lundi 25 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Rockwell FactoryTalk Linx Software EDS Subsystem sql injection

A vulnerability was found in Rockwell FactoryTalk Linx Software, RSLinx Classic, RSNetWorx Software and Logix Designer Software (affected version not known). It has been rated as critical. Affected by this issue is an unknown function of the...
Auteur: VulDB

DNS Protocol Vulnerability (CERT-EU Security Advisory 2020-027)

On 19th of May 2020 a new DNS protocol vulnerability was made public. It was discovered by researchers from Tel Aviv University and the Interdisciplinary Center in Israel. Disclosed vulnerability abuses DNS delegation mechanism to force DNS...
Auteur: Cert EU

CERTFR-2020-AVI-307 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (20 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-306 : Multiples vulnérabilités dans le noyau Linux de Red Hat (20 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-305 : Vulnérabilité dans VMware Cloud Director (20 mai 2020)

Une vulnérabilité a été découverte dans VMware Cloud Director. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2020-AVI-304 : Multiples vulnérabilités dans Google Chrome (20 mai 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-303 : Vulnérabilité dans Wireshark (20 mai 2020)

Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

jQuery up to 1.8.x load Whitespace cross site scripting

A vulnerability was found in jQuery up to 1.8.x (JavaScript Library). It has been declared as problematic. Affected by this vulnerability is the function load. Upgrading to version 1.9.0 eliminates this vulnerability.
Auteur: VulDB

HPE Nimble Storage System prior 3.9.3.0/4.5.6.0/5.0.9.0/5.1.4.100 privilege escalation

A vulnerability was found in HPE Nimble Storage System. It has been classified as critical. Affected is an unknown code block. Upgrading to version 3.9.3.0, 4.5.6.0, 5.0.9.0 or 5.1.4.100 eliminates this vulnerability.
Auteur: VulDB

HPE Nimble Storage System prior 3.9.3.0/4.5.6.0/5.0.9.0/5.1.4.100 Code Execution

A vulnerability was found in HPE Nimble Storage System and classified as critical. This issue affects an unknown code. Upgrading to version 3.9.3.0, 4.5.6.0, 5.0.9.0 or 5.1.4.100 eliminates this vulnerability.
Auteur: VulDB

HPE Superdome Flex Server prior 3.25.46 RMC privilege escalation

A vulnerability has been found in HPE Superdome Flex Server and classified as critical. This vulnerability affects an unknown part of the component RMC. Upgrading to version 3.25.46 eliminates this vulnerability.
Auteur: VulDB

Kata Containers up to 1.10.x Cloud Hypervisor Image File privilege escalation

A vulnerability, which was classified as critical, was found in Kata Containers up to 1.10.x (Virtualization Software). This affects some unknown functionality of the component Cloud Hypervisor. Upgrading to version 1.11.0 eliminates this...
Auteur: VulDB

Kata Containers up to 1.10.x Mount denial of service

A vulnerability, which was classified as problematic, has been found in Kata Containers up to 1.10.x (Virtualization Software). Affected by this issue is an unknown functionality of the component Mount Handler. Upgrading to version 1.11.0...
Auteur: VulDB

Netsweeper up to 6.4.3 Referer unixlogin.php Shell Metacharacter Code Execution

A vulnerability classified as critical was found in Netsweeper up to 6.4.3. Affected by this vulnerability is an unknown function of the file webadmin/tools/unixlogin.php of the component Referer Handler. There is no information about possible...
Auteur: VulDB

MyLittleAdmin 3.8 Management Tool machineKey privilege escalation

A vulnerability classified as critical has been found in MyLittleAdmin 3.8. Affected is some unknown processing of the component Management Tool. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Wireshark up to 3.2.3 NFS Dissector packet-nfs.c denial of service

A vulnerability was found in Wireshark (Packet Analyzer Software). It has been rated as problematic. This issue affects an unknown code block of the file epan/dissectors/packet-nfs.c of the component NFS Dissector. There is no information about...
Auteur: VulDB

em-imap 0.5 Library Eventmachine Man-in-the-Middle weak authentication

A vulnerability was found in em-imap 0.5. It has been declared as problematic. This vulnerability affects an unknown code of the component Library Eventmachine. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

FactoryTalk Linx Software EDS Subsystem Crash denial of service

A vulnerability was found in FactoryTalk Linx Software, RSLinx Classic, RSNetWorx Software and Logix Designer Software (the affected version unknown). It has been classified as problematic. This affects an unknown part of the component EDS...
Auteur: VulDB

iFAX AvantFAX/HylaFAX Enterprise Web Interface sendfax.php command injection

A vulnerability was found in iFAX AvantFAX and HylaFAX Enterprise Web Interface (affected version not known) and classified as critical. Affected by this issue is some unknown functionality of the file sendfax.php of the component Web Interface....
Auteur: VulDB

dpdk up to 18.11 vhost Crypto Library Out-of-Bounds information disclosure

A vulnerability has been found in dpdk up to 18.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component vhost Crypto Library. There is no information about possible countermeasures known. It...
Auteur: VulDB

dpdk 17.05 Integer memory corruption

A vulnerability, which was classified as critical, was found in dpdk 17.05. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

dpdk 18.05 vhost_user_set_log_base() memory corruption

A vulnerability, which was classified as critical, has been found in dpdk 18.05. This issue affects the function vhost_user_set_log_base(). There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

ISC BIND up to 9.17.1 TSIG tsig.c Message denial of service

A vulnerability classified as problematic was found in ISC BIND up to 9.17.1 (Domain Name Software). This vulnerability affects an unknown code block of the file tsig.c of the component TSIG Handler. Upgrading to version 9.11.19, 9.14.12 or...
Auteur: VulDB

ISC BIND up to 9.17.1 Fetch privilege escalation

A vulnerability classified as critical has been found in ISC BIND up to 9.17.1 (Domain Name Software). This affects an unknown code of the component Fetch Handler. Upgrading to version 9.11.19, 9.14.12 or 9.16.3 eliminates this vulnerability.
Auteur: VulDB

Jenzabar JICS up to 9.0.1 Patch 2/9.1.2 Patch 1/9.2.2 Patch 7 Session Cookie weak authentication

A vulnerability was found in Jenzabar JICS up to 9.0.1 Patch 2/9.1.2 Patch 1/9.2.2 Patch 7. It has been rated as problematic. Affected by this issue is an unknown part of the component Session Cookie Handler. Applying the patch 9.0.1 Patch...
Auteur: VulDB
12345678910Last

Événements SSI