Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Jenkins up to 2.218/LTS 2.204.1 REST API Endpoint Clickjacking privilege escalation

A vulnerability was found in Jenkins up to 2.218/LTS 2.204.1 (Continuous Integration Software). It has been classified as critical. Affected is an unknown code block of the component REST API Endpoint. There is no information about possible...
Auteur: VulDB

Jenkins up to 2.218/LTS 2.204.1 JVM Memory Usage Chart information disclosure

A vulnerability was found in Jenkins up to 2.218/LTS 2.204.1 (Continuous Integration Software) and classified as problematic. This issue affects an unknown code of the component JVM Memory Usage Chart. There is no information about possible...
Auteur: VulDB

Jenkins up to 2.218/LTS 2.204.1 Session Identifier information disclosure

A vulnerability has been found in Jenkins up to 2.218/LTS 2.204.1 (Continuous Integration Software) and classified as problematic. This vulnerability affects an unknown part of the component Session Identifier Handler. There is no information...
Auteur: VulDB

Jenkins up to 2.218/LTS 2.204.1 HMAC Timing information disclosure

A vulnerability, which was classified as problematic, was found in Jenkins up to 2.218/LTS 2.204.1 (Continuous Integration Software). This affects some unknown functionality of the component HMAC Handler. There is no information about possible...
Auteur: VulDB

Jenkins up to 2.218/LTS 2.204.1 Comparison Timing information disclosure

A vulnerability, which was classified as problematic, has been found in Jenkins up to 2.218/LTS 2.204.1. Affected by this issue is an unknown functionality of the component Comparison. There is no information about possible countermeasures known....
Auteur: VulDB

Jenkins up to 2.218/LTS 2.204.1 Service Port 33848 Amplification denial of service

A vulnerability classified as problematic was found in Jenkins up to 2.218/LTS 2.204.1. Affected by this vulnerability is an unknown function of the component Service Port 33848. Proper firewalling of udp/33848 is able to address this issue.
Auteur: VulDB

Jenkins up to 2.213/LTS 2.204.1 Inbound TCP Agent Protocol 3 Key information disclosure

A vulnerability classified as problematic has been found in Jenkins up to 2.213/LTS 2.204.1. Affected is some unknown processing of the component Inbound TCP Agent Protocol 3. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Wowza Streaming Engine 4.7.7/4.7.8 Installer privilege escalation

A vulnerability was found in Wowza Streaming Engine 4.7.7/4.7.8. It has been rated as critical. This issue affects an unknown code block of the file /usr/local/WowzaStreamingEngine/bin/ of the component Installer. There is no information about...
Auteur: VulDB

Wowza Streaming Engine 4.7.7 edit_adv.htm cross site scripting

A vulnerability was found in Wowza Streaming Engine 4.7.7. It has been declared as problematic. This vulnerability affects an unknown code of the file enginemanager/server/serversetup/edit_adv.htm. There is no information about possible...
Auteur: VulDB

StratoWowza Streaming Engine 4.7.7/4.7.8 edit.htm cross site request forgery

A vulnerability was found in StratoWowza Streaming Engine 4.7.7/4.7.8. It has been classified as problematic. This affects an unknown part of the file enginemanager/server/user/edit.htm. There is no information about possible countermeasures...
Auteur: VulDB

Netty up to 4.1.43 HttpObjectDecoder.java unknown vulnerability

A vulnerability was found in Netty up to 4.1.43 and classified as problematic. Affected by this issue is some unknown functionality of the file HttpObjectDecoder.java. Upgrading to version 4.1.44 eliminates this vulnerability.
Auteur: VulDB

Netty up to 4.1.43 HttpObjectDecoder.java HTTP Header unknown vulnerability

A vulnerability has been found in Netty up to 4.1.43 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file HttpObjectDecoder.java. Upgrading to version 4.1.44 eliminates this vulnerability.
Auteur: VulDB

D-Link DIR-859 1.05/1.06B01 Beta01 urn /htdocs/cgibin ssdpcgi() Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in D-Link DIR-859 1.05/1.06B01 Beta01 (Router Operating System). Affected is the function ssdpcgi() of the file /htdocs/cgibin of the component urn. There is no information about...
Auteur: VulDB

D-Link DIR-859 1.05 /htdocs/cgibin ssdpcgi() Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, has been found in D-Link DIR-859 1.05 (Router Operating System). This issue affects the function ssdpcgi() of the file /htdocs/cgibin. There is no information about possible countermeasures...
Auteur: VulDB

D-Link DIR-859 1.05/1.06B01 Beta01 urn /htdocs/cgibin ssdpcgi() Shell Metacharacter privilege escalation

A vulnerability classified as critical was found in D-Link DIR-859 1.05/1.06B01 Beta01. This vulnerability affects the function ssdpcgi() of the file /htdocs/cgibin of the component urn. There is no information about possible countermeasures...
Auteur: VulDB

sudo 1.8.29 pwfeedback tgetpass.c getln() Long String memory corruption

A vulnerability classified as very critical has been found in sudo 1.8.29. This affects the function getln() of the file tgetpass.c of the component pwfeedback. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

lsof Module 0.0.4 on npm exec command injection

A vulnerability was found in lsof Module 0.0.4 on npm. It has been rated as critical. Affected by this issue is the function exec. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

Tax Identity Theft Awareness Week

Original release date: January 29, 2020Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission (FTC) Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout...
Auteur: US Cert

CERTFR-2020-AVI-064 : Multiples vulnérabilités dans IBM Control Center (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans IBM Control Center. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-064 : Multiples vulnérabilités dans IBM Control Center (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans IBM Control Center. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-063 : Multiples vulnérabilités dans les produits Apple (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

CERTFR-2020-AVI-063 : Multiples vulnérabilités dans les produits Apple (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à...
Auteur: Cert FR

CERTFR-2020-AVI-062 : Multiples vulnérabilités dans Magento (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Magento. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-062 : Multiples vulnérabilités dans Magento (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Magento. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-061 : Multiples vulnérabilités dans Joomla! (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).

Auteur: Cert FR
First385386387388389390391392393394Last

Événements SSI