mercredi 26 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6 Shared Calendar privilege escalation

A vulnerability was found in Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6. It has been declared as critical. This vulnerability affects some unknown functionality of the component Shared Calendar. Applying the patch 8.8.15 Patch 7 is...
Auteur: VulDB

Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6 WebEx Zimlet Server-Side Request Forgery

A vulnerability was found in Synacor Zimbra Collaboration Suite up to 8.8.15 Patch 6. It has been classified as critical. This affects an unknown functionality of the component WebEx Zimlet. Applying the patch 8.8.15 Patch 7 is able to eliminate...
Auteur: VulDB

FreeBSD libfetch URL Heap-based memory corruption

A vulnerability was found in FreeBSD (affected version not known) and classified as critical. Affected by this issue is an unknown function of the component libfetch. Upgrading eliminates this vulnerability.
Auteur: VulDB

CERTFR-2020-AVI-099 : Multiples vulnérabilités dans VMware vRealize Operations for Horizon (19 février 2020)

De multiples vulnérabilités ont été découvertes dans VMware vRealize Operations for Horizon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Auteur: Cert FR

CERTFR-2020-AVI-098 : Multiples vulnérabilités dans IBM Db2 (19 février 2020)

De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer un déni de service à distance et une élévation de privilèges.

Auteur: Cert FR

CERTFR-2020-AVI-097 : Vulnérabilité dans Fortinet FortiOS (19 février 2020)

Une vulnérabilité a été découverte dans Fortinet FortiOS. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Auteur: Cert FR

CERTFR-2020-AVI-096 : Multiples vulnérabilités dans le noyau linux d’Ubuntu (19 février 2020)

De multiples vulnérabilités ont été découvertes dans le noyau linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

TopManage OLK 2020 Session Cookie cross site scripting

A vulnerability has been found in TopManage OLK 2020 and classified as problematic. Affected by this vulnerability is some unknown processing of the component Session Cookie Handler. There is no information about possible countermeasures known....
Auteur: VulDB

TopManage OLK 2020 Login cross site request forgery

A vulnerability, which was classified as problematic, was found in TopManage OLK 2020. Affected is an unknown code block of the component Login. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

FreeBSD up to 12.0-RELEASE-p12 IPsec Packet Processor privilege escalation

A vulnerability, which was classified as critical, has been found in FreeBSD up to 12.0-RELEASE-p12 (Operating System). This issue affects an unknown code of the component IPsec Packet Processor. Upgrading to version 12.0-RELEASE-p13 eliminates...
Auteur: VulDB

ruamel.yaml up to 0.16.7 Code Execution [CVE-2019-20478]

A vulnerability classified as critical was found in ruamel.yaml up to 0.16.7. This vulnerability affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

PyYAML 5.1.0/5.1.1/5.1.2 load/load_all privilege escalation

A vulnerability classified as critical has been found in PyYAML 5.1.0/5.1.1/5.1.2. This affects the function load/load_all. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

Phoenix Contact FL NAT 2208/ FL NAT 2304-2GC-2SFP prior 2.90 Access Control privilege escalation

A vulnerability was found in Phoenix Contact FL NAT 2208 and FL NAT 2304-2GC-2SFP. It has been rated as critical. Affected by this issue is an unknown functionality of the component Access Control. Upgrading to version 2.90 eliminates this...
Auteur: VulDB

FreeBSD Core Dump File information disclosure [CVE-2019-15875]

A vulnerability was found in FreeBSD (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component Core Dump File Handler. Upgrading eliminates this vulnerability.
Auteur: VulDB

undefsafe up to 2.0.2 Prototype privilege escalation

A vulnerability was found in undefsafe up to 2.0.2. It has been classified as critical. Affected is some unknown processing. Upgrading to version 2.0.3 eliminates this vulnerability.
Auteur: VulDB

component-flatten Prototype privilege escalation [CVE-2019-10794]

A vulnerability was found in component-flatten (unknown version) and classified as critical. This issue affects an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

dot-object up to 2.1.2 Prototype privilege escalation

A vulnerability has been found in dot-object up to 2.1.2 and classified as critical. This vulnerability affects an unknown code. Upgrading to version 2.1.3 eliminates this vulnerability.
Auteur: VulDB

bodymen up to 1.1.0 Handler Function Prototype privilege escalation

A vulnerability, which was classified as critical, was found in bodymen up to 1.1.0. This affects an unknown part of the component Handler Function. Upgrading to version 1.1.1 eliminates this vulnerability.
Auteur: VulDB

promise-probe up to 0.9.x file/outputFile/options command injection

A vulnerability, which was classified as critical, has been found in promise-probe up to 0.9.x. Affected by this issue is the function file/outputFile/options. Upgrading to version 0.10.0 eliminates this vulnerability.
Auteur: VulDB

Phoenix Contact AXL F BK PN/AXL F BK ETH/AXL F BK ETH XC Request privilege escalation

A vulnerability classified as critical was found in Phoenix Contact AXL F BK PN, AXL F BK ETH and AXL F BK ETH XC (affected version unknown). Affected by this vulnerability is an unknown functionality. There is no information about possible...
Auteur: VulDB

GE Voluson S8 Kiosk Mode privilege escalation

A vulnerability was found in GE Voluson S8 (Medical Device Software) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown part of the component Kiosk Mode. The best possible mitigation is...
Auteur: VulDB

CERTFR-2020-AVI-095 : Multiples vulnérabilités dans le noyau Linux de Red Hat (18 février 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Auteur: Cert FR

WordPress Profile Builder Plugin Critical Vulnerability (CERT-EU Security Advisory 2020-008)

A critical vulnerability affecting the WordPress Profile Builder Plugin has been identified. Profile Builder is a plugin designed to create custom forms that allow users to register, edit their profile, etc. The plugin is affected by a broken...
Auteur: Cert EU

CA Unified Infrastructure Management up to 9.20 Robot Controller memory corruption

A vulnerability classified as critical has been found in CA Unified Infrastructure Management up to 9.20. Affected is an unknown function of the component Robot Controller. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

CA Unified Infrastructure Management up to 9.20 Robot Controller NULL Pointer Dereference denial of service

A vulnerability was found in CA Unified Infrastructure Management up to 9.20. It has been rated as problematic. This issue affects some unknown processing of the component Robot Controller. There is no information about possible countermeasures...
Auteur: VulDB
First3456789101112Last

Événements SSI