jeudi 28 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Bluetooth BR EDR Core up to 5.2 Legacy Pairing weak authentication

A vulnerability classified as critical was found in Bluetooth BR EDR Core up to 5.2. This vulnerability affects an unknown functionality of the component Legacy Pairing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Bluetooth Core up to 5.2 Pairing weak authentication

A vulnerability classified as critical has been found in Bluetooth Core up to 5.2. This affects an unknown function of the component Pairing Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Surveillance des examens en ligne : les rappels et conseils de la CNIL

Dans le contexte de crise sanitaire liée au COVID-19, certains établissements d’enseignement supérieur publics et privés souhaitent notamment recourir à des outils numériques de télésurveillance afin d’organiser des examens à distance. La CNIL...
Auteur: Cnil

PowerDNS Recursor up to 4.3.0 gethostname() memory corruption

A vulnerability was found in PowerDNS Recursor up to 4.3.0. It has been rated as critical. Affected by this issue is the function gethostname(). There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2020-AVI-302 : Multiples vulnérabilités dans Bind (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-301 : Multiples vulnérabilités dans Ruby on Rails (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de requêtes...
Auteur: Cert FR

CERTFR-2020-AVI-300 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

Micro Focus Enterprise Server/Enterprise Developer up to 5.0 Patch Update 7 Reflected cross site scripting

A vulnerability was found in Micro Focus Enterprise Server and Enterprise Developer up to 5.0 Patch Update 7. It has been declared as problematic. Affected by this vulnerability is an unknown code block. Applying the patch 5.0 Patch Update 8 is...
Auteur: VulDB

Horde Groupware Webmail Edition up to 5.2.21 Image View SVG Image Stored cross site scripting

A vulnerability was found in Horde Groupware Webmail Edition up to 5.2.21 (Groupware Software). It has been classified as problematic. Affected is an unknown code of the component Image View. Upgrading to version 5.2.22 eliminates this...
Auteur: VulDB

Gollem up to 3.0.12 dir Reflected cross site scripting

A vulnerability was found in Gollem up to 3.0.12 and classified as problematic. This issue affects an unknown part. Upgrading to version 3.0.13 eliminates this vulnerability.
Auteur: VulDB

Nitro Pro 13.9.1.155 XML Error PDF Document Uninitialized Memory information disclosure

A vulnerability has been found in Nitro Pro 13.9.1.155 and classified as problematic. This vulnerability affects some unknown functionality of the component XML Error Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Nitro Pro 13.9.1.155 Object Parser PDF File Integer Overflow memory corruption

A vulnerability, which was classified as critical, was found in Nitro Pro 13.9.1.155. This affects an unknown functionality of the component Object Parser. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Nitro Pro 13.9.1.155 PDF Parser PDF Document Use-After-Free memory corruption

A vulnerability, which was classified as critical, has been found in Nitro Pro 13.9.1.155. Affected by this issue is an unknown function of the component PDF Parser. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Proxygen prior v2020.05.18.00 Lifetime Management Request Use-After-Free memory corruption

A vulnerability classified as critical was found in Proxygen. Affected by this vulnerability is some unknown processing of the component Lifetime Management. Upgrading to version v2020.05.18.00 eliminates this vulnerability.
Auteur: VulDB

Zoho ManageEngine Service Plus prior 11.1 Build 11112 Password information disclosure

A vulnerability classified as problematic has been found in Zoho ManageEngine Service Plus. Affected is an unknown code block. Upgrading to version 11.1 Build 11112 eliminates this vulnerability.
Auteur: VulDB

MISP prior 2.4.126 resolved_attributes.ctp cross site scripting

A vulnerability was found in MISP. It has been rated as problematic. This issue affects an unknown code of the file app/View/Events/resolved_attributes.ctp. Upgrading to version 2.4.126 eliminates this vulnerability.
Auteur: VulDB

Dragon Center 2.6.2003.2401 Privileges privilege escalation

A vulnerability was found in Dragon Center 2.6.2003.2401. It has been declared as critical. This vulnerability affects an unknown part of the component Privileges. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Open edX Ironwood 2.5 Studio CSV Injection privilege escalation

A vulnerability was found in Open edX Ironwood 2.5. It has been classified as critical. This affects some unknown functionality of the component Studio. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Open edX Ironwood 2.5 File Upload SVG File Stored cross site scripting

A vulnerability was found in Open edX Ironwood 2.5 and classified as problematic. Affected by this issue is an unknown functionality of the component File Upload. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Open edX Ironwood 2.5 Studio Code Execution

A vulnerability has been found in Open edX Ironwood 2.5 and classified as critical. Affected by this vulnerability is an unknown function of the component Studio. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Linux Kernel up to 5.6.13 configfs.c kstrdup information disclosure

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.6.13. Affected is the function kstrdup of the file drivers/usb/gadget/configfs.c. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

D-Link DSP-W215 1.26b03 Hash information disclosure

A vulnerability, which was classified as problematic, has been found in D-Link DSP-W215 1.26b03. This issue affects an unknown code block of the component Hash Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

D-Link DSP-W215 1.26b03 information disclosure [CVE-2020-13135]

A vulnerability classified as problematic was found in D-Link DSP-W215 1.26b03. This vulnerability affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Stashcat App up to 3.9.1 Server Log client_key/device_id information disclosure

A vulnerability classified as problematic has been found in Stashcat App up to 3.9.1. This affects an unknown part of the component Server Log. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Dolibarr up to 11.0.3 cross site scripting [CVE-2020-13094]

A vulnerability was found in Dolibarr up to 11.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality. Upgrading to version 11.0.4 eliminates this vulnerability.
Auteur: VulDB
First6789101112131415Last

Événements SSI