lundi 25 mai 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Open Build Service up to 2.10.4 OBS Package information disclosure

A vulnerability was found in Open Build Service up to 2.10.4. It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the component OBS Package Handler. Upgrading to version 2.10.5 eliminates this...
Auteur: VulDB

PCS DEXICON 3.4.1 login_action.jsp loginName cross site scripting

A vulnerability was found in PCS DEXICON 3.4.1. It has been classified as problematic. Affected is an unknown functionality of the file login_action.jsp. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

IBM Spectrum Scale up to 4.2.3.21/5.0.4.3 mmfsd/mmsdrserv denial of service

A vulnerability was found in IBM Spectrum Scale up to 4.2.3.21/5.0.4.3 and classified as problematic. This issue affects an unknown function of the component mmfsd/mmsdrserv. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

IBM Spectrum Scale up to 4.2.3.21/5.0.4.3 File System Component Argument Crash denial of service

A vulnerability has been found in IBM Spectrum Scale up to 4.2.3.21/5.0.4.3 and classified as problematic. This vulnerability affects some unknown processing of the component File System Component. There is no information about possible...
Auteur: VulDB

IBM InfoSphere Information Server 11.3/11.5/11.7 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.3/11.5/11.7 (Reporting Software). This affects an unknown code block of the component Web UI. There is no information about possible...
Auteur: VulDB

IBM InfoSphere Information Server 11.3/11.5/11.7 cross site request forgery

A vulnerability, which was classified as problematic, has been found in IBM InfoSphere Information Server 11.3/11.5/11.7 (Reporting Software). Affected by this issue is an unknown code. There is no information about possible countermeasures...
Auteur: VulDB

RESTEasy up to 3.11.x/4.5.x Header HTTP Response privilege escalation

A vulnerability classified as critical was found in RESTEasy up to 3.11.x/4.5.x. Affected by this vulnerability is an unknown part of the component Header Handler. Upgrading to version 3.12.0.Final or 4.6.0 eliminates this vulnerability.
Auteur: VulDB

Knot Resolver up to 5.1.0 DNS Answer Amplification denial of service

A vulnerability classified as problematic has been found in Knot Resolver up to 5.1.0. Affected is some unknown functionality of the component DNS Answer Handler. Upgrading to version 5.1.1 eliminates this vulnerability.
Auteur: VulDB

Unbound up to 1.10.0 DNS Answer Infinite Loop denial of service

A vulnerability was found in Unbound up to 1.10.0. It has been rated as problematic. This issue affects an unknown functionality of the component DNS Answer Handler. Upgrading to version 1.10.1 eliminates this vulnerability.
Auteur: VulDB

Unbound up to 1.10.0 Network Message Volume unknown vulnerability

A vulnerability was found in Unbound up to 1.10.0. It has been declared as problematic. This vulnerability affects an unknown function of the component Network Message Volume Handler. Upgrading to version 1.10.1 eliminates this vulnerability.
Auteur: VulDB

PowerDNS Recursor up to 4.3.0 SOA SyncRes::processAnswer Response weak authentication

A vulnerability was found in PowerDNS Recursor up to 4.3.0 (Domain Name Software). It has been classified as critical. This affects the function SyncRes::processAnswer of the component SOA Handler. There is no information about possible...
Auteur: VulDB

Micro Focus Service Manager up to 9.63 cross site scripting [CVE-2020-11845]

A vulnerability was found in Micro Focus Service Manager up to 9.63 and classified as problematic. Affected by this issue is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Sourcefabric Newscoop 4.4.7 File Upload /images/ privilege escalation

A vulnerability has been found in Sourcefabric Newscoop 4.4.7 and classified as critical. Affected by this vulnerability is an unknown code of the file /images/ of the component File Upload. There is no information about possible countermeasures...
Auteur: VulDB

Panasonic P99 up to 2020-04-10 Access Control privilege escalation

A vulnerability, which was classified as critical, was found in Panasonic P99 up to 2020-04-10. Affected is an unknown part of the component Access Control. The problem might be mitigated by replacing the product with as an alternative.
Auteur: VulDB

PowerDNS Recursor up to 4.1.15/4.2.1/4.3.0 Recursive Query Amplification privilege escalation

A vulnerability, which was classified as critical, has been found in PowerDNS Recursor up to 4.1.15/4.2.1/4.3.0 (Domain Name Software). This issue affects some unknown functionality of the component Recursive Query Handler. Upgrading to version...
Auteur: VulDB

Bluetooth BR EDR Core up to 5.2 Legacy Pairing weak authentication

A vulnerability classified as critical was found in Bluetooth BR EDR Core up to 5.2. This vulnerability affects an unknown functionality of the component Legacy Pairing. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Bluetooth Core up to 5.2 Pairing weak authentication

A vulnerability classified as critical has been found in Bluetooth Core up to 5.2. This affects an unknown function of the component Pairing Handler. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Surveillance des examens en ligne : les rappels et conseils de la CNIL

Dans le contexte de crise sanitaire liée au COVID-19, certains établissements d’enseignement supérieur publics et privés souhaitent notamment recourir à des outils numériques de télésurveillance afin d’organiser des examens à distance. La CNIL...
Auteur: Cnil

PowerDNS Recursor up to 4.3.0 gethostname() memory corruption

A vulnerability was found in PowerDNS Recursor up to 4.3.0. It has been rated as critical. Affected by this issue is the function gethostname(). There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

CERTFR-2020-AVI-302 : Multiples vulnérabilités dans Bind (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

CERTFR-2020-AVI-301 : Multiples vulnérabilités dans Ruby on Rails (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans Ruby on Rails. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une injection de requêtes...
Auteur: Cert FR

CERTFR-2020-AVI-300 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (19 mai 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.

Auteur: Cert FR

Micro Focus Enterprise Server/Enterprise Developer up to 5.0 Patch Update 7 Reflected cross site scripting

A vulnerability was found in Micro Focus Enterprise Server and Enterprise Developer up to 5.0 Patch Update 7. It has been declared as problematic. Affected by this vulnerability is an unknown code block. Applying the patch 5.0 Patch Update 8 is...
Auteur: VulDB

Horde Groupware Webmail Edition up to 5.2.21 Image View SVG Image Stored cross site scripting

A vulnerability was found in Horde Groupware Webmail Edition up to 5.2.21 (Groupware Software). It has been classified as problematic. Affected is an unknown code of the component Image View. Upgrading to version 5.2.22 eliminates this...
Auteur: VulDB

Gollem up to 3.0.12 dir Reflected cross site scripting

A vulnerability was found in Gollem up to 3.0.12 and classified as problematic. This issue affects an unknown part. Upgrading to version 3.0.13 eliminates this vulnerability.
Auteur: VulDB
First234567891011Last

Événements SSI