vendredi 3 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Tivoli Netcool Impact up to 7.1.0.17 denial of service [CVE-2020-4236]

A vulnerability, which was classified as problematic, has been found in IBM Tivoli Netcool Impact (Directory Service Software). This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

IBM Tivoli Netcool Impact up to 7.1.0.17 Web UI cross site scripting

A vulnerability classified as problematic was found in IBM Tivoli Netcool Impact (Directory Service Software). This vulnerability affects an unknown part of the component Web UI. There is no information about possible countermeasures known. It...
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 directory traversal [CVE-2020-4214]

A vulnerability classified as critical has been found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 Default Key weak authentication

A vulnerability was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). It has been rated as critical. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 Command privilege escalation

A vulnerability was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may...
Auteur: VulDB

systemd up to v244 Polkit Query Use-After-Free denial of service

A vulnerability was found in systemd up to v244. It has been classified as problematic. Affected is some unknown processing of the component Polkit Query Handler. Upgrading to version 245-rc1 eliminates this vulnerability.
Auteur: VulDB

TP-LINK Cloud Camera WiFi Session weak authentication [CVE-2020-11445]

A vulnerability was found in TP-LINK Cloud Camera (Cloud Software) (unknown version) and classified as critical. This issue affects an unknown code block of the component WiFi Session Handler. There is no information about possible...
Auteur: VulDB

phpMyAdmin 5.0.2 Error Page String Reflected cross site scripting

A vulnerability has been found in phpMyAdmin 5.0.2 (Database Administration Software) and classified as problematic. This vulnerability affects an unknown code of the component Error Page. There is no information about possible countermeasures...
Auteur: VulDB

Progress Telerik UI for Silverlight prior 2020.1.330 RadUpload RadUploadHandler Web Request directory traversal

A vulnerability, which was classified as critical, was found in Progress Telerik UI for Silverlight. This affects the function RadUploadHandler of the component RadUpload. Upgrading to version 2020.1.330 eliminates this vulnerability.
Auteur: VulDB

FasterXML jackson-databind up to 2.9.10.3 Serialized privilege escalation

A vulnerability, which was classified as critical, has been found in FasterXML jackson-databind up to 2.9.10.3. Affected by this issue is some unknown functionality. Upgrading to version 2.9.10.4 eliminates this vulnerability.
Auteur: VulDB

FasterXML jackson-databind up to 2.9.10.3 Serialized privilege escalation

A vulnerability classified as critical was found in FasterXML jackson-databind up to 2.9.10.3. Affected by this vulnerability is an unknown functionality. Upgrading to version 2.9.10.4 eliminates this vulnerability.
Auteur: VulDB

FasterXML jackson-databind up to 2.9.10.3 Serialized privilege escalation

A vulnerability classified as critical has been found in FasterXML jackson-databind up to 2.9.10.3. Affected is an unknown function. Upgrading to version 2.9.10.4 eliminates this vulnerability.
Auteur: VulDB

Buildah up to 1.14.4 Container Image directory traversal

A vulnerability was found in Buildah up to 1.14.4. It has been rated as critical. This issue affects some unknown processing of the component Container Image Handler. Upgrading to version 1.14.5 eliminates this vulnerability.
Auteur: VulDB

pam-krb5 up to 4.8 Kerberos Stack-based memory corruption

A vulnerability was found in pam-krb5 up to 4.8. It has been declared as critical. This vulnerability affects an unknown code block of the component Kerberos Handler. Upgrading to version 4.9 eliminates this vulnerability.
Auteur: VulDB

js-bson BSON Serialized privilege escalation

A vulnerability was found in js-bson (the affected version unknown). It has been classified as critical. This affects an unknown code of the component BSON Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Ansible Engine up to 2.7.15/2.8.7/2.9.2 nxos_file_copy Module filename OS Command Injection privilege escalation

A vulnerability was found in Ansible Engine up to 2.7.15/2.8.7/2.9.2 and classified as critical. Affected by this issue is an unknown part of the component nxos_file_copy Module. Upgrading to version 2.7.16, 2.8.8 or 2.9.3 eliminates this...
Auteur: VulDB

Moodle up to 3.5.8/3.6.6/3.7.2 OAuth2 weak authentication

A vulnerability has been found in Moodle up to 3.5.8/3.6.6/3.7.2 (Learning Management Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component OAuth2 Handler. Upgrading to version 3.5.9,...
Auteur: VulDB

ZyXEL XGS2210-52HP 4.50 rpSys.html Name/Location cross site scripting

A vulnerability, which was classified as problematic, was found in ZyXEL XGS2210-52HP 4.50. Affected is an unknown functionality of the file rpSys.html. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

pki-core 10.x.x Token Processing Service Parameter Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in pki-core 10.x.x. This issue affects an unknown function of the component Token Processing Service. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Salariés en télétravail : quelles sont les bonnes pratiques à suivre ?

La pandémie du coronavirus (COVID-19) a incité de nombreuses entreprises à mettre en place des solutions de télétravail. Si vous êtes concerné(e) par ce type de dispositif, vous devez suivre quelques règles pour garantir votre propre sécurité et...
Auteur: Cnil

Les conseils de la CNIL pour mettre en place du télétravail

Dans le contexte du COVID-19, le télétravail est une solution qui doit s'accompagner de mesures de sécurités renforcées pour garantir la sécurité des systèmes d'information et des données traitées. La CNIL publie des recommandations pour aider à...
Auteur: Cnil

CERTFR-2020-AVI-179 : Vulnérabilité dans les produits Red Hat (31 mars 2020)

Une vulnérabilité a été découverte dans plusieurs produits de Red Hat. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-178 : Vulnérabilité dans le noyau Linux d’Ubuntu (31 mars 2020)

Une vulnérabilité a été découverte dans le noyau Linux de Ubuntu . Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Versiant LYNX Customer Service Portal 3.5.2 Stored cross site scripting

A vulnerability classified as problematic was found in Versiant LYNX Customer Service Portal 3.5.2 (Web Browser). This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zoho ManageEngine Desktop Central PDFGenerationServlet information disclosure

A vulnerability classified as problematic has been found in Zoho ManageEngine Desktop Central (Endpoint Management Software) (the affected version unknown). This affects an unknown code block of the component PDFGenerationServlet. There is no...
Auteur: VulDB
First567891011121314Last

Événements SSI