samedi 25 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Citrix Releases Security Updates for SD-WAN WANOP

Original release date: January 23, 2020Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also...
Auteur: US Cert

Cisco Releases Security Updates

Original release date: January 23, 2020Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing...
Auteur: US Cert

CERTFR-2020-AVI-055 : Multiples vulnérabilités dans les produits Cisco (23 janvier 2020)

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-054 : Multiples vulnérabilités dans PHP (23 janvier 2020)

De multiples vulnérabilités ont été découvertes dans PHP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-053 : Multiples vulnérabilités dans Google Chrome OS (23 janvier 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-052 : Multiples vulnérabilités dans le noyau Linux de SUSE (23 janvier 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la...
Auteur: Cert FR

Eaton 5P 850 Ubicacion SAI cross site scripting

A vulnerability classified as problematic has been found in Eaton 5P 850 (the affected version unknown). This affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Calculated Fields Form Plugin up to 1.0.353 on WordPress Stored cross site scripting

A vulnerability was found in Calculated Fields Form Plugin up to 1.0.353 on WordPress (WordPress Plugin). It has been rated as problematic. Affected by this issue is an unknown part. There is no information about possible countermeasures known....
Auteur: VulDB

Elementor Page Builder Plugin up to 2.8.3 on WordPress Template unknown vulnerability

A vulnerability was found in Elementor Page Builder Plugin up to 2.8.3 on WordPress (WordPress Plugin). It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component Template Handler. Upgrading...
Auteur: VulDB

Honeywell MAXPRO VMS/MAXPRO NVR up to 5.6 Web User Interface sql injection

A vulnerability was found in Honeywell MAXPRO VMS and MAXPRO NVR up to 5.6. It has been classified as critical. Affected is an unknown functionality of the component Web User Interface. There is no information about possible countermeasures...
Auteur: VulDB

Honeywell MAXPRO VMS/MAXPRO NVR up to 5.6 Deserialization Web Request Remote Code Execution

A vulnerability was found in Honeywell MAXPRO VMS and MAXPRO NVR up to 5.6 and classified as critical. This issue affects an unknown function of the component Deserialization. There is no information about possible countermeasures known. It may...
Auteur: VulDB

uftpd up to 2.10 FTP Command compose_abspath() directory traversal

A vulnerability has been found in uftpd up to 2.10 (File Transfer Software) and classified as critical. This vulnerability affects the function compose_abspath() of the component FTP Command Handler. Upgrading to version 2.11 eliminates this...
Auteur: VulDB

MSX Configurator prior 1.0.8.1 Search Path privilege escalation

A vulnerability, which was classified as critical, was found in MSX Configurator. This affects an unknown code block. Upgrading to version 1.0.8.1 eliminates this vulnerability.
Auteur: VulDB

Forcepoint Web Security 8.x Header Host cross site scripting

A vulnerability, which was classified as problematic, has been found in Forcepoint Web Security 8.x (Anti-Malware Software). Affected by this issue is an unknown code of the component Header Handler. There is no information about possible...
Auteur: VulDB

Rapid7 AppSpider up to 3.8.213 Chrome Plugin weak authentication

A vulnerability classified as problematic was found in Rapid7 AppSpider up to 3.8.213. Affected by this vulnerability is an unknown part of the component Chrome Plugin. Upgrading to version 3.8.215 eliminates this vulnerability.
Auteur: VulDB

Parity libsecp256k1-rs up to 0.3.0 Scalar::check_overflow information disclosure

A vulnerability classified as problematic has been found in Parity libsecp256k1-rs up to 0.3.0. Affected is the function Scalar::check_overflow. Upgrading to version 0.3.1 eliminates this vulnerability.
Auteur: VulDB

libyang up to 1.0-r2 lys_extension_instances_free() denial of service

A vulnerability was found in libyang up to 1.0-r2. It has been rated as problematic. This issue affects the function lys_extension_instances_free(). Upgrading to version 1.0-r3 eliminates this vulnerability.
Auteur: VulDB

libyang prior 1.0-r1 yyparse() Application denial of service

A vulnerability was found in libyang. It has been declared as problematic. This vulnerability affects the function yyparse(). Upgrading to version 1.0-r1 eliminates this vulnerability.
Auteur: VulDB

libyang prior 1.0-r1 lys_parse_path Pattern denial of service

A vulnerability was found in libyang. It has been classified as problematic. This affects the function lys_parse_path. Upgrading to version 1.0-r1 eliminates this vulnerability.
Auteur: VulDB

libyang prior 1.0-r1 Memory Consumption denial of service

A vulnerability was found in libyang and classified as problematic. Affected by this issue is an unknown code block. Upgrading to version 1.0-r1 eliminates this vulnerability.
Auteur: VulDB

libyang up to 1.0-r2 yyparse() memory corruption

A vulnerability has been found in libyang up to 1.0-r2 and classified as critical. Affected by this vulnerability is the function yyparse(). Upgrading to version 1.0-r3 eliminates this vulnerability.
Auteur: VulDB

libyang prior 1.0-r1 yyparse() memory corruption

A vulnerability, which was classified as critical, was found in libyang. Affected is the function yyparse(). Upgrading to version 1.0-r1 eliminates this vulnerability.
Auteur: VulDB

libyang prior 1.0-r1 resolve_feature_value() denial of service

A vulnerability, which was classified as problematic, has been found in libyang. This issue affects the function resolve_feature_value(). Upgrading to version 1.0-r1 eliminates this vulnerability.
Auteur: VulDB

libyang up to 1.0-r2 resolve_feature_value() denial of service

A vulnerability classified as problematic was found in libyang up to 1.0-r2. This vulnerability affects the function resolve_feature_value(). Upgrading to version 1.0-r3 eliminates this vulnerability.
Auteur: VulDB

Ruckus Wireless Unleashed up to 200.7.10.102.64 Access Control /tmp HTTP Request information disclosure

A vulnerability classified as problematic has been found in Ruckus Wireless Unleashed up to 200.7.10.102.64. This affects an unknown function of the file /tmp of the component Access Control. There is no information about possible countermeasures...
Auteur: VulDB
12345678910Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS