vendredi 13 décembre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-622 : Multiples vulnérabilités dans le noyau Linux de SUSE (11 décembre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique...
Auteur: Cert FR

CERTFR-2019-AVI-621 : Multiples vulnérabilités dans le noyau Linux de Red Hat (11 décembre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des...
Auteur: Cert FR

CERTFR-2019-AVI-620 : Multiples vulnérabilités dans les produits Apple (11 décembre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

CERTFR-2019-AVI-619 : Multiples vulnérabilités dans Google Chrome (11 décembre 2019)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2019-AVI-618 : Multiples vulnérabilités dans Gitlab (11 décembre 2019)

De multiples vulnérabilités ont été découvertes dans Gitlab. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

Google Chrome prior 74.0.3729.108 Javascript HTML Page Out-of-Bounds memory corruption

A vulnerability was found in Google Chrome (Web Browser) and classified as critical. This issue affects some unknown functionality of the component Javascript. Upgrading to version 74.0.3729.108 eliminates this vulnerability.
Auteur: VulDB

Google Chrome prior 75.0.3770.80 Javascript HTML Page Out-of-Bounds memory corruption

A vulnerability has been found in Google Chrome (Web Browser) and classified as critical. This vulnerability affects an unknown functionality of the component Javascript. Upgrading to version 75.0.3770.80 eliminates this vulnerability.
Auteur: VulDB

libxslt up to 1.1.32 xsltNumberFormatGetMultipleLevel XML Data memory corruption

A vulnerability, which was classified as critical, was found in libxslt up to 1.1.32. This affects the function xsltNumberFormatGetMultipleLevel. Upgrading to version 1.1.33 eliminates this vulnerability.
Auteur: VulDB

Yabasic 2.86.1 Basic Source Code flex.c yylex() memory corruption

A vulnerability, which was classified as critical, has been found in Yabasic 2.86.1. Affected by this issue is the function yylex() of the file flex.c of the component Basic Source Code Handler. There is no information about possible...
Auteur: VulDB

Tableau Server up to 10.3 on Windows/Linux embeddedAuthRedirect cross site scripting

A vulnerability classified as problematic was found in Tableau Server up to 10.3 on Windows/Linux. Affected by this vulnerability is an unknown code block of the file embeddedAuthRedirect. There is no information about possible countermeasures...
Auteur: VulDB

MediaWiki up to 1.33.1 Protection Mechanism privilege escalation

A vulnerability classified as critical has been found in MediaWiki up to 1.33.1. Affected is an unknown code of the component Protection Mechanism. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

VisualEditor Extension up to 1.34 on MediaWiki Clipboard data-ve-clipboard-key cross site scripting

A vulnerability was found in VisualEditor Extension up to 1.34 on MediaWiki. It has been rated as problematic. This issue affects an unknown part of the component Clipboard. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Moxa EDS-G508E/EDS-G512E/EDS-G516E up to 6.0 PROFINET DCE-RPC Endpoint denial of service

A vulnerability was found in Moxa EDS-G508E, EDS-G512E and EDS-G516E up to 6.0. It has been declared as problematic. This vulnerability affects some unknown functionality of the component PROFINET DCE-RPC Endpoint. There is no information about...
Auteur: VulDB

Ktor up to 1.2.6 Authorization Header privilege escalation

A vulnerability was found in Ktor up to 1.2.6. It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

modoboa-dmarc Plugin 1.1.0 on Modoboa XML Data XML Document XML External Entity

A vulnerability was found in modoboa-dmarc Plugin 1.1.0 on Modoboa and classified as critical. Affected by this issue is an unknown function of the component XML Data Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Git up to 2.20.1/2.21.0/2.22.1/2.23.0/2.24.0 Submodule Update Command privilege escalation

A vulnerability has been found in Git up to 2.20.1/2.21.0/2.22.1/2.23.0/2.24.0 and classified as critical. Affected by this vulnerability is some unknown processing of the component Submodule Update Handler. Upgrading to version 2.20.2, 2.21.1,...
Auteur: VulDB

Yachtcontrol up to 2019-10-06 systemcall.php System Command privilege escalation

A vulnerability, which was classified as critical, was found in Yachtcontrol up to 2019-10-06. Affected is an unknown code block of the file /pages/systemcall.php?command={COMMAND}. There is no information about possible countermeasures known. It...
Auteur: VulDB

Microsoft Skype for Business Server 2019 CU2 Request cross site scripting

A vulnerability, which was classified as problematic, has been found in Microsoft Skype for Business Server 2019 CU2 (Unified Communication Software). This issue affects an unknown code. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

Microsoft Windows XP SP3 Remote Desktop Protocol information disclosure

A vulnerability classified as problematic was found in Microsoft Windows XP SP3 (Operating System). This vulnerability affects an unknown part of the component Remote Desktop Protocol. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

libssh up to 0.8.7/0.9.2 scp Client ssh_scp_new() Parameter command injection

A vulnerability classified as critical has been found in libssh up to 0.8.7/0.9.2. This affects the function ssh_scp_new() of the component scp Client. Upgrading to version 0.8.8 or 0.9.3 eliminates this vulnerability.
Auteur: VulDB

Microsoft Windows up to Server 2019 Defender privilege escalation

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is an unknown functionality of the component Defender. Applying a patch is able to eliminate this problem. A possible mitigation has been...
Auteur: VulDB

Ssamba up to 4.9.16/4.10.10/4.11.2 S4U Kerberos Delegation privilege escalation

A vulnerability was found in Ssamba up to 4.9.16/4.10.10/4.11.2. It has been declared as critical. Affected by this vulnerability is an unknown function of the component S4U Kerberos Delegation. Upgrading to version 4.9.17, 4.10.11 or 4.11.3...
Auteur: VulDB

Microsoft Authentication Library up to 0.3.1-Alpha on Android information disclosure

A vulnerability was found in Microsoft Authentication Library up to 0.3.1-Alpha on Android. It has been classified as problematic. Affected is some unknown processing. Applying a patch is able to eliminate this problem. A possible mitigation has...
Auteur: VulDB

Samba up to 4.9.16/4.10.10/4.11.2 AD Handleer ldb_qsort/dns_name_compare privilege escalation

A vulnerability was found in Samba up to 4.9.16/4.10.10/4.11.2 and classified as critical. This issue affects the function ldb_qsort/dns_name_compare of the component AD Handleer. Upgrading to version 4.9.17, 4.10.11 or 4.11.3 eliminates this...
Auteur: VulDB

Microsoft Visual Studio 2019 privilege escalation

A vulnerability has been found in Microsoft Visual Studio 2019 and classified as critical. This vulnerability affects an unknown code of the component Studio. Applying a patch is able to eliminate this problem. A possible mitigation has been...
Auteur: VulDB
First567891011121314Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS