jeudi 24 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

HiNet GPON Service Port 3097 privilege escalation [CVE-2019-13411]

A vulnerability was found in HiNet GPON (unknown version). It has been rated as very critical. This issue affects an unknown code block of the component Service Port 3097. Addressing this vulnerability is possible by firewalling 3097.
Auteur: VulDB

TOPMeeting up to 8.7 Front End Page Password information disclosure

A vulnerability was found in TOPMeeting up to 8.7. It has been declared as problematic. This vulnerability affects an unknown code of the component Front End Page. Upgrading to version 8.8 eliminates this vulnerability.
Auteur: VulDB

TOPMeeting up to 8.7 Query String Union sql injection

A vulnerability was found in TOPMeeting up to 8.7. It has been classified as critical. This affects an unknown part. Upgrading to version 8.8 eliminates this vulnerability.
Auteur: VulDB

BitDefender BOX up to 2.1 miniupnpd Crafted Packet Crash denial of service

A vulnerability was found in BitDefender BOX up to 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the component miniupnpd. Upgrading to version 2.1.37.37-34 eliminates this vulnerability.
Auteur: VulDB

Pivotal Reactor Netty up to 0.8.11 Header Credentials information disclosure

A vulnerability has been found in Pivotal Reactor Netty up to 0.8.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. There is no information about possible countermeasures...
Auteur: VulDB

Kubernetes up to 1.0-1.12/1.13.11/1.14.7/1.15.4/1.16.1 API Server JSON Payload Crash denial of service

A vulnerability, which was classified as problematic, was found in Kubernetes up to 1.0-1.12/1.13.11/1.14.7/1.15.4/1.16.1. Affected is an unknown function of the component API Server. Upgrading to version 1.13.12, 1.14.8, 1.15.5 or 1.16.2...
Auteur: VulDB

Sequelize up to 4.44.2 JSON Query sequelize.json() sql injection

A vulnerability, which was classified as critical, has been found in Sequelize up to 4.44.2. This issue affects the function sequelize.json() of the component JSON Query Handler. Upgrading to version 4.44.3 eliminates this vulnerability.
Auteur: VulDB

Kea DHCP up to 1.5.0/1.6.0-beta2 Request denial of service

A vulnerability classified as problematic was found in Kea DHCP up to 1.5.0/1.6.0-beta2. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Kea DHCPv4 up to 1.5.0/1.6.0-beta2 Hostname Assertion denial of service

A vulnerability classified as problematic has been found in Kea DHCPv4 up to 1.5.0/1.6.0-beta2. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Kea DHCPv6 up to 1.5.0/1.6.0-beta2 DUID Packet Assertion denial of service

A vulnerability was found in Kea DHCPv6 up to 1.5.0/1.6.0-beta2. It has been rated as problematic. Affected by this issue is an unknown part of the component DUID Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

MetInfo 7.0.0beta index.class.php doSaveSetup cross site request forgery

A vulnerability was found in MetInfo 7.0.0beta (Content Management System). It has been declared as problematic. Affected by this vulnerability is the function doSaveSetup of the file app/system/admin/admin/index.class.php. There is no...
Auteur: VulDB

WordPress up to 5.2.3 Admin Pages cross site request forgery

A vulnerability was found in WordPress up to 5.2.3 (Content Management System). It has been classified as problematic. Affected is an unknown functionality of the component Admin Pages. Upgrading to version 5.2.4 eliminates this vulnerability.
Auteur: VulDB

WordPress up to 5.2.3 Customizer Stored cross site scripting

A vulnerability was found in WordPress up to 5.2.3 (Content Management System) and classified as problematic. This issue affects an unknown function of the component Customizer. Upgrading to version 5.2.4 eliminates this vulnerability.
Auteur: VulDB

WordPress up to 5.2.3 Cache GET Request privilege escalation

A vulnerability has been found in WordPress up to 5.2.3 (Content Management System) and classified as critical. This vulnerability affects some unknown processing of the component Cache Handler. Upgrading to version 5.2.4 eliminates this...
Auteur: VulDB

WordPress up to 5.2.3 Style Element Stored cross site scripting

A vulnerability, which was classified as problematic, was found in WordPress up to 5.2.3 (Content Management System). This affects an unknown code block of the component Style Element Handler. Upgrading to version 5.2.4 eliminates this...
Auteur: VulDB

WordPress up to 5.2.3 Static Query information disclosure

A vulnerability, which was classified as problematic, has been found in WordPress up to 5.2.3 (Content Management System). Affected by this issue is an unknown code of the component Static Query Handler. Upgrading to version 5.2.4 eliminates this...
Auteur: VulDB

WordPress up to 5.2.3 URL Server-Side Request Forgery

A vulnerability classified as critical was found in WordPress up to 5.2.3 (Content Management System). Affected by this vulnerability is an unknown part of the component URL Handler. Upgrading to version 5.2.4 eliminates this vulnerability.
Auteur: VulDB

WordPress up to 5.2.3 URL Server-Side Request Forgery

A vulnerability classified as critical has been found in WordPress up to 5.2.3 (Content Management System). Affected is some unknown functionality of the component URL Handler. Upgrading to version 5.2.4 eliminates this vulnerability.
Auteur: VulDB

Samsung Galaxy S10/Note 10 Fingerprint weak authentication [CVE-2019-17668]

A vulnerability was found in Samsung Galaxy S10 and Note 10 (Smartphone Operating System) (unknown version). It has been rated as critical. This issue affects an unknown functionality of the component Fingerprint Handler. There is no information...
Auteur: VulDB

Comtech H8 Heights Remote Gateway 2.5.1 SiteName cross site scripting

A vulnerability was found in Comtech H8 Heights Remote Gateway 2.5.1. It has been declared as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Linux Kernel up to 5.3.6 ps.c rtl_p2p_noa_ie memory corruption

A vulnerability was found in Linux Kernel up to 5.3.6 (Operating System). It has been classified as critical. This affects the function rtl_p2p_noa_ie of the file drivers/net/wireless/realtek/rtlwifi/ps.c. There is no information about possible...
Auteur: VulDB

NSA Ghidra up to 9.0.1 jansi.dll privilege escalation

A vulnerability was found in NSA Ghidra up to 9.0.1 and classified as critical. Affected by this issue is an unknown code block in the library jansi.dll. Upgrading to version 9.0.2 eliminates this vulnerability.
Auteur: VulDB

NSA Ghidra up to 9.0.4 Python Interpreter Search Path privilege escalation

A vulnerability has been found in NSA Ghidra up to 9.0.4 and classified as critical. Affected by this vulnerability is an unknown code of the component Python Interpreter. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

D-Link DIR-866L 1.03B04 Common Gateway Interface HtmlResponseMessage cross site scripting

A vulnerability, which was classified as problematic, was found in D-Link DIR-866L 1.03B04 (Router Operating System). Affected is the function HtmlResponseMessage of the component Common Gateway Interface. There is no information about possible...
Auteur: VulDB

ThinVNC 1.0b1 directory traversal [CVE-2019-17662]

A vulnerability, which was classified as problematic, has been found in ThinVNC 1.0b1. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB
First45678910111213Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS