Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-061 : Multiples vulnérabilités dans Joomla! (29 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Joomla!. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et une injection de requêtes illégitimes par rebond (CSRF).

Auteur: Cert FR

CERTFR-2020-CTI-001 : État de la menace rançongiciel à l’encontre des entreprises et institutions (29 janvier 2020)

  Un rançongiciel est un code malveillant empêchant la victime d’accéder au contenu de ses fichiers afin de lui extorquer de l’argent. Historiquement, les …
Auteur: Cert FR

CERTFR-2020-CTI-001 : État de la menace rançongiciel à l’encontre des entreprises et institutions (29 janvier 2020)

  Un rançongiciel est un code malveillant empêchant la victime d’accéder au contenu de ses fichiers afin de lui extorquer de l’argent. Historiquement, les …
Auteur: Cert FR

Linux Kernel up to 5.4 fs/namei.c may_create_in_sticky memory corruption

A vulnerability was found in Linux Kernel up to 5.4 (Operating System). It has been declared as critical. Affected by this vulnerability is the function may_create_in_sticky of the file fs/namei.c. Upgrading to version 5.5 eliminates this...
Auteur: VulDB

elementor Plugin up to 2.8.4 on WordPress elementor-system-info Page Reflected cross site scripting

A vulnerability was found in elementor Plugin up to 2.8.4 on WordPress (WordPress Plugin). It has been classified as problematic. Affected is an unknown functionality of the component elementor-system-info Page. Upgrading to version 2.8.5...
Auteur: VulDB

Cups Easy 1.0 userdelete.php cross site request forgery

A vulnerability was found in Cups Easy 1.0 (Printing Software) and classified as problematic. This issue affects an unknown function of the file userdelete.php. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Cups Easy 1.0 passwordmychange.php cross site request forgery

A vulnerability has been found in Cups Easy 1.0 (Printing Software) and classified as problematic. This vulnerability affects some unknown processing of the file passwordmychange.php. There is no information about possible countermeasures known....
Auteur: VulDB

Joomla CMS up to 3.9.14 com_actionlogs Username cross site scripting

A vulnerability, which was classified as problematic, was found in Joomla CMS up to 3.9.14 (Content Management System). This affects an unknown code block of the component com_actionlogs. Upgrading to version 3.9.15 eliminates this vulnerability.
Auteur: VulDB

Joomla CMS up to 3.9.14 com_templates cross site request forgery

A vulnerability, which was classified as problematic, has been found in Joomla CMS up to 3.9.14. Affected by this issue is an unknown code of the component com_templates. Upgrading to version 3.9.15 eliminates this vulnerability.
Auteur: VulDB

Joomla CMS up to 3.9.14 Batch Action cross site request forgery

A vulnerability classified as problematic was found in Joomla CMS up to 3.9.14. Affected by this vulnerability is an unknown part of the component Batch Action Handler. Upgrading to version 3.9.15 eliminates this vulnerability.
Auteur: VulDB

Code Snippets Plugin up to 2.13.x on WordPress Import Menu cross site request forgery

A vulnerability classified as problematic has been found in Code Snippets Plugin up to 2.13.x on WordPress. Affected is some unknown functionality of the component Import Menu. Upgrading to version 2.14.0 eliminates this vulnerability.
Auteur: VulDB

CPython up to 3.8.1 on Windows 7 Dependency Load api-ms-win-core-path-l1-1-0.dll unknown vulnerability

A vulnerability was found in CPython on Windows 7 (Programming Language Software). It has been rated as critical. This issue affects an unknown functionality in the library api-ms-win-core-path-l1-1-0.dll of the component Dependency Load Handler....
Auteur: VulDB

OpenJPEG up to 2020-01-28 openjp2/t1.c opj_t1_clbl_decode_processor qmfbid memory corruption

A vulnerability was found in OpenJPEG up to 2020-01-28 (Image Processing Software). It has been declared as critical. This vulnerability affects the function opj_t1_clbl_decode_processor of the file openjp2/t1.c. There is no information about...
Auteur: VulDB

mod_auth_ldap/mod_auth_ldap2 up to 2020-01-27 Prosody is_admin() XMPP Address privilege escalation

A vulnerability was found in mod_auth_ldap and mod_auth_ldap2 up to 2020-01-27 (Directory Service Software). It has been classified as critical. This affects the function is_admin() of the component Prosody. There is no information about possible...
Auteur: VulDB

Liferay Portal CE up to 7.2.1 MyAccountPortlet First Name/Middle Name/Last Nam Persistent cross site scripting

A vulnerability was found in Liferay Portal CE up to 7.2.1 and classified as problematic. Affected by this issue is an unknown code block of the component MyAccountPortlet. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

FusionAuth up to 1.10.x E-Mail Template OS Command Injection privilege escalation

A vulnerability has been found in FusionAuth up to 1.10.x and classified as critical. Affected by this vulnerability is an unknown code of the component E-Mail Template Handler. Upgrading to version 1.11.0 eliminates this vulnerability.
Auteur: VulDB

Feedgen up to 0.8.x XML denial of service

A vulnerability, which was classified as problematic, was found in Feedgen up to 0.8.x. Affected is an unknown part of the component XML Handler. Upgrading to version 0.9.0 eliminates this vulnerability.
Auteur: VulDB

TensorFlow up to 1.15.1/2.0.0 Eager Mode String Segmentation Fault denial of service

A vulnerability, which was classified as problematic, has been found in TensorFlow up to 1.15.1/2.0.0. This issue affects some unknown functionality of the component Eager Mode. Upgrading to version 1.15.1, 2.0.1 or 2.1.0 eliminates this...
Auteur: VulDB

NetHack up to 3.6.4 Configuration Configuration File memory corruption

A vulnerability classified as critical was found in NetHack up to 3.6.4. This vulnerability affects an unknown functionality of the component Configuration Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

NetHack up to 3.6.4 Configuration SYMBOL memory corruption

A vulnerability classified as critical has been found in NetHack up to 3.6.4. This affects an unknown function of the component Configuration Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

NetHack up to 3.6.4 Configuration MENUCOLOR memory corruption

A vulnerability was found in NetHack up to 3.6.4. It has been rated as critical. Affected by this issue is some unknown processing of the component Configuration Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

NetHack up to 3.6.4 Configuration AUTOCOMPLETE memory corruption

A vulnerability was found in NetHack up to 3.6.4. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Configuration Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

NetHack up to 3.6.4 Options -w memory corruption

A vulnerability was found in NetHack up to 3.6.4. It has been classified as critical. Affected is an unknown code of the component Options Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

NetHack up to 3.6.4 Options -de/-i memory corruption

A vulnerability was found in NetHack up to 3.6.4 and classified as critical. This issue affects an unknown part of the component Options Handler. Upgrading to version 3.6.5 eliminates this vulnerability.
Auteur: VulDB

IBM Watson IoT Message Gateway 2.0.0.x/5.0.0.0/5.0.0.1/5.0.0.2 HTTP Request memory corruption

A vulnerability has been found in IBM Watson IoT Message Gateway 2.0.0.x/5.0.0.0/5.0.0.1/5.0.0.2 and classified as critical. This vulnerability affects some unknown functionality. There is no information about possible countermeasures known. It...
Auteur: VulDB
First386387388389390391392393394395Last

Événements SSI