lundi 1 juin 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-319 : Multiples vulnérabilités dans les produits Fortinet (26 mai 2020)

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges et une injection de code indirecte à distance...
Auteur: Cert FR

Cybozu Desktop up to 2.0.40 on Windows Remote Code Execution

A vulnerability was found in Cybozu Desktop up to 2.0.40 on Windows. It has been classified as critical. This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Knock Knock Plugin up to 1.2.7 on Craft CMS Open Redirect [CVE-2020-13486]

A vulnerability was found in Knock Knock Plugin up to 1.2.7 on Craft CMS and classified as problematic. Affected by this issue is some unknown processing. Upgrading to version 1.2.8 eliminates this vulnerability.
Auteur: VulDB

Knock Knock Plugin up to 1.2.7 on Craft CMS IP Whitelist X-Forwarded-For privilege escalation

A vulnerability has been found in Knock Knock Plugin up to 1.2.7 on Craft CMS and classified as critical. Affected by this vulnerability is an unknown code block of the component IP Whitelist Handler. Upgrading to version 1.2.8 eliminates this...
Auteur: VulDB

EM-HTTP-Request 1.1.5 Library Eventmachine Certificate Man-in-the-Middle weak authentication

A vulnerability, which was classified as problematic, was found in EM-HTTP-Request 1.1.5. Affected is an unknown code of the component Library Eventmachine. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Image Resizer Plugin up to 2.0.8 on Craft CMS Bulk Resize Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Image Resizer Plugin up to 2.0.8 on Craft CMS. This issue affects an unknown part of the component Bulk Resize Handler. Upgrading to version 2.0.9 eliminates this...
Auteur: VulDB

Image Resizer Plugin up to 2.0.8 on Craft CMS cross site request forgery

A vulnerability classified as problematic was found in Image Resizer Plugin up to 2.0.8 on Craft CMS. This vulnerability affects some unknown functionality. Upgrading to version 2.0.9 eliminates this vulnerability.
Auteur: VulDB

DEXT5 up to 2.7.1402870 DEXT5Upload dext5handler.jsp PHP File privilege escalation

A vulnerability classified as critical has been found in DEXT5 up to 2.7.1402870. This affects an unknown functionality of the file dext5handler.jsp of the component DEXT5Upload. There is no information about possible countermeasures known. It...
Auteur: VulDB

VU#127371: iOS contains an unspecified kernel vulnerability

iOS contains an unspecified kernel vulnerability. This vulnerability can allow code execution with kernel privileges. This vulnerability is being used by the public unc0ver 5.0 jailbreak utility,which claims to support all devices from iOS 11...
Auteur: US Cert

La CNIL rend son avis sur les conditions de mise en œuvre de l’application « StopCovid »

La CNIL s’est prononcée le 25 mai 2020 sur un projet de décret relatif à « StopCovid », une application mobile mise à disposition des utilisateurs d’ordiphones (smartphones) par le Gouvernement afin de les alerter d’un risque de contamination au...
Auteur: Cnil

CERTFR-2020-CTI-005 : Le code malveillant Dridex : origines et usages (25 mai 2020)

Dridex est un code malveillant apparu en juin 2014 qui a connu de nombreuses évolutions dans ses fonctionnalités comme dans ses usages. Le rapport suivant fournit une …
Auteur: Cert FR

CERTFR-2020-IOC-003 : Le code malveillant Dridex (25 mai 2020)

Les marqueurs techniques suivants sont associés en source ouverte au code malveillant Dridex (voir la publication CERTFR-2020-CTI-005). Ils peuvent être utilisés à des …
Auteur: Cert FR

CERTFR-2020-AVI-318 : Multiples vulnérabilités dans le noyau Linux de SUSE (25 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

CERTFR-2020-AVI-317 : Multiples vulnérabilités dans Palo Alto PAN-OS (25 mai 2020)

De multiples vulnérabilités ont été découvertes dans Palo Alto PAN-OS. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-316 : [SCADA] Multiples vulnérabilités dans Schneider EcoStruxure Operator Terminal (25 mai 2020)

De multiples vulnérabilités ont été découvertes dans Schneider EcoStruxure Operator Terminal. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à l'intégrité des données.

Auteur: Cert FR

CERTFR-2020-AVI-315 : Vulnérabilité dans Apache Tomcat (25 mai 2020)

Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

ffjpeg up to 2020-02-24 bmp.c bmp_load memory corruption

A vulnerability was found in ffjpeg up to 2020-02-24. It has been rated as critical. Affected by this issue is the function bmp_load of the file bmp.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

ffjpeg up to 2020-02-24 jfif.c jfif_decode memory corruption

A vulnerability was found in ffjpeg up to 2020-02-24. It has been declared as critical. Affected by this vulnerability is the function jfif_decode of the file jfif.c. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

ffjpeg up to 2020-02-24 jfif.c jfif_encode information disclosure

A vulnerability was found in ffjpeg up to 2020-02-24. It has been classified as problematic. Affected is the function jfif_encode of the file jfif.c. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SQLite up to 3.32.0 expr.c sqlite3ExprCodeTarget memory corruption

A vulnerability was found in SQLite up to 3.32.0 and classified as critical. This issue affects the function sqlite3ExprCodeTarget of the file expr.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

SQLite up to 3.32.0 printf.c sqlite3_str_vappendf Integer memory corruption

A vulnerability has been found in SQLite up to 3.32.0 and classified as critical. This vulnerability affects the function sqlite3_str_vappendf of the file printf.c. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Jason2605 AdminPanel 4.0 editPlayer.php hidden sql injection

A vulnerability, which was classified as critical, was found in Jason2605 AdminPanel 4.0. This affects some unknown functionality of the file editPlayer.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Grafana up to 6.x OpenTSDB Datasource cross site scripting

A vulnerability, which was classified as problematic, has been found in Grafana up to 6.x. Affected by this issue is an unknown functionality of the component OpenTSDB Datasource Handler. Upgrading to version 7.0.0 eliminates this vulnerability.
Auteur: VulDB

piechart-panel up to 1.4.x on Grafana Values cross site scripting

A vulnerability classified as problematic was found in piechart-panel up to 1.4.x on Grafana. Affected by this vulnerability is an unknown function. Upgrading to version 1.5.0 eliminates this vulnerability.
Auteur: VulDB

TrackR up to 2020-05-06 Alarm denial of service

A vulnerability classified as problematic has been found in TrackR up to 2020-05-06. Affected is some unknown processing of the component Alarm Handler. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB
First9101112131415161718Last

Événements SSI