lundi 25 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Linux Kernel up to 5.6 SELinux Subsystem ebitmap_netlbl_import denial of service

A vulnerability classified as problematic was found in Linux Kernel up to 5.6. This vulnerability affects the function ebitmap_netlbl_import of the component SELinux Subsystem. Upgrading to version 5.7 eliminates this vulnerability.
Auteur: VulDB

Puma Gem up to 3.12.5/4.3.4 on Ruby privilege escalation [CVE-2020-11077]

A vulnerability, which was classified as critical, was found in Puma Gem up to 3.12.5/4.3.4 on Ruby. Affected is an unknown part. Upgrading to version 3.12.6 or 4.3.5 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-314 : Vulnérabilité dans Microsoft Edge (22 mai 2020)

Une vulnérabilité a été découverte dans Microsoft Edge. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-313 : Multiples vulnérabilités dans les produits Cisco (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-312 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-311 : Multiples vulnérabilités dans le noyau Linux de Red Hat (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-310 : Multiples vulnérabilités dans Drupal (22 mai 2020)

De multiples vulnérabilités ont été découvertes dans Drupal. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

CERTFR-2020-AVI-309 : Vulnérabilité dans Apple Xcode (22 mai 2020)

Une vulnérabilité a été découverte dans Apple Xcode. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

Cisco AMP for Endpoints Linux Crafted Packet memory corruption

A vulnerability classified as critical has been found in Cisco AMP for Endpoints Linux and AMP for Endpoints Mac Connector (the affected version unknown). This affects an unknown function. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco AMP for Endpoints Linux Crafted Packet memory corruption

A vulnerability was found in Cisco AMP for Endpoints Linux and AMP for Endpoints Mac Connector (affected version not known). It has been rated as critical. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco AMP for Endpoints Mac Connector Scan Engine Crash denial of service

A vulnerability was found in Cisco AMP for Endpoints Mac Connector (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown code block of the component Scan Engine. Upgrading eliminates this...
Auteur: VulDB

CERTFR-2020-AVI-308 : Vulnérabilité dans Fortinet FortiAnalyzer et FortiManager (22 mai 2020)

Une vulnérabilité a été découverte dans Fortinet FortiAnalyzer et FortiManager. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Cisco Unified Contact Center Express Java Remote Management Interface Serialized Java Object privilege escalation

A vulnerability was found in Cisco Unified Contact Center Express (version unknown). It has been classified as critical. Affected is an unknown code of the component Java Remote Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Prime Network Registrar DHCP Server DHCP Request Restart denial of service

A vulnerability was found in Cisco Prime Network Registrar (unknown version) and classified as problematic. This issue affects an unknown part of the component DHCP Server. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Prime Collaboration Provisioning Web-based Management Interface sql injection

A vulnerability has been found in Cisco Prime Collaboration Provisioning (Groupware Software) (the affected version is unknown) and classified as critical. This vulnerability affects some unknown functionality of the component Web-based...
Auteur: VulDB

Monstra CMS 3.0.4 index.php PHP File privilege escalation

A vulnerability, which was classified as critical, was found in Monstra CMS 3.0.4 (Content Management System). This affects an unknown functionality of the file admin/index.php?id=filesmanager. There is no information about possible...
Auteur: VulDB

Huawei TC5200-16 weak encryption [CVE-2020-9069]

A vulnerability, which was classified as problematic, has been found in Huawei Anne-AL00, Berkeley-L09, CD16-10, CD17-10, CD17-16, CD18-10, CD18-16, Columbia-TL00B, E6878-370, Honor 10 Lite, LelandP-L22A and TC5200-16. Affected by this issue is...
Auteur: VulDB

Software House CURE 9000 2.70 Installation Credentials information disclosure

A vulnerability classified as problematic was found in Software House CURE 9000 2.70. Affected by this vulnerability is some unknown processing of the component Installation Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Element OS/HealthTools information disclosure [CVE-2020-8572]

A vulnerability classified as problematic has been found in Element OS and HealthTools (version unknown). Affected is an unknown code block. Upgrading eliminates this vulnerability.
Auteur: VulDB

RAONWIZ K Upload up to 2018.0.2.51 Automatic Update Argument privilege escalation

A vulnerability was found in RAONWIZ K Upload up to 2018.0.2.51. It has been rated as critical. This issue affects an unknown code of the component Automatic Update. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

netius up to 1.17.57 Header Parsing HTTP Request Request Smuggling privilege escalation

A vulnerability was found in netius up to 1.17.57. It has been declared as critical. This vulnerability affects an unknown part of the component Header Parsing. Upgrading to version 1.17.58 eliminates this vulnerability.
Auteur: VulDB

Druva inSync Windows Client 6.6.3 directory traversal [CVE-2020-5752]

A vulnerability was found in Druva inSync Windows Client 6.6.3. It has been classified as critical. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Huawei E6878-370 Use-After-Free memory corruption [CVE-2020-1799]

A vulnerability was found in Huawei E6878-370 10.0.3.1(H557SP27C233)/10.0.3.1(H563SP1C00)/10.0.3.1(H563SP1C233) and classified as critical. Affected by this issue is an unknown functionality. There is no information about possible countermeasures...
Auteur: VulDB

Contentful up to 2020-05-21 the-example-app.py api cross site scripting

A vulnerability has been found in Contentful up to 2020-05-21 and classified as problematic. Affected by this vulnerability is an unknown function of the file the-example-app.py. There is no information about possible countermeasures known. It...
Auteur: VulDB

libexif up to 0.6.21 Canon EXIF MakerNote denial of service

A vulnerability, which was classified as problematic, was found in libexif up to 0.6.21. Affected is some unknown processing of the component Canon EXIF MakerNote Handler. Upgrading to version 0.6.22 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI