samedi 6 juin 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

nghttp2 up to 1.40.x HTTP2 denial of service

A vulnerability was found in nghttp2 up to 1.40.x. It has been classified as problematic. Affected is some unknown processing of the component HTTP2 Handler. Upgrading to version 1.41.0 eliminates this vulnerability.
Auteur: VulDB

containernetworking/plugins up to 0.8.5 Man-in-the-Middle privilege escalation

A vulnerability was found in containernetworking and plugins up to 0.8.5 and classified as critical. This issue affects an unknown code block. Upgrading to version 0.8.6 eliminates this vulnerability.
Auteur: VulDB

GitHub Enterprise Server up to 2.18.19/2.19.14/2.20.8 API privilege escalation

A vulnerability has been found in GitHub Enterprise Server up to 2.18.19/2.19.14/2.20.8 (Bug Tracking Software) and classified as critical. This vulnerability affects an unknown code of the component API. Upgrading to version 2.18.20, 2.19.15 or...
Auteur: VulDB

Compound Finance Compound Price Oracle up to 1.0 PriceOracle.sol setPrice privilege escalation

A vulnerability, which was classified as critical, was found in Compound Finance Compound Price Oracle up to 1.0 (Financial Software). This affects the function setPrice of the component PriceOracle.sol. There is no information about possible...
Auteur: VulDB

Avaya IP Office up to 9.x/10.1.0.7/11.0.4.3 Web Interface information disclosure

A vulnerability, which was classified as problematic, has been found in Avaya IP Office up to 9.x/10.1.0.7/11.0.4.3. Affected by this issue is some unknown functionality of the component Web Interface. There is no information about possible...
Auteur: VulDB

SI-DEP, Contact Covid et StopCovid : la CNIL lance sa campagne de contrôles

Dans le cadre de la lutte contre l’épidémie de COVID-19, le Gouvernement a mis en place les fichiers SI-DEP et Contact Covid, auxquels s'ajoute le déploiement de l’application mobile StopCovid. Après s’être prononcée sur les projets de décrets...
Auteur: Cnil

Linux Kernel up to 5.0.5 net/core/net-sysfs.c rx_queue_add_kobject() Object unknown vulnerability

A vulnerability was found in Linux Kernel up to 5.0.5 (Operating System). It has been rated as problematic. This issue affects the function rx_queue_add_kobject() of the file net/core/net-sysfs.c. Upgrading to version 5.0.6 eliminates this...
Auteur: VulDB

Linux Kernel up to 5.5 snd-go7007.c go7007_snd_init denial of service

A vulnerability was found in Linux Kernel up to 5.5 (Operating System). It has been declared as problematic. This vulnerability affects the function go7007_snd_init of the file drivers/media/usb/go7007/snd-go7007.c. Upgrading to version 5.7...
Auteur: VulDB

Atlassian Navigator Links up to 3.3.23/4.3.6/5.0.0/5.1.0 CustomAppsRestResource information disclosure

A vulnerability, which was classified as problematic, has been found in Atlassian Navigator Links up to 3.3.23/4.3.6/5.0.0/5.1.0. Affected by this issue is some unknown functionality of the component CustomAppsRestResource. Upgrading to version...
Auteur: VulDB

systemd up to v245 Incomplete Fix CVE-2017-1000082 Username privilege escalation

A vulnerability classified as critical was found in systemd up to v245. Affected by this vulnerability is an unknown functionality of the component Incomplete Fix CVE-2017-1000082. There is no information about possible countermeasures known. It...
Auteur: VulDB

Linux Kernel up to 5.4.6 net/packet/af_packet.c prb_calc_retire_blk_tmo() Packet denial of service

A vulnerability classified as problematic has been found in Linux Kernel up to 5.4.6 (Operating System). Affected is the function prb_calc_retire_blk_tmo() of the file net/packet/af_packet.c. Upgrading to version 5.4.7 eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-336 : Multiples vulnérabilités dans Mozilla Firefox (03 juin 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de...
Auteur: Cert FR

CERTFR-2020-AVI-335 : Multiples vulnérabilités dans Joomla! (03 juin 2020)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

FortiClient Hardcoded Cryptographic Key (CERT-EU Security Advisory 2020-029)

Fortinet FortiClient for Windows uses a hard-coded cryptographic key to encrypt security sensitive data in the configuration file. The vulnerability allows an attacker with access to the configuration file to disclose sensitive configuration...
Auteur: Cert EU

CERTFR-2020-AVI-334 : Multiples vulnérabilités dans Aruba ClearPass Policy Manager (03 juin 2020)

De multiples vulnérabilités ont été découvertes dans Aruba ClearPass Policy Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-333 : Vulnérabilité dans Tenable Nessus Network Monitor (03 juin 2020)

Une vulnérabilité a été découverte dans Tenable Nessus Network Monitor. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

websocket-extensions up to 0.1.4 on Ruby Regex Backslash ReDoS denial of service

A vulnerability was found in websocket-extensions up to 0.1.4 on Ruby (Ruby Gem). It has been classified as problematic. This affects an unknown code of the component Regex Handler. Upgrading to version 0.1.5 eliminates this vulnerability.
Auteur: VulDB

websocket-extensions up to 1.0.3 on npm Regex Backslash ReDoS denial of service

A vulnerability was found in websocket-extensions up to 1.0.3 on npm and classified as problematic. Affected by this issue is an unknown part of the component Regex Handler. Upgrading to version 1.0.4 eliminates this vulnerability.
Auteur: VulDB

Spring Cloud Config up to 2.1.8/2.2.2 spring-cloud-config-server directory traversal

A vulnerability has been found in Spring Cloud Config up to 2.1.8/2.2.2 (Cloud Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component spring-cloud-config-server. Upgrading to version...
Auteur: VulDB

IBM Planning Analytics 2.0 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM Planning Analytics 2.0. Affected is an unknown functionality of the component Web UI. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Planning Analytics 2.0 Web UI cross site scripting

A vulnerability, which was classified as problematic, has been found in IBM Planning Analytics 2.0. This issue affects an unknown function of the component Web UI. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

IBM Planning Analytics 2.0 weak encryption [CVE-2020-4367]

A vulnerability classified as problematic was found in IBM Planning Analytics 2.0. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

IBM Planning Analytics 2.0 Web UI cross site scripting

A vulnerability classified as problematic has been found in IBM Planning Analytics 2.0. This affects an unknown code block of the component Web UI. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

IBM Planning Analytics 2.0 Web UI cross site scripting

A vulnerability was found in IBM Planning Analytics 2.0. It has been rated as problematic. Affected by this issue is an unknown code of the component Web UI. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Qualcomm Snapdragon Auto up to SXR1130 fastrpc Memory Mapping API race condition

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables (Chip Software). It has been declared as problematic. Affected by this...
Auteur: VulDB
First567891011121314Last

Événements SSI