dimanche 16 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

NUnit Plugin up to 0.25 on Jenkins XML Parser XML External Entity

A vulnerability has been found in NUnit Plugin up to 0.25 on Jenkins and classified as critical. Affected by this vulnerability is some unknown functionality of the component XML Parser. There is no information about possible countermeasures...
Auteur: VulDB

S3 publisher Plugin up to 0.11.4 on Jenkins Configuration Credentials weak encryption

A vulnerability, which was classified as problematic, was found in S3 publisher Plugin up to 0.11.4 on Jenkins. Affected is an unknown functionality of the component Configuration Handler. There is no information about possible countermeasures...
Auteur: VulDB

Git Parameter Plugin up to 0.9.11 on Jenkins Stored cross site scripting

A vulnerability, which was classified as problematic, has been found in Git Parameter Plugin up to 0.9.11 on Jenkins. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Git Parameter Plugin up to 0.9.11 on Jenkins name Stored cross site scripting

A vulnerability classified as problematic was found in Git Parameter Plugin up to 0.9.11 on Jenkins. This vulnerability affects some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Subversion Plugin up to 2.13.0 on Jenkins Error Message Stored cross site scripting

A vulnerability classified as problematic has been found in Subversion Plugin up to 2.13.0 on Jenkins. This affects an unknown code block of the component Error Message Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Script Security Plugin up to 1.69 on Jenkins Sandbox privilege escalation

A vulnerability was found in Script Security Plugin up to 1.69 on Jenkins. It has been rated as critical. Affected by this issue is an unknown code of the component Sandbox. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Groovy Plugin up to 2.78 on Jenkins Sandbox privilege escalation

A vulnerability was found in Groovy Plugin up to 2.78 on Jenkins. It has been declared as critical. Affected by this vulnerability is an unknown part of the component Sandbox. There is no information about possible countermeasures known. It may...
Auteur: VulDB

IBM Content Navigator 3.0CD Request Server-Side Request Forgery

A vulnerability was found in IBM Content Navigator 3.0CD. It has been classified as critical. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object...
Auteur: VulDB

IBM Rational Publishing Engine 6.0.6/6.0.6.1 Web UI cross site scripting

A vulnerability was found in IBM Rational Publishing Engine 6.0.6/6.0.6.1 and classified as problematic. This issue affects an unknown functionality of the component Web UI. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Cloud CLI up to 0.16.1 Windows Installer weak authentication

A vulnerability has been found in IBM Cloud CLI up to 0.16.1 and classified as problematic. This vulnerability affects an unknown function of the component Windows Installer. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Application Links Plugin prior 5.4.21 on Atlassian Bitbucket Server HTTP Requests cross site request forgery

A vulnerability, which was classified as problematic, was found in Application Links Plugin on Atlassian Bitbucket Server. This affects some unknown processing. Upgrading to version 5.4.21 eliminates this vulnerability.
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.6.x VerifyPopServerConnection!add.jspa HTTP Requests cross site request forgery

A vulnerability, which was classified as problematic, has been found in Atlassian JIRA Server and Data Center up to 8.6.x. Affected by this issue is an unknown code block of the file VerifyPopServerConnection!add.jspa. Upgrading to version 8.7.0...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.6.x VerifySmtpServerConnection!add.jspa HTTP Requests cross site request forgery

A vulnerability classified as problematic was found in Atlassian JIRA Server and Data Center up to 8.6.x. Affected by this vulnerability is an unknown code of the file VerifySmtpServerConnection!add.jspa. Upgrading to version 8.7.0 eliminates...
Auteur: VulDB

runc up to 1.0.0-rc9 Access Control rootfs_linux.go privilege escalation

A vulnerability classified as critical has been found in runc up to 1.0.0-rc9. Affected is an unknown part of the file libcontainer/rootfs_linux.go of the component Access Control. There is no information about possible countermeasures known. It...
Auteur: VulDB

Telink Semiconductor BLE SDK Bluetooth Low Energy Crafted Packet memory corruption

A vulnerability was found in Telink Semiconductor BLE SDK (unknown version). It has been rated as critical. This issue affects some unknown functionality of the component Bluetooth Low Energy. There is no information about possible...
Auteur: VulDB

Telink Semiconductor BLE SDK Bluetooth Low Energy Request privilege escalation

A vulnerability was found in Telink Semiconductor BLE SDK (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown functionality of the component Bluetooth Low Energy. There is no information...
Auteur: VulDB

Cypress PSoC 4 up to 3.61 Bluetooth Low Energy Crash denial of service

A vulnerability was found in Cypress PSoC 4 up to 3.61. It has been classified as problematic. This affects an unknown function of the component Bluetooth Low Energy. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Realtek NDIS Driver 10.1.505.2015 rt640x64.sys memory corruption

A vulnerability was found in Realtek NDIS Driver 10.1.505.2015 and classified as very critical. Affected by this issue is some unknown processing in the library rt640x64.sys. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

Original release date: February 12, 2020The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice,...
Auteur: US Cert

FBI Releases IC3 2019 Internet Crime Report

Original release date: February 12, 2020The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3...
Auteur: US Cert

CERTFR-2020-AVI-087 : Multiples vulnérabilités dans les produits Intel (12 février 2020)

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-086 : Vulnérabilité dans Aruba Networks Intelligent Edge Switches (12 février 2020)

Une vulnérabilité a été découverte dans Aruba Networks Intelligent Edge Switches. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-085 : Vulnérabilité dans Schneider ProSoft Configurator (12 février 2020)

Une vulnérabilité a été découverte dans Schneider ProSoft Configurator. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

MISP up to 2.4.120 ACL ThreadsController.php unknown vulnerability

A vulnerability has been found in MISP up to 2.4.120 and classified as problematic. Affected by this vulnerability is an unknown code block of the file app/Controller/ThreadsController.php of the component ACL Handler. Upgrading to version...
Auteur: VulDB

MISP up to 2.4.120 Galaxy View view.ctp String unknown vulnerability

A vulnerability, which was classified as problematic, was found in MISP up to 2.4.120. Affected is an unknown code of the file app/View/Galaxies/view.ctp of the component Galaxy View. Upgrading to version 2.4.121 eliminates this vulnerability.
Auteur: VulDB
First234567891011Last

Événements SSI