jeudi 17 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

iceScrum Plugin up to 1.1.5 on Jenkins Permission Check privilege escalation

A vulnerability was found in iceScrum Plugin up to 1.1.5 on Jenkins and classified as critical. Affected by this issue is an unknown function of the component Permission Check. There is no information about possible countermeasures known. It may...
Auteur: VulDB

iceScrum Plugin up to 1.1.5 on Jenkins cross site request forgery

A vulnerability has been found in iceScrum Plugin up to 1.1.5 on Jenkins and classified as problematic. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

NeoLoad Plugin up to 2.2.5 on Jenkins Global Configuration config.xml weak encryption

A vulnerability, which was classified as problematic, was found in NeoLoad Plugin up to 2.2.5 on Jenkins. Affected is an unknown code block of the file config.xml of the component Global Configuration. There is no information about possible...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins Permission Check doFillCredentialsIdItems information disclosure

A vulnerability, which was classified as problematic, has been found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This issue affects the function doFillCredentialsIdItems of the component Permission Check. There is no...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins Permission Check privilege escalation

A vulnerability classified as critical was found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This vulnerability affects an unknown part of the component Permission Check. There is no information about possible countermeasures...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins cross site request forgery

A vulnerability classified as problematic has been found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Google OAuth Credentials Plugin up to 0.9 on Jenkins privilege escalation

A vulnerability was found in Google OAuth Credentials Plugin up to 0.9 on Jenkins. It has been rated as critical. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

VU#927237: Multiple vulnerabilities in Pulse Secure VPN

Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code Execution(RCE)vulnerability with pre-authentication...
Auteur: US Cert

CERTFR-2019-AVI-515 : Multiples vulnérabilités dans Cisco Aironet Access Points (16 octobre 2019)

De multiples vulnérabilités ont été découvertes dans Cisco Aironet Access Points. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

VMware Releases Security Update for Harbor Container Registry for PCF

Original release date: October 16, 2019 VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

IBM Workload Scheduler Distributed 9.2/9.3/9.4/9.5 privilege escalation

A vulnerability was found in IBM Workload Scheduler Distributed 9.2/9.3/9.4/9.5. It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Yale Bluetooth Key App Bluetooth Low Energy weak authentication

A vulnerability was found in Yale Bluetooth Key App (version unknown). It has been classified as critical. Affected is some unknown processing of the component Bluetooth Low Energy. There is no information about possible countermeasures known. It...
Auteur: VulDB

ReportLab up to 3.5.26 colors.py toColor XML Document Remote Code Execution

A vulnerability was found in ReportLab up to 3.5.26 and classified as critical. This issue affects the function toColor of the file colors.py. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Rambox 0.6.9 Service name Stored cross site scripting

A vulnerability has been found in Rambox 0.6.9 and classified as problematic. This vulnerability affects an unknown code of the component Service Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CERTFR-2019-AVI-514 : Multiples vulnérabilités dans plusieurs produits SAP (16 octobre 2019)

De multiples vulnérabilités ont été découvertes dans plusieurs produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

X.org X Server 1.20.4 ct.c_char XQueryKeymap memory corruption

A vulnerability, which was classified as critical, was found in X.org X Server 1.20.4. This affects the function XQueryKeymap of the file ct.c_char. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

MindPalette NateMail 3.0.15 POST Request Reflected cross site scripting

A vulnerability, which was classified as problematic, has been found in MindPalette NateMail 3.0.15. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 webproc getpage cross site scripting

A vulnerability classified as problematic was found in Netgear JNR1010 up to 1.0.0.31. Affected by this vulnerability is an unknown functionality of the file webproc. Upgrading to version 1.0.0.32 eliminates this vulnerability.
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 cgi-bin/webproc Parameter cross site request forgery

A vulnerability classified as problematic has been found in Netgear JNR1010 up to 1.0.0.31. Affected is an unknown function of the file cgi-bin/webproc of the component InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL. Upgrading to...
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 Access Control privilege escalation

A vulnerability was found in Netgear JNR1010 up to 1.0.0.31. It has been rated as critical. This issue affects some unknown processing of the component Access Control. Upgrading to version 1.0.0.32 eliminates this vulnerability.
Auteur: VulDB

CERTFR-2019-AVI-513 : Multiples vulnérabilités dans le noyau Linux RT de Red Hat (16 octobre 2019)

De multiples vulnérabilités ont été découvertes dans le noyau Linux RT de Red Hat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

Google Android Qualcomm Component unknown vulnerability [CVE-2019-10513]

A vulnerability was found in Google Android (Smartphone Operating System) (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown code block of the component Qualcomm Component. Applying a...
Auteur: VulDB

Google Android Qualcomm Component unknown vulnerability [CVE-2019-2295]

A vulnerability was found in Google Android (Smartphone Operating System) (the affected version unknown). It has been classified as problematic. This affects an unknown code of the component Qualcomm Component. Applying a patch is able to...
Auteur: VulDB

Google Android Qualcomm Component unknown vulnerability [CVE-2019-10490]

A vulnerability was found in Google Android (Smartphone Operating System) (affected version not known) and classified as problematic. Affected by this issue is an unknown part of the component Qualcomm Component. Applying a patch is able to...
Auteur: VulDB

Google Android Qualcomm Component unknown vulnerability [CVE-2019-2335]

A vulnerability has been found in Google Android (Smartphone Operating System) (affected version unknown) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component Qualcomm Component. Applying a...
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS