samedi 18 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-033 : Multiples vulnérabilités dans les produits Intel (15 janvier 2020)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-032 : Vulnérabilité dans VMware Tools (15 janvier 2020)

Une vulnérabilité a été découverte dans VMware Tools. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-031 : Vulnérabilité dans Xen (15 janvier 2020)

Une vulnérabilité a été découverte dans Xen. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-030 : Multiples vulnérabilités dans le noyau Linux de Red Hat (15 janvier 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité...
Auteur: Cert FR

Hikvision DVR DS-7204HGHI-F1 4.0.1 capabilities information disclosure

A vulnerability, which was classified as problematic, has been found in Hikvision DVR DS-7204HGHI-F1 4.0.1. Affected by this issue is some unknown functionality of the file ISAPI/Security/sessionLogin/capabilities. There is no information about...
Auteur: VulDB

libIEC61850 up to 1.4.0 mms_access_result.c MmsValue_decodeMmsData memory corruption

A vulnerability classified as critical was found in libIEC61850 up to 1.4.0. Affected by this vulnerability is the function MmsValue_decodeMmsData of the file mms/iso_mms/server/mms_access_result.c. There is no information about possible...
Auteur: VulDB

Linux Kernel up to 4.14.165/4.19.96/5.1 i915_gem_gtt.c i915_ppgtt_close memory corruption

A vulnerability classified as critical has been found in Linux Kernel up to 4.14.165/4.19.96/5.1. Affected is the function i915_ppgtt_close of the file drivers/gpu/drm/i915/i915_gem_gtt.c. Upgrading to version 5.2 eliminates this vulnerability.
Auteur: VulDB

SAP Basis up to 7.54 Automated Note Search Tool information disclosure

A vulnerability was found in SAP Basis up to 7.54. It has been rated as problematic. This issue affects some unknown processing of the component Automated Note Search Tool. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SAP Leasing up to 6.18 Transaction privilege escalation

A vulnerability was found in SAP Leasing up to 6.18. It has been declared as critical. This vulnerability affects an unknown code block of the component Transaction Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SAP Process Integration 7.31/7.40/7.50 PI Rest Adapter cross site scripting

A vulnerability was found in SAP Process Integration 7.31/7.40/7.50. It has been classified as problematic. This affects an unknown code of the component PI Rest Adapter. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

SAP NetWeaver Internet Communication Manager 7.21/7.49/7.53 denial of service

A vulnerability was found in SAP NetWeaver Internet Communication Manager 7.21/7.49/7.53 (Solution Stack Software) and classified as problematic. Affected by this issue is an unknown part. There is no information about possible countermeasures...
Auteur: VulDB

SAP Disclosure Management up to 10.0 cross site scripting [CVE-2020-6303]

A vulnerability has been found in SAP Disclosure Management up to 10.0 and classified as problematic. Affected by this vulnerability is some unknown functionality. Upgrading to version 10.1 eliminates this vulnerability.
Auteur: VulDB

TUF up to 0.12.1 Resource Exhaustion denial of service

A vulnerability, which was classified as problematic, was found in TUF up to 0.12.1. Affected is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

F5 BIG-IP APM up to 11.6.5.1/12.1.5/13.1.3.2/14.1.2.3/15.1.0 Portal Access unknown vulnerability

A vulnerability, which was classified as critical, has been found in F5 BIG-IP APM up to 11.6.5.1/12.1.5/13.1.3.2/14.1.2.3/15.1.0. This issue affects an unknown function of the component Portal Access. There is no information about possible...
Auteur: VulDB

F5 BIG-IP Traffic Management Microkernel Pattern Restart denial of service

A vulnerability classified as problematic was found in F5 BIG-IP (the affected version is unknown). This vulnerability affects some unknown processing of the component Traffic Management Microkernel. Applying a patch is able to eliminate this...
Auteur: VulDB

PHPGurukul Car Rental Project 1.0 File Upload Profile Image Code Execution

A vulnerability classified as critical has been found in PHPGurukul Car Rental Project 1.0. This affects an unknown code block of the component File Upload. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Freelancy 1.0.0 /api/files/ privilege escalation

A vulnerability was found in Freelancy 1.0.0. It has been rated as critical. Affected by this issue is an unknown code of the file /api/files/. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

phpBB 3.2.8 Group Membership cross site request forgery

A vulnerability was found in phpBB 3.2.8. It has been declared as problematic. Affected by this vulnerability is an unknown part of the component Group Membership Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

phpBB 3.2.8 Group Avatar cross site request forgery

A vulnerability was found in phpBB 3.2.8. It has been classified as problematic. Affected is some unknown functionality of the component Group Avatar Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

PHPGurukul Hospital Management System in PHP 4.0 searchdata/Doctorspecialization Reflected cross site scripting

A vulnerability was found in PHPGurukul Hospital Management System in PHP 4.0 and classified as problematic. This issue affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Viscosity 1.8.2 on Windows/macOS OpenVPN Parameter Code Execution

A vulnerability has been found in Viscosity 1.8.2 on Windows/macOS and classified as critical. This vulnerability affects an unknown function of the component OpenVPN Parameter Handler. There is no information about possible countermeasures...
Auteur: VulDB

MikroTik Winbox up to 3.20 Authentication Man-in-the-Middle weak encryption

A vulnerability, which was classified as problematic, was found in MikroTik Winbox up to 3.20. This affects some unknown processing of the component Authentication. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Norton Power Eraser up to 5.3.0 privilege escalation [CVE-2019-19548]

A vulnerability, which was classified as critical, has been found in Norton Power Eraser up to 5.3.0. Affected by this issue is an unknown code block. Upgrading to version 5.3.0.67 eliminates this vulnerability.
Auteur: VulDB

PyInstaller up to 3.5 on Windows Onefile Mode TempPath privilege escalation

A vulnerability was found in PyInstaller up to 3.5 on Windows. It has been rated as critical. This issue affects some unknown functionality of the component Onefile Mode. Upgrading to version 3.6 eliminates this vulnerability.
Auteur: VulDB

Google Chrome prior 79.0.3945.79 WebRTC HTML Page Heap-based memory corruption

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects an unknown functionality of the component WebRTC. Upgrading to version 79.0.3945.79 eliminates this vulnerability.
Auteur: VulDB
First567891011121314Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS