samedi 30 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM Spectrum Scale up to 5.0.4.4 weak encryption [CVE-2020-4350]

A vulnerability was found in IBM Spectrum Scale up to 5.0.4.4. It has been classified as problematic. Affected is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

IBM Spectrum Scale up to 5.0.4.4 weak encryption [CVE-2020-4349]

A vulnerability was found in IBM Spectrum Scale up to 5.0.4.4 and classified as problematic. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

IBM Spectrum Scale up to 4.2.3.21/5.0.4.4 GUI privilege escalation

A vulnerability has been found in IBM Spectrum Scale up to 4.2.3.21/5.0.4.4 and classified as critical. This vulnerability affects an unknown functionality of the component GUI. There is no information about possible countermeasures known. It may...
Auteur: VulDB

IBM MobileFirst Platform Foundation 8.0.0.0 URL Log information disclosure

A vulnerability, which was classified as problematic, was found in IBM MobileFirst Platform Foundation 8.0.0.0. This affects an unknown function of the component URL Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Fork up to 5.8.2 navigation_title/title cross site scripting

A vulnerability, which was classified as problematic, has been found in Fork up to 5.8.2. Affected by this issue is some unknown processing. Upgrading to version 5.8.3 eliminates this vulnerability.
Auteur: VulDB

SQLite up to 3.31.x ext/fts3/fts3_snippet.c matchinfo() denial of service

A vulnerability classified as problematic was found in SQLite up to 3.31.x. Affected by this vulnerability is the function matchinfo() of the file ext/fts3/fts3_snippet.c. Upgrading to version 3.32.0 eliminates this vulnerability.
Auteur: VulDB

SQLite up to 3.31.x Virtual Table alter.c privilege escalation

A vulnerability classified as critical has been found in SQLite up to 3.31.x. Affected is an unknown code of the file alter.c of the component Virtual Table Handler. Upgrading to version 3.32.0 eliminates this vulnerability.
Auteur: VulDB

SQLite up to 3.31.x Snippet ext/fts3/fts3.c fts3EvalNextRow sql injection

A vulnerability was found in SQLite up to 3.31.x. It has been rated as critical. This issue affects the function fts3EvalNextRow of the file ext/fts3/fts3.c of the component Snippet Handler. Upgrading to version 3.32.0 eliminates this...
Auteur: VulDB

Centreon host-monitoring Widget toolbar.php widgetId cross site scripting

A vulnerability was found in Centreon host-monitoring Widget, service-monitoring Widget and tactical-overview Widget (the affected version is unknown). It has been declared as problematic. This vulnerability affects some unknown functionality of...
Auteur: VulDB

Centreon host-monitoring Widget index.php widgetId cross site scripting

A vulnerability was found in Centreon host-monitoring Widget, service-monitoring Widget and tactical-overview Widget (the affected version unknown). It has been classified as problematic. This affects an unknown functionality of the file...
Auteur: VulDB

JerryScript 2.2.0 Proxy Memory Consumption denial of service

A vulnerability was found in JerryScript 2.2.0 and classified as problematic. Affected by this issue is an unknown function of the component Proxy Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

JerryScript 2.2.0 Assertion denial of service

A vulnerability has been found in JerryScript 2.2.0 and classified as problematic. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SmartDraw 2020 27.0.0.0 Installer SDNotify.exe privilege escalation

A vulnerability, which was classified as critical, was found in SmartDraw 2020 27.0.0.0. Affected is an unknown code block of the file 2020\Messages\SDNotify.exe of the component Installer. There is no information about possible countermeasures...
Auteur: VulDB

QEMU 4.2.0 hw/sd/sd.c sdhci_write() information disclosure

A vulnerability, which was classified as problematic, has been found in QEMU 4.2.0 (Virtualization Software). This issue affects the function sdhci_write() of the file hw/sd/sd.c. There is no information about possible countermeasures known. It...
Auteur: VulDB

Anchore Engine 0.7.0 Container Image Manifest API Request privilege escalation

A vulnerability classified as critical was found in Anchore Engine 0.7.0. This vulnerability affects an unknown part of the component Container Image Manifest Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

aegir up to 21.10.0 Environment Variable information disclosure

A vulnerability classified as problematic has been found in aegir up to 21.10.0. This affects some unknown functionality. Upgrading to version 21.10.1 eliminates this vulnerability.
Auteur: VulDB

Centreon host-monitoring Widget index.php page cross site scripting

A vulnerability was found in Centreon host-monitoring Widget, service-monitoring Widget and tactical-overview Widget (affected version not known). It has been rated as problematic. Affected by this issue is an unknown functionality of the file...
Auteur: VulDB

Centreon up to 19.10.6 Session ID information disclosure

A vulnerability was found in Centreon up to 19.10.6. It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Session ID Handler. Upgrading to version 19.10.7 eliminates this vulnerability.
Auteur: VulDB

sympa up to 6.2.55 privilege escalation [CVE-2020-10936]

A vulnerability was found in sympa up to 6.2.55. It has been classified as critical. Affected is some unknown processing. Upgrading to version 6.2.56 eliminates this vulnerability.
Auteur: VulDB

oddjob Package up to 0.34.4 mkhomedir Tool /etc/skel privilege escalation

A vulnerability was found in oddjob Package up to 0.34.4 and classified as problematic. This issue affects an unknown code block of the file /etc/skel of the component mkhomedir Tool. Upgrading to version 0.34.5 eliminates this vulnerability.
Auteur: VulDB

Linux Kernel up to 5.1 tw5864-video.c tw5864_handle_frame denial of service

A vulnerability has been found in Linux Kernel up to 5.1 (Operating System) and classified as problematic. This vulnerability affects the function tw5864_handle_frame of the file drivers/media/pci/tw5864/tw5864-video.c. Upgrading to version 5.2...
Auteur: VulDB

Contrôle du blocage administratif des sites : la personnalité qualifiée présente son 5ème rapport d’activité

M. Alexandre LINDEN, personnalité qualifiée désignée pour opérer le contrôle du blocage administratif des sites provoquant à des actes de terrorisme ou en faisant l’apologie, ou à caractère pédopornographique, présente son 5ème rapport d’activité...
Auteur: Cnil

CERTFR-2020-AVI-322 : Multiples vulnérabilités dans OpenSSH (27 mai 2020)

De multiples vulnérabilités ont été découvertes dans OpenSSH. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2020-AVI-321 : Multiples vulnérabilités dans les produits Apple (27 mai 2020)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique...
Auteur: Cert FR

Kantech EntraPass privilege escalation [CVE-2020-9046]

A vulnerability, which was classified as critical, was found in Kantech EntraPass (the affected version unknown). This affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
First78910111213141516Last

Événements SSI