionality of the file service.php of the component Password Reset. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Soplanning 1.45 export_ical.php users sql injection

A vulnerability has been found in Soplanning 1.45 and classified as critical. This vulnerability affects an unknown functionality of the file export_ical.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Soplanning 1.45 projets.php by sql injection

A vulnerability, which was classified as critical, was found in Soplanning 1.45. This affects an unknown function of the file projets.php?order=nom_createur. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Soplanning 1.45 process/xajax_server.php cross site request forgery

A vulnerability, which was classified as problematic, has been found in Soplanning 1.45. Affected by this issue is some unknown processing of the file process/xajax_server.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Soplanning 1.45 process/xajax_server.php cross site request forgery

A vulnerability classified as problematic was found in Soplanning 1.45. Affected by this vulnerability is an unknown code block of the file process/xajax_server.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

phpMyChat-Plus 1.98 deluser.php pmc_username sql injection

A vulnerability classified as critical has been found in phpMyChat-Plus 1.98. Affected is an unknown code of the file deluser.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

ESET Smart Security Premium prior 1296 Archive Support Module ZIP Archive privilege escalation

A vulnerability was found in ESET Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro, Cyber Security, Mobile Security for Android, Smart TV Security and NOD32 Antivirus 4 for Linux Desktop. It has been rated as...
Auteur: VulDB

Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6 Shared Calendar privilege escalation

A vulnerability was found in Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6. It has been declared as critical. This vulnerability affects some unknown functionality of the component Shared Calendar. Applying the patch 8.8.15 Patch 7 is...
Auteur: VulDB

Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6 WebEx Zimlet Server-Side Request Forgery

A vulnerability was found in Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6. It has been classified as critical. This affects an unknown functionality of the component WebEx Zimlet. Applying the patch 8.8.15 Patch 7 is able to eliminate...
Auteur: VulDB

FreeBSD libfetch URL Heap-based memory corruption

A vulnerability was found in FreeBSD (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component libfetch. Upgrading eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-099 : Multiples vulnérabilités dans VMware vRealize Operations for Horizon (19 février 2020)

De multiples vulnérabilités ont été découvertes dans VMware vRealize Operations for Horizon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-098 : Multiples vulnérabilités dans IBM Db2 (19 février 2020)

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-097 : Vulnérabilité dans Fortinet FortiOS (19 février 2020)

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2020-AVI-096 : Multiples vulnérabilités dans le noyau linux d’Ubuntu (19 février 2020)

De multiples vulnérabilités ont été découvertes dans le noyau linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

TopManage OLK 2020 Session Cookie cross site scripting

A vulnerability has been found in TopManage OLK 2020 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Session Cookie Handler. There is no information about possible countermeasures known....
Auteur: VulDB

TopManage OLK 2020 Login cross site request forgery

A vulnerability, which was classified as problematic, was found in TopManage OLK 2020. Affected is an unknown code block of the component Login. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
First45678910111213Last

Événements SSI