samedi 18 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Google Releases Security Updates for Chrome

Original release date: January 17, 2020Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity...
Auteur: US Cert

SuSE Openstack Cloud 8 keystone-json-assignment Package user-project-map.json privilege escalation

A vulnerability has been found in SuSE Openstack Cloud 8 and classified as critical. This vulnerability affects an unknown code block of the file /etc/keystone/user-project-map.json of the component keystone-json-assignment Package. Applying the...
Auteur: VulDB

SuSE CaaS Platform up to 3.0 docker-kubic package privilege escalation

A vulnerability, which was classified as critical, was found in SuSE CaaS Platform up to 3.0. This affects an unknown code of the component docker-kubic package. Upgrading eliminates this vulnerability.
Auteur: VulDB

Gallagher Command Centre Server OPCUA information disclosure

A vulnerability, which was classified as problematic, has been found in Gallagher Command Centre Server (affected version not known). Affected by this issue is an unknown part of the component OPCUA. Upgrading eliminates this vulnerability.
Auteur: VulDB

Gallagher Command Centre Server Backup privilege escalation [CVE-2019-19801]

A vulnerability classified as critical was found in Gallagher Command Centre Server (affected version unknown). Affected by this vulnerability is some unknown functionality of the component Backup Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Intelbras WRN240 Firmware incoming/Firmware.cfg POST Request privilege escalation

A vulnerability classified as critical has been found in Intelbras WRN240 (version unknown). Affected is an unknown functionality of the file incoming/Firmware.cfg of the component Firmware Handler. There is no information about possible...
Auteur: VulDB

SaltStack Salt up to 2019.2.0 salt-api NEST API Endpoint privilege escalation

A vulnerability was found in SaltStack Salt up to 2019.2.0. It has been rated as critical. This issue affects an unknown function of the component salt-api NEST API Endpoint. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CERTFR-2020-AVI-045 : Multiples vulnérabilités dans Oracle Weblogic (17 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des...
Auteur: Cert FR

CERTFR-2020-AVI-044 : Vulnérabilité dans Cisco Application Policy Infrastructure Controller (17 janvier 2020)

Une vulnérabilité a été découverte dans Cisco Application Policy Infrastructure Controller. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-043 : Multiples vulnérabilités dans Google Chrome (17 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

VU#338824: Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Microsoft has released Security Advisory ADV200001,which describes a memory corruption vulnerability in the Scripting Engine. This vulnerability is being exploited in the wild.
Auteur: US Cert

WP Database Reset up to 3.1 on WordPress admin-post.php denial of service

A vulnerability was found in WP Database Reset up to 3.1 on WordPress (WordPress Plugin). It has been declared as critical. This vulnerability affects some unknown processing of the file wp-admin/admin-post.php?db-reset-tables[]=comments. There...
Auteur: VulDB

WP Database Reset up to 3.1 on WordPress admin.php privilege escalation

A vulnerability was found in WP Database Reset up to 3.1 on WordPress (WordPress Plugin). It has been classified as critical. This affects an unknown code block of the file wp-admin/admin.php?db-reset-tables[]=users. There is no information about...
Auteur: VulDB

libslirp 4.1.0 tcp_subr.c tcp_emu memory corruption

A vulnerability was found in libslirp 4.1.0 and classified as critical. Affected by this issue is the function tcp_emu of the file tcp_subr.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Spring Framework up to 5.0.15/5.1.12/5.2.2 Header Content-Disposition Reflected information disclosure

A vulnerability has been found in Spring Framework up to 5.0.15/5.1.12/5.2.2 and classified as problematic. Affected by this vulnerability is an unknown part of the component Header Handler. Upgrading to version 5.0.16, 5.1.13 or 5.2.3 eliminates...
Auteur: VulDB

Broadcom brcmfmac WiFi Driver Frame Validation is_wlc_event_frame WiFi Packet memory corruption

A vulnerability, which was classified as critical, was found in Broadcom brcmfmac WiFi Driver (Hardware Driver Software) (version unknown). Affected is the function is_wlc_event_frame of the component Frame Validation Handler. Applying the patch...
Auteur: VulDB

Broadcom brcmfmac WiFi Driver Wake-up on Wireless LAN brcmf_wowl_nd_results WiFi Packet memory corruption

A vulnerability, which was classified as critical, has been found in Broadcom brcmfmac WiFi Driver (unknown version). This issue affects the function brcmf_wowl_nd_results of the component Wake-up on Wireless LAN. Applying the patch...
Auteur: VulDB

Foxit PDF Reader 9.7.0.29435 Javascript Engine PDF Document Use-After-Free memory corruption

A vulnerability classified as critical was found in Foxit PDF Reader 9.7.0.29435. This vulnerability affects an unknown function of the component Javascript Engine. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Foxit PDF Reader 9.7.0.29435 Javascript Engine PDF Document Use-After-Free memory corruption

A vulnerability classified as critical has been found in Foxit PDF Reader 9.7.0.29435. This affects some unknown processing of the component Javascript Engine. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Foxit PDF Reader 9.7.0.29435 Javascript Engine PDF Document Use-After-Free memory corruption

A vulnerability was found in Foxit PDF Reader 9.7.0.29435. It has been rated as critical. Affected by this issue is an unknown code block of the component Javascript Engine. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Foxit PDF Reader 9.7.0.29435 Javascript Engine PDF Document Use-After-Free memory corruption

A vulnerability was found in Foxit PDF Reader 9.7.0.29435 (Document Reader Software). It has been declared as critical. Affected by this vulnerability is an unknown code of the component Javascript Engine. There is no information about possible...
Auteur: VulDB

SimpliSafe SS3 1.0-1.3 Keyboard weak authentication

A vulnerability was found in SimpliSafe SS3 1.0-1.3. It has been classified as problematic. Affected is an unknown part of the component Keyboard Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Centreon Infrastructure Monitoring Software up to 19.10 Perl cwrapper_perl privilege escalation

A vulnerability was found in Centreon Infrastructure Monitoring Software up to 19.10 and classified as critical. This issue affects some unknown functionality of the file cwrapper_perl of the component Perl Handler. There is no information about...
Auteur: VulDB

Siemens SINAMICS PERFECT HARMONY GH180 privilege escalation [CVE-2019-19278]

A vulnerability has been found in Siemens SINAMICS PERFECT HARMONY GH180 (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Linux Kernel up to 5.3.9 Flow Dissector flow_dissector.c hashmd information disclosure

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.3.9. This affects an unknown function of the file net/core/flow_dissector.c of the component Flow Dissector. Upgrading to version 5.3.10 eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS