samedi 4 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Moodle up to 3.5.8/3.6.6/3.7.2 OAuth2 weak authentication

A vulnerability has been found in Moodle up to 3.5.8/3.6.6/3.7.2 (Learning Management Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the component OAuth2 Handler. Upgrading to version 3.5.9,...
Auteur: VulDB

ZyXEL XGS2210-52HP 4.50 rpSys.html Name/Location cross site scripting

A vulnerability, which was classified as problematic, was found in ZyXEL XGS2210-52HP 4.50. Affected is an unknown functionality of the file rpSys.html. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

pki-core 10.x.x Token Processing Service Parameter Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in pki-core 10.x.x. This issue affects an unknown function of the component Token Processing Service. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Salariés en télétravail : quelles sont les bonnes pratiques à suivre ?

La pandémie du coronavirus (COVID-19) a incité de nombreuses entreprises à mettre en place des solutions de télétravail. Si vous êtes concerné(e) par ce type de dispositif, vous devez suivre quelques règles pour garantir votre propre sécurité et...
Auteur: Cnil

Les conseils de la CNIL pour mettre en place du télétravail

Dans le contexte du COVID-19, le télétravail est une solution qui doit s'accompagner de mesures de sécurités renforcées pour garantir la sécurité des systèmes d'information et des données traitées. La CNIL publie des recommandations pour aider à...
Auteur: Cnil

CERTFR-2020-AVI-179 : Vulnérabilité dans les produits Red Hat (31 mars 2020)

Une vulnérabilité a été découverte dans plusieurs produits de Red Hat. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-178 : Vulnérabilité dans le noyau Linux d’Ubuntu (31 mars 2020)

Une vulnérabilité a été découverte dans le noyau Linux de Ubuntu . Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

Versiant LYNX Customer Service Portal 3.5.2 Stored cross site scripting

A vulnerability classified as problematic was found in Versiant LYNX Customer Service Portal 3.5.2 (Web Browser). This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Zoho ManageEngine Desktop Central PDFGenerationServlet information disclosure

A vulnerability classified as problematic has been found in Zoho ManageEngine Desktop Central (Endpoint Management Software) (the affected version unknown). This affects an unknown code block of the component PDFGenerationServlet. There is no...
Auteur: VulDB

http-client up to 1.2.10/1.3.1 Request Header Injection unknown vulnerability

A vulnerability was found in http-client up to 1.2.10/1.3.1. It has been rated as problematic. Upgrading to version 1.2.11 or 1.3.2 eliminates this vulnerability.
Auteur: VulDB

bson up to 1.1.3 Deserialization unknown vulnerability [CVE-2020-7610]

A vulnerability was found in bson up to 1.1.3. It has been declared as problematic. Upgrading to version 1.1.4 eliminates this vulnerability.
Auteur: VulDB

com.gradle.plugin-publish up to 0.10.x Log File information disclosure

A vulnerability was found in com.gradle.plugin-publish up to 0.10.x. It has been classified as problematic. Affected is some unknown functionality of the component Log File Handler. Upgrading to version 0.11.0 eliminates this vulnerability.
Auteur: VulDB

Grandstream UCM6200 up to 1.0.20 CTI Server sql injection

A vulnerability was found in Grandstream UCM6200 up to 1.0.20 and classified as critical. This issue affects an unknown functionality of the component CTI Server. Upgrading to version 1.0.20.22 eliminates this vulnerability.
Auteur: VulDB

Grandstream UCM6200 up to 1.0.20 HTTP Server sql injection

A vulnerability has been found in Grandstream UCM6200 up to 1.0.20 and classified as critical. This vulnerability affects an unknown function of the component HTTP Server. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Grandstream UCM6200 up to 1.0.20 HTTP Server sql injection

A vulnerability, which was classified as critical, was found in Grandstream UCM6200 up to 1.0.20. This affects some unknown processing of the component HTTP Server. Upgrading to version 1.0.20.22 eliminates this vulnerability.
Auteur: VulDB

UCM6200 up to 1.0.20.22 weak encryption [CVE-2020-5723]

A vulnerability, which was classified as critical, has been found in UCM6200 up to 1.0.20.22. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Elide up to 4.5.13 privilege escalation [CVE-2020-5289]

A vulnerability classified as critical was found in Elide up to 4.5.13. Affected by this vulnerability is an unknown code. Upgrading to version 4.5.14 eliminates this vulnerability.
Auteur: VulDB

Next.js up to 9.3.1 directory traversal [CVE-2020-5284]

A vulnerability classified as critical has been found in Next.js up to 9.3.1 (JavaScript Library). Affected is an unknown part. Upgrading to version 9.3.2 eliminates this vulnerability.
Auteur: VulDB

Symfony security-http up to 4.4.6/5.0.6 Rule privilege escalation

A vulnerability was found in Symfony security-http up to 4.4.6/5.0.6. It has been rated as critical. This issue affects some unknown functionality of the component Rule Handler. Upgrading to version 4.4.7 or 5.0.7 eliminates this vulnerability.
Auteur: VulDB

Symfony up to 4.4.4/5.0.4 Exception information disclosure

A vulnerability was found in Symfony up to 4.4.4/5.0.4. It has been declared as problematic. This vulnerability affects an unknown functionality of the component Exception Handler. Upgrading to version 4.4.5 or 5.0.5 eliminates this vulnerability.
Auteur: VulDB

Symfony up to 4.4.6 Response Content-Type denial of service

A vulnerability was found in Symfony up to 4.4.6. It has been classified as problematic. This affects an unknown function of the component Response Handler. Upgrading to version 4.4.7 eliminates this vulnerability.
Auteur: VulDB

Responsive FileManager up to 9.14.0 dialog.php $_SESSION['RF']['view_type'] cross site scripting

A vulnerability was found in Responsive FileManager up to 9.14.0 and classified as problematic. Affected by this issue is some unknown processing of the file dialog.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

USC iLab Cereal up to 1.3.0 Cache std::shared_ptr Variable unknown vulnerability

A vulnerability has been found in USC iLab Cereal up to 1.3.0 and classified as critical. Affected by this vulnerability is the function std::shared_ptr of the component Cache Handler. There is no information about possible countermeasures known....
Auteur: VulDB

USC iLab Cereal up to 1.3.0 Serialization Variable Stack-based memory corruption

A vulnerability, which was classified as critical, was found in USC iLab Cereal up to 1.3.0. Affected is an unknown code of the component Serialization. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

OSSN up to 5.3 Permission ossn_com.php rand() directory traversal

A vulnerability, which was classified as problematic, has been found in OSSN up to 5.3. This issue affects the function rand() in the library libraries/ossn.lib.upgrade.php of the file components/OssnComments/ossn_com.php of the component...
Auteur: VulDB
First9101112131415161718Last

Événements SSI