samedi 18 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Redgate SQL Change Automation Plugin up to 2.0.4 on Jenkins config.xml information disclosure

A vulnerability was found in Redgate SQL Change Automation Plugin up to 2.0.4 on Jenkins. It has been rated as problematic. This issue affects some unknown processing of the file config.xml. There is no information about possible countermeasures...
Auteur: VulDB

Health Advisor by CloudBees Plugin up to 3.0 on Jenkins Permission Check privilege escalation

A vulnerability was found in Health Advisor by CloudBees Plugin up to 3.0 on Jenkins. It has been declared as critical. This vulnerability affects an unknown code block of the component Permission Check. There is no information about possible...
Auteur: VulDB

Health Advisor by CloudBees Plugin up to 3.0 on Jenkins cross site request forgery

A vulnerability was found in Health Advisor by CloudBees Plugin up to 3.0 on Jenkins. It has been classified as problematic. This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Robot Framework Plugin up to 2.0.0 on Jenkins XML Parser XML Document XML External Entity

A vulnerability was found in Robot Framework Plugin up to 2.0.0 on Jenkins and classified as critical. Affected by this issue is an unknown part of the component XML Parser. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Amazon EC2 Plugin up to 1.47 on Jenkins Permission Check privilege escalation

A vulnerability has been found in Amazon EC2 Plugin up to 1.47 on Jenkins and classified as critical. Affected by this vulnerability is some unknown functionality of the component Permission Check. There is no information about possible...
Auteur: VulDB

Amazon EC2 Plugin up to 1.47 on Jenkins cross site request forgery

A vulnerability, which was classified as problematic, was found in Amazon EC2 Plugin up to 1.47 on Jenkins. Affected is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Apache Beam MongoDB Connector up to 2.16.0 Certificate Verification weak authentication

A vulnerability, which was classified as critical, has been found in Apache Beam MongoDB Connector up to 2.16.0. This issue affects an unknown function of the component Certificate Verification. There is no information about possible...
Auteur: VulDB

Juniper Junos Space up to 19.3 HTTP Packet Local File Inclusion

A vulnerability classified as problematic was found in Juniper Junos Space up to 19.3. This vulnerability affects some unknown processing. Upgrading to version 19.4R1 eliminates this vulnerability.
Auteur: VulDB

Juniper Junos JDHCPD IPv6 Packet Command privilege escalation

A vulnerability classified as critical has been found in Juniper Junos (the affected version unknown). This affects an unknown code block of the component JDHCPD. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos Subscriber Management IPv6 Packet Crash denial of service

A vulnerability was found in Juniper Junos (affected version not known). It has been rated as critical. Affected by this issue is an unknown code of the component Subscriber Management. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos J-Web cross site scripting [CVE-2020-1607]

A vulnerability was found in Juniper Junos (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component J-Web. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos J-Web directory traversal [CVE-2020-1606]

A vulnerability was found in Juniper Junos (version unknown). It has been classified as critical. Affected is some unknown functionality of the component J-Web. Upgrading eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-041 : Multiples vulnérabilités dans Wireshark (16 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Wireshark. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Juniper Junos JDHCPD IPv4 Packet Command privilege escalation

A vulnerability was found in Juniper Junos (Router Operating System) (unknown version) and classified as critical. This issue affects an unknown functionality of the component JDHCPD. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos IP Firewall Filter IPv6 Packet privilege escalation

A vulnerability has been found in Juniper Junos (Router Operating System) (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function of the component IP Firewall Filter. Upgrading eliminates this...
Auteur: VulDB

Juniper Junos Routing Engine IPv6 Packet Memory Leak denial of service

A vulnerability, which was classified as critical, was found in Juniper Junos (the affected version unknown). This affects some unknown processing of the component Routing Engine. Upgrading eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-040 : Vulnérabilité dans Fortinet FortiSIEM (16 janvier 2020)

Une vulnérabilité a été découverte dans Fortinet FortiSIEM. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Juniper Junos JDHCPD IPv4 Packet Code Execution

A vulnerability, which was classified as critical, has been found in Juniper Junos (affected version not known). Affected by this issue is an unknown code block of the component JDHCPD. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos pccd PCEP Packet Crash denial of service

A vulnerability classified as problematic was found in Juniper Junos (affected version unknown). Affected by this vulnerability is an unknown code of the component pccd. Upgrading eliminates this vulnerability.
Auteur: VulDB

Juniper Junos SNMP Loop denial of service

A vulnerability classified as critical has been found in Juniper Junos (version unknown). Affected is an unknown part of the component SNMP Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

Microsoft Windows 10 1803/Server 2019 RDP Session Lockscreen weak authentication

A vulnerability was found in Microsoft Windows 10 1803/Server 2019 (Operating System). It has been rated as critical. This issue affects some unknown functionality of the component RDP Session Handler. It is possible to mitigate the problem by...
Auteur: VulDB

CERTFR-2020-AVI-039 : Multiples vulnérabilités dans les produits Symantec (16 janvier 2020)

De multiples vulnérabilités ont été découvertes dans les produits Symantec. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de code indirecte à distance (XSS).

Auteur: Cert FR

AutoMobility Distribution App up to 3.4.23 on iOS/Android MyCar Controls weak authentication

A vulnerability was found in AutoMobility Distribution App up to 3.4.23 on iOS/Android. It has been declared as critical. This vulnerability affects an unknown functionality of the component MyCar Controls. Upgrading eliminates this vulnerability.
Auteur: VulDB

Bitbucket Server/Data Center up to 6.9.0 Post-Receive Hook Remote Code Execution

A vulnerability was found in Bitbucket Server and Data Center up to 6.9.0. It has been classified as critical. This affects an unknown function of the component Post-Receive Hook. Upgrading to version 5.16.11, 6.0.11, 6.1.9, 6.2.7, 6.3.6, 6.4.4,...
Auteur: VulDB

Serpico 1.3.0 author unknown vulnerability

A vulnerability was found in Serpico 1.3.0 and classified as critical. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS