jeudi 27 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2019-AVI-481 : Multiples vulnérabilités dans les produits Cisco (03 octobre 2019)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une élévation de privilèges.

Auteur: Cert FR

Cisco Unified Communications Manager Web-based Interface cross site request forgery

A vulnerability, which was classified as problematic, has been found in Cisco Unified Communications Manager, Unified Communications Manager Session Management Edition, Unified Communications Manager IM and Presence and Unity Connection (Unified...
Auteur: VulDB

JetBrains ReSharper Installer up to 2019.1 DLL privilege escalation

A vulnerability classified as problematic was found in JetBrains ReSharper Installer up to 2019.1. Affected by this vulnerability is an unknown functionality of the component DLL Handler. Upgrading to version 2019.2 eliminates this vulnerability.
Auteur: VulDB

JetBrains YouTrack up to 2019.2.56594 Issue Page Stored cross site scripting

A vulnerability classified as problematic has been found in JetBrains YouTrack up to 2019.2.56594. Affected is an unknown function of the component Issue Page. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Cisco Unified Communications Manager Web-based Interface HTTP Request privilege escalation

A vulnerability was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition (Unified Communication Software) (unknown version). It has been rated as critical. This issue affects some unknown...
Auteur: VulDB

Cisco Unified Contact Center Express Web Server Response Splitting privilege escalation

A vulnerability was found in Cisco Unified Contact Center Express (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block of the component Web Server. Upgrading eliminates this...
Auteur: VulDB

Cisco ASA/Firepower Threat Defense IKEv1 denial of service

A vulnerability was found in Cisco ASA and Firepower Threat Defense (Firewall Software) (the affected version unknown). It has been classified as problematic. This affects an unknown code of the component IKEv1 Handler. Upgrading eliminates this...
Auteur: VulDB

JetBrains YouTrack prior 2019.1 Settings Page cross site request forgery

A vulnerability was found in JetBrains YouTrack and classified as problematic. Affected by this issue is an unknown part of the component Settings Page. Upgrading to version 2019.1 eliminates this vulnerability.
Auteur: VulDB

JetBrains TeamCity 2018.2.4 Settings Page cross site scripting

A vulnerability has been found in JetBrains TeamCity 2018.2.4 and classified as problematic. Affected by this vulnerability is some unknown functionality of the component Settings Page. Upgrading to version 2019.1 eliminates this vulnerability.
Auteur: VulDB

JetBrains TeamCity 2018.2.4 Command privilege escalation

A vulnerability, which was classified as critical, was found in JetBrains TeamCity 2018.2.4. Affected is an unknown functionality. Upgrading to version 2018.2.5 or 2019.1 eliminates this vulnerability.
Auteur: VulDB

JetBrains ToolBox prior 1.15.5605 URL Cleartext weak encryption

A vulnerability, which was classified as critical, has been found in JetBrains ToolBox. This issue affects an unknown function of the component URL Handler. Upgrading to version 1.15.5605 eliminates this vulnerability.
Auteur: VulDB

JetBrains PyCharm up to 2019.1 Connection memory corruption

A vulnerability classified as critical was found in JetBrains PyCharm up to 2019.1. This vulnerability affects some unknown processing of the component Connection Handler. Upgrading to version 2019.2 eliminates this vulnerability.
Auteur: VulDB

JetBrains YouTrack prior 2019.2.53938 Permission privilege escalation

A vulnerability classified as critical has been found in JetBrains YouTrack. This affects an unknown code block of the component Permission. Upgrading to version 2019.2.53938 eliminates this vulnerability.
Auteur: VulDB

Umbraco 7.3.8 GetInpectSearch nodeName sql injection

A vulnerability was found in Umbraco 7.3.8. It has been rated as critical. Affected by this issue is the function GetInpectSearch. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

JetBrains Ktor Framework up to 1.1.x UserHashedTableAuth weak encryption

A vulnerability was found in JetBrains Ktor Framework up to 1.1.x. It has been declared as critical. Affected by this vulnerability is the function UserHashedTableAuth. Upgrading to version 1.2.0-rc eliminates this vulnerability.
Auteur: VulDB

JetBrains Ktor Framework up to 1.1.x LDAP Username command injection

A vulnerability was found in JetBrains Ktor Framework up to 1.1.x. It has been classified as critical. Affected is some unknown functionality of the component LDAP Handler. Upgrading to version 1.2.0-rc eliminates this vulnerability.
Auteur: VulDB

Cisco Unified Communications Manager Web-based Interface cross site scripting

A vulnerability was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition (Unified Communication Software) (unknown version) and classified as problematic. This issue affects an unknown...
Auteur: VulDB

Cisco Unified Communications Manager Web-based Interface cross site scripting

A vulnerability has been found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition (Unified Communication Software) (the affected version is unknown) and classified as problematic. This...
Auteur: VulDB

Cisco IC3000 Industrial Compute Gateway Web-based Management Interface denial of service

A vulnerability, which was classified as problematic, was found in Cisco IC3000 Industrial Compute Gateway (the affected version unknown). This affects some unknown processing of the component Web-based Management Interface. Upgrading eliminates...
Auteur: VulDB

Cisco Prime Infrastructure Web-based Management Interface cross site scripting

A vulnerability, which was classified as problematic, has been found in Cisco Prime Infrastructure (Network Management Software) (affected version not known). Affected by this issue is an unknown code block of the component Web-based Management...
Auteur: VulDB

Cisco Prime Infrastructure Web-based Management Interface cross site scripting

A vulnerability classified as problematic was found in Cisco Prime Infrastructure (Network Management Software) (affected version unknown). Affected by this vulnerability is an unknown code of the component Web-based Management Interface....
Auteur: VulDB

Cisco Unified Communications Manager Web-based Interface XML External Entity

A vulnerability classified as critical has been found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition (Unified Communication Software) (version unknown). Affected is an unknown part of the...
Auteur: VulDB

Cisco Unified Communications Manager Web-based Interface sql injection

A vulnerability was found in Cisco Unified Communications Manager (Unified Communication Software) (unknown version). It has been rated as critical. This issue affects some unknown functionality of the component Web-based Interface. Upgrading...
Auteur: VulDB

Cisco Unified Communications Web-based Interface cross site scripting

A vulnerability was found in Cisco Unified Communications (Unified Communication Software) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown functionality of the component Web-based...
Auteur: VulDB

Cisco Email Security Appliance Sender Policy Framework Messages privilege escalation

A vulnerability was found in Cisco Email Security Appliance (Anti-Malware Software) (the affected version unknown). It has been classified as critical. This affects an unknown function of the component Sender Policy Framework. Upgrading...
Auteur: VulDB
First283284285286287288289290291292Last

Événements SSI