Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

cloud-init up to 19.4 cc_set_passwords.py rand_user_password pwlen weak authentication

A vulnerability has been found in cloud-init up to 19.4 and classified as problematic. Affected by this vulnerability is the function rand_user_password of the file cloudinit/config/cc_set_passwords.py. There is no information about possible...
Auteur: VulDB

cloud-init up to 19.4 Mersenne Twister cloudinit/util.py rand_str weak encryption

A vulnerability, which was classified as critical, was found in cloud-init up to 19.4 (Cloud Software). Affected is the function rand_str of the file cloudinit/util.py of the component Mersenne Twister Handler. There is no information about...
Auteur: VulDB

oneup uploader-bundle up to 1.9.2/2.1.4 File Upload privilege escalation

A vulnerability, which was classified as critical, has been found in oneup uploader-bundle up to 1.9.2/2.1.4. This issue affects an unknown code. Upgrading to version 1.9.3 or 2.1.5 eliminates this vulnerability.
Auteur: VulDB

ipmitool up to 1.8.18 Code Execution memory corruption

A vulnerability classified as critical was found in ipmitool up to 1.8.18. This vulnerability affects an unknown part. Upgrading to version 1.8.19 eliminates this vulnerability.
Auteur: VulDB

Google Releases Security Updates for Chrome

Original release date: February 5, 2020Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The...
Auteur: US Cert

CERTFR-2020-IOC-001 : Rançongiciel Maze et groupe d’attaquants TA2101 (05 février 2020)

Les marqueurs techniques suivants sont associés en source ouverte au groupe d'attaquants TA2101 utilisant le rançongiciel Maze. Ils sont fournis au format d'export MISP et peuvent …
Auteur: Cert FR

CERTFR-2020-IOC-001 : Rançongiciel Maze et groupe d’attaquants TA2101 (05 février 2020)

Les marqueurs techniques suivants sont associés en source ouverte au groupe d'attaquants TA2101 utilisant le rançongiciel Maze. Ils sont fournis au format d'export MISP et peuvent …
Auteur: Cert FR

CERTFR-2020-ACT-001 : Bulletin d’actualité CERTFR-2020-ACT-001 (05 février 2020)

Ces derniers mois, les solutions d'accès à distance sont ciblées par les attaquants dans le but de compromettre les systèmes d'information des entreprises qui les …
Auteur: Cert FR

CERTFR-2020-ACT-001 : Bulletin d’actualité CERTFR-2020-ACT-001 (05 février 2020)

Ces derniers mois, les solutions d'accès à distance sont ciblées par les attaquants dans le but de compromettre les systèmes d'information des entreprises qui les …
Auteur: Cert FR

Tutor LMS Plugin up to 1.5.2 on WordPress cross site request forgery

A vulnerability classified as problematic has been found in Tutor LMS Plugin up to 1.5.2 on WordPress. This affects some unknown functionality. Upgrading to version 1.5.3 eliminates this vulnerability.
Auteur: VulDB

Squid Web Proxy up to 4.9 NTLM Authentication ext_lm_group_acl Credentials denial of service

A vulnerability was found in Squid Web Proxy up to 4.9. It has been rated as problematic. Affected by this issue is the function ext_lm_group_acl of the component NTLM Authentication. Upgrading to version 4.10 eliminates this vulnerability.
Auteur: VulDB

Squid Web Proxy up to 4.9 Reverse Proxy memory corruption

A vulnerability was found in Squid Web Proxy up to 4.9. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Reverse Proxy. Upgrading to version 4.10 eliminates this vulnerability.
Auteur: VulDB

Squid Web Proxy up to 4.9 HTTP Requests privilege escalation

A vulnerability was found in Squid Web Proxy up to 4.9. It has been classified as critical. Affected is some unknown processing. Upgrading to version 4.10 eliminates this vulnerability.
Auteur: VulDB

klona up to 1.1.0 on npm Code Execution [CVE-2020-8125]

A vulnerability was found in klona up to 1.1.0 on npm and classified as critical. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

url-parse up to 1.4.4 on npm Security Check privilege escalation

A vulnerability has been found in url-parse up to 1.4.4 on npm and classified as critical. This vulnerability affects an unknown code of the component Security Check. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

strapi up to v3.0.0-beta.18.3 Admin Console Restart denial of service

A vulnerability, which was classified as problematic, was found in strapi up to v3.0.0-beta.18.3. This affects an unknown part of the component Admin Console. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Nextcloud Server 14.0.3 Expiration Date privilege escalation

A vulnerability, which was classified as critical, has been found in Nextcloud Server 14.0.3. Affected by this issue is some unknown functionality of the component Expiration Date Handler. There is no information about possible countermeasures...
Auteur: VulDB

Nextcloud Server 14.0.4 information disclosure [CVE-2020-8121]

A vulnerability classified as problematic was found in Nextcloud Server 14.0.4. Affected by this vulnerability is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Nextcloud Server 16.0.1 svg Generation Reflected cross site scripting

A vulnerability classified as problematic has been found in Nextcloud Server 16.0.1. Affected is an unknown function of the component svg Generation Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Nextcloud Server 17.0.0 Preview information disclosure

A vulnerability was found in Nextcloud Server 17.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Preview Handler. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

Nextcloud Server 16.0.1 Calendar Application Server-Side Request Forgery

A vulnerability was found in Nextcloud Server 16.0.1. It has been declared as critical. This vulnerability affects an unknown code block of the component Calendar Application. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Nextcloud Server 14.0.3 Permission information disclosure

A vulnerability was found in Nextcloud Server 14.0.3. It has been classified as problematic. This affects an unknown code of the component Permission. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

dot-prop up to 5.1.0 on npm unknown vulnerability [CVE-2020-8116]

A vulnerability was found in dot-prop up to 5.1.0 on npm and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB

Revive Adserver up to 5.0.3 afr.php Query String cross site scripting

A vulnerability has been found in Revive Adserver up to 5.0.3 (Advertising Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the file afr.php. There is no information about possible...
Auteur: VulDB

MariaDB 10.4.7/10.4.8/10.4.9/10.4.10/10.4.11 Symlink privilege escalation

A vulnerability, which was classified as critical, was found in MariaDB 10.4.7/10.4.8/10.4.9/10.4.10/10.4.11 (Database Software). Affected is an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB
First392393394395396397398399400401Last

Événements SSI