dimanche 26 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Big Switch Big Monitoring Fabric API Endpoint information disclosure

A vulnerability was found in Big Switch Big Monitoring Fabric, Big Cloud Fabric and Multi-Cloud Director (version unknown). It has been classified as problematic. Affected is some unknown processing of the component API Endpoint. There is no...
Auteur: VulDB

Ricoh Printer Driver on Windows privilege escalation [CVE-2019-19363]

A vulnerability was found in Ricoh Printer Driver on Windows (unknown version) and classified as critical. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SuSE Linux Enterprise Server 15 libzypp information disclosure

A vulnerability has been found in SuSE Linux Enterprise Server 15 and classified as problematic. This vulnerability affects an unknown code of the component libzypp. Applying a patch is able to eliminate this problem.
Auteur: VulDB

Microsoft Outlook on Android Email cross site scripting

A vulnerability, which was classified as critical, was found in Microsoft Outlook on Android (the affected version unknown). This affects an unknown part of the component Email Handler. Applying a patch is able to eliminate this problem. A...
Auteur: VulDB

Microsoft Windows up to Server 2019 User Profile Service Symlink privilege escalation

A vulnerability, which was classified as critical, has been found in Microsoft Windows (Operating System). Affected by this issue is some unknown functionality of the component User Profile Service. Applying a patch is able to eliminate this...
Auteur: VulDB

Cisco Releases Security Updates

Original release date: January 24, 2020Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive...
Auteur: US Cert

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

Original release date: January 24, 2020The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud...
Auteur: US Cert

CERTFR-2020-AVI-056 : Multiples vulnérabilités dans le noyau Linux de Red Hat (24 janvier 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la...
Auteur: Cert FR

Plone up to 5.2.1 privilege escalation [CVE-2020-7941]

A vulnerability was found in Plone up to 5.2.1. It has been rated as critical. This issue affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Plone up to 5.2.0 weak authentication [CVE-2020-7940]

A vulnerability was found in Plone up to 5.2.0. It has been declared as problematic. This vulnerability affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Plone up to 5.2.1 DTML sql injection

A vulnerability was found in Plone up to 5.2.1. It has been classified as critical. This affects an unknown code of the component DTML. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Plone 5.2.0/5.2.1 plone.restapi privilege escalation

A vulnerability was found in Plone 5.2.0/5.2.1 and classified as critical. Affected by this issue is an unknown part of the file plone.restapi. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Plone up to 5.2.1 title cross site scripting

A vulnerability has been found in Plone up to 5.2.1 and classified as problematic. Affected by this vulnerability is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Plone up to 5.2.1 Login Form Open Redirect

A vulnerability, which was classified as critical, was found in Plone up to 5.2.1. Affected is an unknown functionality of the component Login Form. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

JFrog Artifactory 5.x/6.x FreeMarker Template ssh/authorized_keys DefaultObjectWrapper Code Execution

A vulnerability, which was classified as critical, has been found in JFrog Artifactory 5.x/6.x. This issue affects the function DefaultObjectWrapper of the file ssh/authorized_keys of the component FreeMarker Template Handler. Applying a patch is...
Auteur: VulDB

CTFd up to 2.2.2 Registration auth.py register/reset_password privilege escalation

A vulnerability classified as critical was found in CTFd up to 2.2.2. This vulnerability affects the function register/reset_password of the file auth.py of the component Registration. There is no information about possible countermeasures known....
Auteur: VulDB

Hashicorp Vault Enterprise up to 1.3.1 unknown vulnerability

A vulnerability classified as problematic has been found in Hashicorp Vault Enterprise up to 1.3.1. Upgrading to version 1.3.2 eliminates this vulnerability.
Auteur: VulDB

Umbraco CMS 8.2.2 cross site request forgery [CVE-2020-7210]

A vulnerability was found in Umbraco CMS 8.2.2 (Content Management System). It has been rated as problematic. Affected by this issue is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 cross site scripting

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007. It has been declared as problematic. Affected by this vulnerability is an unknown part. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Philips Hue Bridge up to 2.x 1935144020 ZCL String Heap-based memory corruption

A vulnerability was found in Philips Hue Bridge up to 2.x 1935144020. It has been classified as critical. Affected is some unknown functionality of the component ZCL String Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

PrivateBin up to 1.2.0/1.2.1/1.3.0/1.3.1 Persistent cross site scripting

A vulnerability was found in PrivateBin up to 1.2.0/1.2.1/1.3.0/1.3.1 and classified as problematic. This issue affects an unknown functionality. Upgrading to version 1.2.2 or 1.3.2 eliminates this vulnerability.
Auteur: VulDB

secure_headers up to 3.7.x/5.0.x/6.1.x override_content_security_policy_directives SecureHeaders::OPT_OUT privilege escalation

A vulnerability has been found in secure_headers up to 3.7.x/5.0.x/6.1.x and classified as critical. This vulnerability affects the function SecureHeaders::OPT_OUT of the file append/override_content_security_policy_directives. Upgrading to...
Auteur: VulDB

secure_headers Gem up to 3.8.x/5.1.x/6.2.x on Ruby Newline privilege escalation

A vulnerability, which was classified as critical, was found in secure_headers Gem up to 3.8.x/5.1.x/6.2.x on Ruby (Ruby Gem). This affects some unknown processing. Upgrading to version 3.9.0, 5.2.0 or 6.3.0 eliminates this vulnerability.
Auteur: VulDB

Fortinet FortiOS up to 5.6.10/6.0.6/6.2.1 CLI Console Private Key information disclosure

A vulnerability, which was classified as problematic, has been found in Fortinet FortiOS up to 5.6.10/6.0.6/6.2.1 (Firewall Software). Affected by this issue is an unknown code block of the component CLI Console. The best possible mitigation is...
Auteur: VulDB

SuSE Linux Enterprise Server 15 munge privilege escalation

A vulnerability classified as critical was found in SuSE Linux Enterprise Server 15 (Operating System). Affected by this vulnerability is an unknown code of the component munge. There is no information about possible countermeasures known. It may...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS