vendredi 15 février 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Netwide Assembler 2.14.02 asm/preproc.c paste_tokens memory corruption

A vulnerability was found in Netwide Assembler 2.14.02 (Programming Tool Software) and classified as critical. Affected by this issue is the function paste_tokens of the file asm/preproc.c. The manipulation with an unknown input leads to a...
Auteur: VulDB

Jinja2 2.10 Template from_string source privilege escalation

A vulnerability has been found in Jinja2 2.10 and classified as critical. Affected by this vulnerability is the function from_string of the component Template Handler. The manipulation of the argument source as part of a Parameter leads to a...
Auteur: VulDB

F5 BIG-IP up to 11.6.3.2/12.1.3.7/13.1.1.3/14.0.0.2 Traffic Management User Interface Reflected cross site scripting

A vulnerability classified as problematic has been found in F5 BIG-IP up to 11.6.3.2/12.1.3.7/13.1.1.3/14.0.0.2 (Firewall Software). This affects an unknown function of the component Traffic Management User Interface. The manipulation with an...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetStaticRouteIPv4Settings Gateway privilege escalation

A vulnerability classified as critical was found in D-Link DIR-878 1.12A1 (Router Operating System). Affected by this vulnerability is the function SetStaticRouteIPv4Settings of the file /HNAP1 of the component HNAP API. The manipulation of the...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetSysEmailSettings SMTPServerPort privilege escalation

A vulnerability classified as critical has been found in D-Link DIR-878 1.12A1 (Router Operating System). Affected is the function SetSysEmailSettings of the file /HNAP1 of the component HNAP API. The manipulation of the argument SMTPServerPort...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetStaticRouteIPv6Settings DestNetwork privilege escalation

A vulnerability was found in D-Link DIR-878 1.12A1 (Router Operating System). It has been rated as critical. This issue affects the function SetStaticRouteIPv6Settings of the file /HNAP1 of the component HNAP API. The manipulation of the...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetWebFilterSettings WebFilterURLs privilege escalation

A vulnerability was found in D-Link DIR-878 1.12A1 (Router Operating System). It has been declared as critical. This vulnerability affects the function SetWebFilterSettings of the file /HNAP1 of the component HNAP API. The manipulation of the...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetIPv4FirewallSettings SrcIPv4AddressRangeStart privilege escalation

A vulnerability was found in D-Link DIR-878 1.12A1 (Router Operating System). It has been classified as critical. This affects the function SetIPv4FirewallSettings of the file /HNAP1 of the component HNAP API. The manipulation of the argument...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetQoSSettings IPAddress privilege escalation

A vulnerability was found in D-Link DIR-878 1.12A1 (Router Operating System) and classified as critical. Affected by this issue is the function SetQoSSettings of the file /HNAP1 of the component HNAP API. The manipulation of the argument...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetIPv6FirewallSettings SrcIPv6AddressRangeStart privilege escalation

A vulnerability has been found in D-Link DIR-878 1.12A1 (Router Operating System) and classified as critical. Affected by this vulnerability is the function SetIPv6FirewallSettings of the file /HNAP1 of the component HNAP API. The manipulation ...
Auteur: VulDB

D-Link DIR-878 1.12A1 HNAP API /HNAP1 SetSysLogSettings IPAddress privilege escalation

A vulnerability, which was classified as critical, was found in D-Link DIR-878 1.12A1 (Router Operating System). Affected is the function SetSysLogSettings of the file /HNAP1 of the component HNAP API. The manipulation of the argument IPAddress...
Auteur: VulDB

AVEVA InduSoft Web Studio/InTouch Edge HMI Database Connection privilege escalation

A vulnerability, which was classified as critical, was found in AVEVA InduSoft Web Studio and InTouch Edge HMI. This affects a function of the component Database Connection. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

AVEVA InduSoft Web Studio/InTouch Edge HMI privilege escalation

A vulnerability, which was classified as critical, has been found in AVEVA InduSoft Web Studio and InTouch Edge HMI. Affected by this issue is some functionality. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

WECON LeviStudioU up to 1.8.56 Code Execution memory corruption

A vulnerability classified as critical was found in WECON LeviStudioU up to 1.8.56. Affected by this vulnerability is the functionality. The manipulation with an unknown input leads to a memory corruption vulnerability (Code Execution). The CWE...
Auteur: VulDB

WECON LeviStudioU up to 1.8.56 Heap-based memory corruption

A vulnerability classified as critical has been found in WECON LeviStudioU up to 1.8.56. Affected is an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability (Heap-based). CWE is classifying the...
Auteur: VulDB

WECON LeviStudioU up to 1.8.56 Project File Stack-based memory corruption

A vulnerability was found in WECON LeviStudioU up to 1.8.56. It has been rated as critical. This issue affects some processing of the component Project File Handler. The manipulation with an unknown input leads to a memory corruption...
Auteur: VulDB

Rarlab WinRar up to 5.59 Archive Out-of-Bounds memory corruption

A vulnerability has been found in Rarlab WinRar up to 5.59 (File Compression Software) and classified as critical. Affected by this vulnerability is a functionality of the component Archive Handler. The manipulation with an unknown input leads...
Auteur: VulDB

Atlassian JIRA up to 7.13.0 VerifyPopServerConnection Server-Side Request Forgery

A vulnerability was found in Atlassian JIRA up to 7.13.0 (Bug Tracking Software) and classified as critical. This issue affects a part of the component VerifyPopServerConnection. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

Atlassian JIRA up to 7.6.9/7.12.3/7.13.0 Two-Dimensional Filter Statistics Gadget cross site scripting

A vulnerability has been found in Atlassian JIRA up to 7.6.9/7.12.3/7.13.0 (Bug Tracking Software) and classified as problematic. This vulnerability affects a functionality of the component Two-Dimensional Filter Statistics Gadget. The...
Auteur: VulDB

TIBCO Silver Fabric up to 5.8.1 SOAP Admin API Reflected cross site scripting

A vulnerability, which was classified as problematic, was found in TIBCO Silver Fabric up to 5.8.1. This affects a function of the component SOAP Admin API. The manipulation with an unknown input leads to a cross site scripting vulnerability...
Auteur: VulDB

OpenAM 13.0 Session privilege escalation

A vulnerability, which was classified as critical, has been found in OpenAM 13.0. Affected by this issue is some functionality of the component Session Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

msmtp 1.8.2 Certificate Validation weak authentication

A vulnerability, which was classified as critical, was found in msmtp 1.8.2. Affected is a function of the component Certificate Validation Handler. The manipulation with an unknown input leads to a weak authentication vulnerability. CWE is...
Auteur: VulDB

SchoolCMS 2.3.1 index.php id cross site scripting

A vulnerability, which was classified as problematic, has been found in SchoolCMS 2.3.1 (Content Management System). This issue affects some functionality of the file index.php?a=Index&c=Channel&m=Home. The manipulation of the argument id with...
Auteur: VulDB

SchoolCMS 2.3.1 index.php viewid cross site scripting

A vulnerability classified as problematic was found in SchoolCMS 2.3.1 (Content Management System). This vulnerability affects the functionality of the file index.php?a=Index&c=Channel&m=Home. The manipulation of the argument viewid with an...
Auteur: VulDB

POWER EGG EL Expression privilege escalation [CVE-2019-5916]

A vulnerability was found in POWER EGG. It has been rated as critical. Affected by this issue is some processing of the component EL Expression Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using...
Auteur: VulDB
12345678910Last

Événements SSI

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS