jeudi 17 octobre 2019    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Sofy.AI Plugin on Jenkins config.xml information disclosure

A vulnerability classified as problematic was found in Sofy.AI Plugin on Jenkins (affected version unknown). Affected by this vulnerability is an unknown code block of the file config.xml. There is no information about possible countermeasures...
Auteur: VulDB

Cadence vManager Plugin up to 2.7.0 on Jenkins Hostname Verification weak authentication

A vulnerability classified as critical has been found in Cadence vManager Plugin up to 2.7.0 on Jenkins. Affected is an unknown code of the component Hostname Verification. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Google Kubernetes Engine Plugin up to 0.7.0 on Jenkins Permission Check information disclosure

A vulnerability was found in Google Kubernetes Engine Plugin up to 0.7.0 on Jenkins. It has been rated as problematic. This issue affects an unknown part of the component Permission Check. There is no information about possible countermeasures...
Auteur: VulDB

Bumblebee HP ALM Plugin up to 4.1.3 on Jenkins Hostname Verification weak authentication

A vulnerability was found in Bumblebee HP ALM Plugin up to 4.1.3 on Jenkins. It has been declared as critical. This vulnerability affects some unknown functionality of the component Hostname Verification. There is no information about possible...
Auteur: VulDB

iceScrum Plugin up to 1.1.4 on Jenkins config.xml weak encryption

A vulnerability was found in iceScrum Plugin up to 1.1.4 on Jenkins. It has been classified as problematic. This affects an unknown functionality of the file config.xml. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

iceScrum Plugin up to 1.1.5 on Jenkins Permission Check privilege escalation

A vulnerability was found in iceScrum Plugin up to 1.1.5 on Jenkins and classified as critical. Affected by this issue is an unknown function of the component Permission Check. There is no information about possible countermeasures known. It may...
Auteur: VulDB

iceScrum Plugin up to 1.1.5 on Jenkins cross site request forgery

A vulnerability has been found in iceScrum Plugin up to 1.1.5 on Jenkins and classified as problematic. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

NeoLoad Plugin up to 2.2.5 on Jenkins Global Configuration config.xml weak encryption

A vulnerability, which was classified as problematic, was found in NeoLoad Plugin up to 2.2.5 on Jenkins. Affected is an unknown code block of the file config.xml of the component Global Configuration. There is no information about possible...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins Permission Check doFillCredentialsIdItems information disclosure

A vulnerability, which was classified as problematic, has been found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This issue affects the function doFillCredentialsIdItems of the component Permission Check. There is no...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins Permission Check privilege escalation

A vulnerability classified as critical was found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This vulnerability affects an unknown part of the component Permission Check. There is no information about possible countermeasures...
Auteur: VulDB

CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins cross site request forgery

A vulnerability classified as problematic has been found in CRX Content Package Deployer Plugin up to 1.8.1 on Jenkins. This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Google OAuth Credentials Plugin up to 0.9 on Jenkins privilege escalation

A vulnerability was found in Google OAuth Credentials Plugin up to 0.9 on Jenkins. It has been rated as critical. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

VU#927237: Multiple vulnerabilities in Pulse Secure VPN

Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24,2019. This addressed a number of vulnerabilities including a Remote Code Execution(RCE)vulnerability with pre-authentication...
Auteur: US Cert

CERTFR-2019-AVI-515 : Multiples vulnérabilités dans Cisco Aironet Access Points (16 octobre 2019)

De multiples vulnérabilités ont été découvertes dans Cisco Aironet Access Points. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à l'intégrité des...
Auteur: Cert FR

VMware Releases Security Update for Harbor Container Registry for PCF

Original release date: October 16, 2019 VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an...
Auteur: US Cert

IBM Workload Scheduler Distributed 9.2/9.3/9.4/9.5 privilege escalation

A vulnerability was found in IBM Workload Scheduler Distributed 9.2/9.3/9.4/9.5. It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Yale Bluetooth Key App Bluetooth Low Energy weak authentication

A vulnerability was found in Yale Bluetooth Key App (version unknown). It has been classified as critical. Affected is some unknown processing of the component Bluetooth Low Energy. There is no information about possible countermeasures known. It...
Auteur: VulDB

ReportLab up to 3.5.26 colors.py toColor XML Document Remote Code Execution

A vulnerability was found in ReportLab up to 3.5.26 and classified as critical. This issue affects the function toColor of the file colors.py. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Rambox 0.6.9 Service name Stored cross site scripting

A vulnerability has been found in Rambox 0.6.9 and classified as problematic. This vulnerability affects an unknown code of the component Service Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

CERTFR-2019-AVI-514 : Multiples vulnérabilités dans plusieurs produits SAP (16 octobre 2019)

De multiples vulnérabilités ont été découvertes dans plusieurs produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la...
Auteur: Cert FR

X.org X Server 1.20.4 ct.c_char XQueryKeymap memory corruption

A vulnerability, which was classified as critical, was found in X.org X Server 1.20.4. This affects the function XQueryKeymap of the file ct.c_char. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

MindPalette NateMail 3.0.15 POST Request Reflected cross site scripting

A vulnerability, which was classified as problematic, has been found in MindPalette NateMail 3.0.15. Affected by this issue is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 webproc getpage cross site scripting

A vulnerability classified as problematic was found in Netgear JNR1010 up to 1.0.0.31. Affected by this vulnerability is an unknown functionality of the file webproc. Upgrading to version 1.0.0.32 eliminates this vulnerability.
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 cgi-bin/webproc Parameter cross site request forgery

A vulnerability classified as problematic has been found in Netgear JNR1010 up to 1.0.0.31. Affected is an unknown function of the file cgi-bin/webproc of the component InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL. Upgrading to...
Auteur: VulDB

Netgear JNR1010 up to 1.0.0.31 Access Control privilege escalation

A vulnerability was found in Netgear JNR1010 up to 1.0.0.31. It has been rated as critical. This issue affects some unknown processing of the component Access Control. Upgrading to version 1.0.0.32 eliminates this vulnerability.
Auteur: VulDB
12345678910Last

Événements SSI

BLOCKCHAIN

Conférence et exposition sur les applications d'entreprise de la blockchain à Paris, cité universitaire internationale, les 13 et 14 novembre 2019. Organisés par Corp Agency.

TRUSTECH

Cet événement international dédié aux paiements, à l'identification et à la sécurité est organisé à Cannes (palais des festivals) du 26 au 28 novembre 2019. Organisé par Comexposium.

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS