vendredi 10 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Tiers autorisés : la CNIL publie un guide pratique et un recueil de procédures

Certaines autorités ont le pouvoir d’exiger des organismes la transmission de documents ou de renseignements pouvant comprendre des données personnelles : ce sont des « tiers autorisés ». Afin d’aider les professionnels visés par ce type de...
Auteur: Cnil

CERTFR-2020-AVI-421 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (09 juillet 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2020-AVI-420 : Multiples vulnérabilités dans les produits Juniper (09 juillet 2020)

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

CERTFR-2020-AVI-419 : Multiples vulnérabilités dans Palo Alto Networks PAN-OS (09 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Palo Alto Networks PAN-OS. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à...
Auteur: Cert FR

CERTFR-2020-AVI-418 : Multiples vulnérabilités dans Citrix Hypervisor (09 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-417 : Multiples vulnérabilités dans les produits Symantec (09 juillet 2020)

De multiples vulnérabilités ont été découvertes dans les produits Symantec. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

Mercari App up to 3.51.x Java Reflection API Java Object privilege escalation

A vulnerability, which was classified as critical, has been found in Mercari App up to 3.51.x. This issue affects an unknown functionality of the component Java Reflection API. Upgrading to version 3.52.0 eliminates this vulnerability.
Auteur: VulDB

HPE IceWall SSO Dfw/IceWall SSO Dgfw cross site scripting [CVE-2020-7140]

A vulnerability classified as problematic was found in HPE IceWall SSO Dfw and IceWall SSO Dgfw (the affected version is unknown). This vulnerability affects an unknown function. There is no information about possible countermeasures known. It...
Auteur: VulDB

Tableau Server 10.5/2018.x/2019.x/2020.x Log File information disclosure

A vulnerability classified as problematic has been found in Tableau Server 10.5/2018.x/2019.x/2020.x. This affects some unknown processing of the component Log File. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

NVIDIA JetPack SDK 4.2/4.3 Installation Script privilege escalation

A vulnerability was found in NVIDIA JetPack SDK 4.2/4.3. It has been rated as critical. Affected by this issue is an unknown code block of the component Installation Script. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Symantec Endpoint Detection and Response up to 4.3 information disclosure

A vulnerability was found in Symantec Endpoint Detection and Response up to 4.3. It has been declared as problematic. Affected by this vulnerability is an unknown code. Upgrading to version 4.4 eliminates this vulnerability.
Auteur: VulDB

MX Player App up to 1.24.4 on Android MX Transfer name Code Execution directory traversal

A vulnerability was found in MX Player App up to 1.24.4 on Android. It has been classified as critical. Affected is an unknown part of the component MX Transfer. Upgrading to version 1.24.5 eliminates this vulnerability.
Auteur: VulDB

VeloCloud Orchestrator Blind sql injection [CVE-2020-3973]

A vulnerability was found in VeloCloud Orchestrator (unknown version) and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

GeoVision Door Access Control Command memory corruption [CVE-2020-3931]

A vulnerability has been found in GeoVision Door Access Control (the affected version is unknown) and classified as critical. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB

Palo Alto PAN-OS up to 8.1.14/9.1.2 GlobalProtect Portal OS Command Injection privilege escalation

A vulnerability, which was classified as critical, was found in Palo Alto PAN-OS up to 8.1.14/9.1.2. This affects an unknown function of the component GlobalProtect Portal. Upgrading to version 8.1.15 or 9.1.3 eliminates this vulnerability.
Auteur: VulDB

Palo Alto PAN-OS up to 9.1.2 dnsproxyd Integer Underflow denial of service

A vulnerability, which was classified as problematic, has been found in Palo Alto PAN-OS up to 9.1.2 (Firewall Software). Affected by this issue is some unknown processing of the component dnsproxyd. Upgrading to version 9.1.3 eliminates this...
Auteur: VulDB

Palo Alto PAN-OS up to 7.x/8.0.x/8.1.14 Management Interface OS Command Injection privilege escalation

A vulnerability classified as critical was found in Palo Alto PAN-OS up to 7.x/8.0.x/8.1.14 (Firewall Software). Affected by this vulnerability is an unknown code block of the component Management Interface. Upgrading to version 8.1.15, 9.0.0 or...
Auteur: VulDB

Palo Alto PAN-OS up to 8.1.13/9.0.8/9.1.2 weak encryption [CVE-2020-1982]

A vulnerability classified as problematic has been found in Palo Alto PAN-OS up to 8.1.13/9.0.8/9.1.2 (Firewall Software). Affected is an unknown code. Upgrading to version 8.1.14, 9.0.9 or 9.1.3 eliminates this vulnerability.
Auteur: VulDB

PHPList up to 3.5.4 Administrator Import Document cross site scripting

A vulnerability was found in PHPList up to 3.5.4 (Mailing List Software). It has been rated as problematic. This issue affects an unknown part of the component Administrator Import. There is no information about possible countermeasures known. It...
Auteur: VulDB

PHPList up to 3.5.4 Administrator Import Error sql injection

A vulnerability was found in PHPList up to 3.5.4 (Mailing List Software). It has been declared as critical. This vulnerability affects some unknown functionality of the component Administrator Import. There is no information about possible...
Auteur: VulDB

Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Camel Templating Injection privilege escalation

A vulnerability was found in Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 (Application Server Software). It has been classified as critical. This affects an unknown functionality of the component Camel Templating. Upgrading to version...
Auteur: VulDB

Micro Focus Identity Manager up to 4.7.2/4.8.1 privilege escalation

A vulnerability was found in Micro Focus Identity Manager up to 4.7.2/4.8.1 and classified as critical. Affected by this issue is an unknown function. Upgrading to version 4.7.3 or 4.8.1 Hotfix 1 eliminates this vulnerability.
Auteur: VulDB

Huawei Products SIP Module Messages memory corruption

A vulnerability has been found in Huawei Products (affected version unknown) and classified as critical. Affected by this vulnerability is some unknown processing of the component SIP Module. There is no information about possible countermeasures...
Auteur: VulDB

Huawei Products SIP Module Messages memory corruption

A vulnerability, which was classified as critical, was found in Huawei Products (version unknown). Affected is an unknown code block of the component SIP Module. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Huawei Products SIP Module Messages memory corruption

A vulnerability, which was classified as critical, has been found in Huawei Products (unknown version). This issue affects an unknown code of the component SIP Module. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
12345678910Last

Événements SSI