vendredi 3 avril 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Apple macOS up to 10.15.3 AppleGraphicsControl memory corruption

A vulnerability classified as critical has been found in Apple macOS up to 10.15.3. This affects some unknown processing of the component AppleGraphicsControl. Upgrading to version 10.15.4 eliminates this vulnerability. A possible mitigation has...
Auteur: VulDB

Apple macOS up to 10.15.3 Apple HSSPI Support memory corruption

A vulnerability was found in Apple macOS up to 10.15.3. It has been rated as critical. Affected by this issue is an unknown code block of the component Apple HSSPI Support. Upgrading to version 10.15.4 eliminates this vulnerability. A possible...
Auteur: VulDB

CERTFR-2020-AVI-184 : Multiples vulnérabilités dans Google Chrome OS (02 avril 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome OS. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-183 : Multiples vulnérabilités dans Apache Server (02 avril 2020)

De multiples vulnérabilités ont été découvertes dans Apache Server. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

L’ISO 27701, une norme internationale pour la protection des données personnelles

La norme ISO 27701 est une norme internationale qui décrit la gouvernance et les mesures de sécurité à mettre en place pour les traitements de données personnelles, en étendant deux normes bien connues de la sécurité informatique.
Auteur: Cnil

MS-ISAC Releases Advisory on DrayTek Devices

Original release date: April 1, 2020The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these...
Auteur: US Cert

Google Releases Security Updates for Chrome

Original release date: April 1, 2020Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and...
Auteur: US Cert

CERTFR-2020-CTI-003 : 🇬🇧 Attacks involving the Mespinoza/Pysa ransomware (01 avril 2020)

  In the past few weeks, ANSSI became aware of cyber attacks targeting French local authorities. These attacks involved ransomwares whose use resulted in several encrypted files. The …
Auteur: Cert FR

CERTFR-2020-AVI-182 : Multiples vulnérabilités dans Google Chrome (01 avril 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-181 : Multiples vulnérabilités dans le noyau Linux de SUSE (01 avril 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-180 : Multiples vulnérabilités dans le noyau Linux de Red Hat (01 avril 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une...
Auteur: Cert FR

PHP up to 7.2.8/7.3.15/7.4.33 URL get_headers() privilege escalation

A vulnerability was found in PHP up to 7.2.8/7.3.15/7.4.33 (Programming Language Software). It has been declared as critical. Affected by this vulnerability is the function get_headers() of the component URL Handler. Upgrading to version 7.2.9,...
Auteur: VulDB

PHP up to 7.3.15/7.4.33 UTF-32LE Encoding mb_strtolower() memory corruption

A vulnerability was found in PHP up to 7.3.15/7.4.33 (Programming Language Software). It has been classified as critical. Affected is the function mb_strtolower() of the component UTF-32LE Encoding Handler. Upgrading to version 7.3.16 or 7.4.34...
Auteur: VulDB

PHP up to 7.2.8/7.3.15/7.4.33 EXIF Data exif_read_data() information disclosure

A vulnerability was found in PHP up to 7.2.8/7.3.15/7.4.33 (Programming Language Software) and classified as problematic. This issue affects the function exif_read_data() of the component EXIF Data Handler. Upgrading to version 7.2.9, 7.3.16 or...
Auteur: VulDB

Elasticsearch up to 6.8.7/7.6.1 API Key Generation privilege escalation

A vulnerability has been found in Elasticsearch up to 6.8.7/7.6.1 and classified as critical. This vulnerability affects an unknown functionality of the component API Key Generation. There is no information about possible countermeasures known....
Auteur: VulDB

LifterLMS Plugin 3.37.15 on WordPress Code Execution directory traversal

A vulnerability, which was classified as critical, was found in LifterLMS Plugin 3.37.15 on WordPress (WordPress Plugin). This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Dell EMC iDRAC7/iDRAC8/iDRAC9 prior 2.65.65.65/2.70.70.70/4.00.00.00 Stack-based memory corruption

A vulnerability, which was classified as critical, has been found in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Affected by this issue is some unknown processing. Upgrading to version 2.65.65.65, 2.70.70.70 or 4.00.00.00 eliminates this vulnerability.
Auteur: VulDB

Leantime up to 2.0.14/2.1-beta2 searchUsers sql injection

A vulnerability classified as critical was found in Leantime up to 2.0.14/2.1-beta2. Affected by this vulnerability is an unknown code block. Upgrading to version 2.0.15 or 2.1-beta3 eliminates this vulnerability.
Auteur: VulDB

Bubblewrap up to 0.4.0 Permission privilege escalation

A vulnerability classified as critical has been found in Bubblewrap up to 0.4.0. Affected is an unknown code of the component Permission. Upgrading to version 0.4.1 eliminates this vulnerability.
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 Request Command privilege escalation

A vulnerability was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 Request Command privilege escalation

A vulnerability was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). It has been declared as critical. This vulnerability affects some unknown functionality. There is no information about possible countermeasures known. It may...
Auteur: VulDB

IBM Spectrum Protect Plus up to 10.1.5 Request directory traversal

A vulnerability was found in IBM Spectrum Protect Plus up to 10.1.5 (Backup Software). It has been classified as critical. This affects an unknown functionality. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

IBM Tivoli Netcool Impact up to 7.1.0.17 Error Message information disclosure

A vulnerability was found in IBM Tivoli Netcool Impact (Directory Service Software) and classified as problematic. Affected by this issue is an unknown function of the component Error Message Handler. There is no information about possible...
Auteur: VulDB

IBM Tivoli Netcool Impact up to 7.1.0.17 cross site request forgery

A vulnerability has been found in IBM Tivoli Netcool Impact (Directory Service Software) and classified as critical. Affected by this vulnerability is some unknown processing. There is no information about possible countermeasures known. It may...
Auteur: VulDB

IBM Tivoli Netcool Impact up to 7.1.0.17 cross site request forgery

A vulnerability, which was classified as critical, was found in IBM Tivoli Netcool Impact (Directory Service Software). Affected is an unknown code block. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB
First45678910111213Last

Événements SSI