samedi 16 février 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

VMware Releases Security Updates

Original release date: February 15, 2019 VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system.  The...
Auteur: US Cert

CERTFR-2019-AVI-068 : Multiples vulnérabilités dans Mozilla Thunderbird (15 février 2019)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2019-AVI-067 : SCADA Multiples vulnérabilités dans les produits Schneider Electric (15 février 2019)

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement...
Auteur: Cert FR

Netwide Assembler 2.14.02 asm/preproc.c paste_tokens memory corruption

A vulnerability was found in Netwide Assembler 2.14.02 (Programming Tool Software) and classified as critical. Affected by this issue is the function paste_tokens of the file asm/preproc.c. The manipulation with an unknown input leads to a...
Auteur: VulDB

Jinja2 2.10 Template from_string source privilege escalation

A vulnerability has been found in Jinja2 2.10 and classified as critical. Affected by this vulnerability is the function from_string of the component Template Handler. The manipulation of the argument source as part of a Parameter leads to a...
Auteur: VulDB

SoX 14.4.2 effect_i_dsp.c lsx_make_lpf denial of service

A vulnerability was found in SoX 14.4.2. It has been declared as problematic. Affected by this vulnerability is the function lsx_make_lpf of the file effect_i_dsp.c. The manipulation with an unknown input leads to a denial of service...
Auteur: VulDB

SoX 14.4.2 fft4g.c bitrv2 Argument memory corruption

A vulnerability was found in SoX 14.4.2. It has been classified as critical. Affected is the function bitrv2 of the file fft4g.c. The manipulation as part of a Argument leads to a memory corruption vulnerability (Stack-based). CWE is classifying...
Auteur: VulDB

SoX 14.4.2 xmalloc.h channels_start memory corruption

A vulnerability was found in SoX 14.4.2 and classified as critical. This issue affects the function channels_start of the file xmalloc.h. The manipulation with an unknown input leads to a memory corruption vulnerability (Integer Overflow). Using...
Auteur: VulDB

SoX 14.4.2 effect_i_dsp.c lsx_make_lpf memory corruption

A vulnerability has been found in SoX 14.4.2 and classified as critical. This vulnerability affects the function lsx_make_lpf of the file effect_i_dsp.c. The manipulation with an unknown input leads to a memory corruption vulnerability (Integer...
Auteur: VulDB

BEESCMS 4.0 admin_member.php cross site request forgery

A vulnerability, which was classified as critical, was found in BEESCMS 4.0 (Content Management System). This affects a function of the file admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user. The manipulation with an unknown...
Auteur: VulDB

ES File Explorer File Manager 4.1.9.7.4 on Android Help Man-in-the-Middle weak encryption

A vulnerability, which was classified as critical, has been found in ES File Explorer File Manager 4.1.9.7.4 on Android. Affected by this issue is some functionality of the component Help. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Linux Kernel up to 4.20.7 Reference Counting virt/kvm/kvm_main.c kvm_ioctl_create_device memory corruption

A vulnerability classified as critical was found in Linux Kernel up to 4.20.7 (Operating System). Affected by this vulnerability is the function kvm_ioctl_create_device of the file virt/kvm/kvm_main.c of the component Reference Counting. The...
Auteur: VulDB

IBM Rational ClearCase 1.0.0.0 GIT Connector Password information disclosure

A vulnerability classified as problematic has been found in IBM Rational ClearCase 1.0.0.0. Affected is an unknown function of the component GIT Connector. The manipulation with an unknown input leads to a information disclosure vulnerability...
Auteur: VulDB

SAP Manufacturing Integration and Intelligence 15.0/15.1/15.2 Illuminator Servlet CSRF privilege escalation

A vulnerability was found in SAP Manufacturing Integration and Intelligence 15.0/15.1/15.2. It has been rated as critical. This issue affects some processing of the component Illuminator Servlet. The manipulation with an unknown input leads to a...
Auteur: VulDB

SAP HANA Extended Application Services 1.0 Trace File information disclosure

A vulnerability was found in SAP HANA Extended Application Services 1.0 (Database Software). It has been declared as problematic. This vulnerability affects a code block of the component Trace File Handler. The manipulation with an unknown input...
Auteur: VulDB

SAP KRNL32NUC/KRNL64NUC/KERNEL SLD Registration Flooding denial of service

A vulnerability was found in SAP KRNL32NUC, KRNL64NUC and KERNEL. It has been classified as problematic. This affects code of the component SLD Registration. The manipulation with an unknown input leads to a denial of service vulnerability...
Auteur: VulDB

SAP Webintelligence BILaunchPad 4.10/4.20 HTML Report cross site scripting

A vulnerability was found in SAP Webintelligence BILaunchPad 4.10/4.20 and classified as problematic. Affected by this issue is a part of the component HTML Report Handler. The manipulation with an unknown input leads to a cross site scripting...
Auteur: VulDB

SAP HANA Extended Application Services up to 1.0.96 privilege escalation

A vulnerability has been found in SAP HANA Extended Application Services up to 1.0.96 (Database Software) and classified as critical. Affected by this vulnerability is a functionality. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

SAP BusinessObjects 4.2/4.3 File Upload privilege escalation

A vulnerability, which was classified as critical, was found in SAP BusinessObjects 4.2/4.3. Affected is a function of the component File Upload. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is...
Auteur: VulDB

SAP Disclosure Management 10.01 Authorization privilege escalation

A vulnerability, which was classified as critical, has been found in SAP Disclosure Management 10.01. This issue affects some functionality of the component Authorization. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

SAP NetWeaver AS ABAP privilege escalation [CVE-2019-0257]

A vulnerability classified as critical was found in SAP NetWeaver AS ABAP (Solution Stack Software). This vulnerability affects the functionality. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE...
Auteur: VulDB

SAP Business One Mobile App 1.2.12 on Android information disclosure

A vulnerability classified as problematic has been found in SAP Business One Mobile App 1.2.12 on Android. This affects an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is...
Auteur: VulDB

SAP NetWeaver AS ABAP/Krnl64nuc/Kernel 7.73/7.74/7.75 privilege escalation

A vulnerability was found in SAP NetWeaver AS ABAP, Krnl64nuc and Kernel 7.73/7.74/7.75 (Solution Stack Software). It has been rated as critical. Affected by this issue is some processing. The manipulation with an unknown input leads to a...
Auteur: VulDB

SAP Disclosure Management 10.1 cross site scripting [CVE-2019-0254]

A vulnerability was found in SAP Disclosure Management 10.1. It has been declared as problematic. Affected by this vulnerability is a code block. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE...
Auteur: VulDB

SAP BusinessObjects up to 4.1 Fiori Launchpad cross site scripting

A vulnerability was found in SAP BusinessObjects up to 4.1. It has been classified as problematic. Affected is code of the component Fiori Launchpad. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB
12345678910Last

Événements SSI

ACCESSECURITY

AccesSecurity, salon euro-méditerranéen de la sécurité globale, se tient à Marseille (Chanot) les 6 et 7 mars 2019. Organisé par Safim.

IT & IT SECURITY MEETINGS

IT & IT Security Meetings, «salon des réseaux, du cloud, de la mobilité et de la sécurité informatique», se tient à Cannes, Palais des Festivals et des Congrès du 19 au 21 mars 2019. Organisé par Weyou Group.

RSS