mardi 25 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

CERTFR-2020-AVI-102 : Vulnérabilité dans Cisco Content Security Management Appliance (20 février 2020)

Une vulnérabilité a été découverte dans Cisco Content Security Management Appliance. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-101 : Multiples vulnérabilités dans Cisco Email Security Appliance (ESA) (20 février 2020)

De multiples vulnérabilités ont été découvertes dans Cisco Email Security Appliance. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-100 : Multiples vulnérabilités dans Cisco Data Center Network Manager (20 février 2020)

De multiples vulnérabilités ont été découvertes dans Cisco Data Center Network Manager. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection de requêtes illégitimes par rebond (CSRF).

Auteur: Cert FR

Western Digital WesternDigitalSSDDashboardSetup.exe prior 3.0.2.0 DLL privilege escalation

A vulnerability was found in Western Digital WesternDigitalSSDDashboardSetup.exe and classified as critical. This issue affects an unknown part of the component DLL Handler. Upgrading to version 3.0.2.0 eliminates this vulnerability.
Auteur: VulDB

Hitron CODA-4582U 7.1.1.30 Managed Device cross site scripting

A vulnerability has been found in Hitron CODA-4582U 7.1.1.30 and classified as problematic. This vulnerability affects some unknown functionality of the component Managed Device Handler. There is no information about possible countermeasures...
Auteur: VulDB

Jyaml up to 1.3 load() privilege escalation

A vulnerability, which was classified as critical, was found in Jyaml up to 1.3. This affects the function load(). There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Puppet Enterprise 6.13.0 puppet.conf Certificate weak authentication

A vulnerability, which was classified as problematic, has been found in Puppet Enterprise 6.13.0. Affected by this issue is an unknown function of the file puppet.conf. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Emerson OpenEnterprise SCADA Server up to 2.83 Modbus Heap-based memory corruption

A vulnerability classified as critical was found in Emerson OpenEnterprise SCADA Server up to 2.83. Affected by this vulnerability is some unknown processing of the component Modbus. There is no information about possible countermeasures known....
Auteur: VulDB

coTURN 4.5.1.1 HTTP POST Request Crash denial of service

A vulnerability classified as problematic has been found in coTURN 4.5.1.1. Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

coTURN 4.5.1.1 HTTP POST Request Heap-based memory corruption

A vulnerability was found in coTURN 4.5.1.1. It has been rated as critical. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

VMware vRealize Operations up to 6.6.0/6.7.0 information disclosure

A vulnerability was found in VMware vRealize Operations up to 6.6.0/6.7.0. It has been declared as problematic. This vulnerability affects an unknown part. Upgrading to version 6.6.1 or 6.7.1 eliminates this vulnerability.
Auteur: VulDB

VMware vRealize Operations up to 6.6.0/6.7.0 Trust Store weak authentication

A vulnerability was found in VMware vRealize Operations up to 6.6.0/6.7.0. It has been classified as critical. This affects some unknown functionality of the component Trust Store. Upgrading to version 6.6.1 or 6.7.1 eliminates this vulnerability.
Auteur: VulDB

VMware vRealize Operations up to 6.6.0/6.7.0 JMX RMI Service privilege escalation

A vulnerability was found in VMware vRealize Operations up to 6.6.0/6.7.0 and classified as critical. Affected by this issue is an unknown functionality of the component JMX RMI Service. Upgrading to version 6.6.1 or 6.7.1 eliminates this...
Auteur: VulDB

Cisco Unified Contact Center Enterprise Live Data Server Crafted Packet denial of service

A vulnerability has been found in Cisco Unified Contact Center Enterprise (affected version unknown) and classified as problematic. Affected by this vulnerability is an unknown function of the component Live Data Server. Upgrading eliminates this...
Auteur: VulDB

Cisco Meeting Server Extensible Messaging and Presence Protocol Crash denial of service

A vulnerability, which was classified as problematic, was found in Cisco Meeting Server (Unified Communication Software) (version unknown). Affected is some unknown processing of the component Extensible Messaging and Presence Protocol. Upgrading...
Auteur: VulDB

Cisco Finesse Web-based Management Interface cross site scripting

A vulnerability, which was classified as problematic, has been found in Cisco Finesse (unknown version). This issue affects an unknown code block of the component Web-based Management Interface. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Smart Software Manager On-Prem High Availability Service information disclosure

A vulnerability classified as problematic was found in Cisco Smart Software Manager On-Prem (the affected version is unknown). This vulnerability affects an unknown code of the component High Availability Service. Upgrading eliminates this...
Auteur: VulDB

Cisco Identity Services Engine Log Stored cross site scripting

A vulnerability classified as problematic has been found in Cisco Identity Services Engine (Policy Management Software) (the affected version unknown). This affects an unknown part of the component Log Handler. Upgrading eliminates this...
Auteur: VulDB

Cisco Cloud Web Security Web-based Management Interface sql injection

A vulnerability was found in Cisco Cloud Web Security (Anti-Malware Software) (affected version not known). It has been rated as critical. Affected by this issue is some unknown functionality of the component Web-based Management Interface....
Auteur: VulDB

Cisco AnyConnect Secure Mobility Client on Windows privilege escalation

A vulnerability was found in Cisco AnyConnect Secure Mobility Client on Windows (Network Encryption Software) (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown functionality. Upgrading...
Auteur: VulDB

Cisco Enterprise NFV Infrastructure Software Signature Validation privilege escalation

A vulnerability was found in Cisco Enterprise NFV Infrastructure Software (version unknown). It has been classified as critical. Affected is an unknown function of the component Signature Validation. Upgrading eliminates this vulnerability.
Auteur: VulDB

Cisco Email Security Appliance Email Message Scanner denial of service

A vulnerability was found in Cisco Email Security Appliance (Anti-Malware Software) (unknown version) and classified as problematic. This issue affects some unknown processing of the component Email Message Scanner. Upgrading eliminates this...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface cross site request forgery

A vulnerability has been found in Cisco Data Center Network Manager (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown code block of the component Web-based Management Interface. Upgrading...
Auteur: VulDB

Cisco Data Center Network Manager Web-based Management Interface cross site scripting

A vulnerability, which was classified as problematic, was found in Cisco Data Center Network Manager (the affected version unknown). This affects an unknown code of the component Web-based Management Interface. Upgrading eliminates this...
Auteur: VulDB

Cisco Data Center Network Manager REST API Endpoint privilege escalation

A vulnerability, which was classified as critical, has been found in Cisco Data Center Network Manager (affected version not known). Affected by this issue is an unknown part of the component REST API Endpoint. Upgrading eliminates this...
Auteur: VulDB
12345678910Last

Événements SSI