samedi 6 juin 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Self-Organizing Swarm Plug-in Modules Plugin up to 3.20 on Jenkins API Endpoint privilege escalation

A vulnerability classified as critical was found in Self-Organizing Swarm Plug-in Modules Plugin up to 3.20 on Jenkins. This vulnerability affects an unknown function of the component API Endpoint. There is no information about possible...
Auteur: VulDB

Script Security Plugin up to 1.72 on Jenkins In-process Script Approval Page Stored cross site scripting

A vulnerability classified as problematic has been found in Script Security Plugin up to 1.72 on Jenkins. This affects some unknown processing of the component In-process Script Approval Page. There is no information about possible...
Auteur: VulDB

Apache Ignite H2 Database privilege escalation [CVE-2020-1963]

A vulnerability was found in Apache Ignite (Database Software) (affected version not known). It has been rated as critical. Affected by this issue is an unknown code block of the component H2 Database. There is no information about possible...
Auteur: VulDB

Navigate CMS up to 2.8.7 feed.class.php cross site scripting

A vulnerability was found in Navigate CMS up to 2.8.7. It has been declared as problematic. Affected by this vulnerability is an unknown code in the library lib/packages/feeds/feed.class.php. There is no information about possible countermeasures...
Auteur: VulDB

Navigate CMS up to 2.8.7 website.class.php cross site scripting

A vulnerability was found in Navigate CMS up to 2.8.7. It has been classified as problematic. Affected is an unknown part in the library lib/packages/websites/website.class.php. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Navigate CMS up to 2.8.7 structure.class.php cross site scripting

A vulnerability was found in Navigate CMS up to 2.8.7 and classified as problematic. This issue affects some unknown functionality in the library lib/packages/structure/structure.class.php. There is no information about possible countermeasures...
Auteur: VulDB

CERTFR-2020-AVI-339 : Multiples vulnérabilités dans GitLab (04 juin 2020)

De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-338 : Multiples vulnérabilités dans Google Chrome (04 juin 2020)

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

CERTFR-2020-AVI-337 : Vulnérabilité dans Zimbra (04 juin 2020)

Une vulnérabilité a été découverte dans Zimbra. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

Navigate CMS up to 2.8.7 template.class.php directory traversal

A vulnerability has been found in Navigate CMS up to 2.8.7 (Content Management System) and classified as critical. This vulnerability affects an unknown functionality in the library lib/packages/templates/template.class.php. There is no...
Auteur: VulDB

PlayTube 1.8 User Details directory traversal

A vulnerability, which was classified as problematic, was found in PlayTube 1.8. This affects an unknown function of the file ajax.php?type=../admin-panel/autoload&page=manage-users of the component User Details. There is no information about...
Auteur: VulDB

libjpeg-turbo/MozJPEG PPM File rdppm.c get_rgb_row() memory corruption

A vulnerability, which was classified as critical, has been found in libjpeg-turbo and MozJPEG (affected version not known). Affected by this issue is the function get_rgb_row() of the file rdppm.c of the component PPM File Handler. There is no...
Auteur: VulDB

D-Link DIR-865L Ax 1.20B01 Beta Cleartext weak encryption

A vulnerability classified as problematic was found in D-Link DIR-865L Ax 1.20B01 Beta (Router Operating System). Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

D-Link DIR-865L Ax 1.20B01 Beta cross site request forgery [CVE-2020-13786]

A vulnerability classified as problematic has been found in D-Link DIR-865L Ax 1.20B01 Beta (Router Operating System). Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

D-Link DIR-865L 1.20B01 Beta weak encryption [CVE-2020-13785]

A vulnerability was found in D-Link DIR-865L 1.20B01 Beta. It has been rated as critical. This issue affects an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an...
Auteur: VulDB

D-Link DIR-865L Ax 1.20B01 Beta Random Number Generator PRNG unknown vulnerability

A vulnerability was found in D-Link DIR-865L Ax 1.20B01 Beta. It has been declared as critical. This vulnerability affects some unknown functionality of the component Random Number Generator. There is no information about possible countermeasures...
Auteur: VulDB

D-Link DIR-865L Ax 1.20B01 Beta Cleartext Storage information disclosure

A vulnerability was found in D-Link DIR-865L Ax 1.20B01 Beta (Router Operating System). It has been classified as problematic. This affects an unknown functionality of the component Cleartext Storage. There is no information about possible...
Auteur: VulDB

D-Link DIR-865L Ax 1.20B01 Beta command injection [CVE-2020-13782]

A vulnerability was found in D-Link DIR-865L Ax 1.20B01 Beta (Router Operating System) and classified as critical. Affected by this issue is an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Sabberworm PHP CSS Parser up to 8.3.0 allSelectors/getSelectorsBySpecificity Remote Code Execution

A vulnerability has been found in Sabberworm PHP CSS Parser up to 8.3.0 (Programming Language Software) and classified as critical. Affected by this vulnerability is the function allSelectors/getSelectorsBySpecificity. Upgrading to version 8.3.1...
Auteur: VulDB

Calico/Calico Enterprise IPv6 information disclosure [CVE-2020-13597]

A vulnerability, which was classified as problematic, was found in Calico and Calico Enterprise (version unknown). Affected is an unknown code block of the component IPv6 Handler. There is no information about possible countermeasures known. It...
Auteur: VulDB

Django up to 2.2.12/3.0.6 Parameter cross site scripting

A vulnerability, which was classified as problematic, has been found in Django up to 2.2.12/3.0.6 (Content Management System). This issue affects an unknown code. Upgrading to version 2.2.13 or 3.0.7 eliminates this vulnerability.
Auteur: VulDB

Grafana up to 7.0.1 Access Control HTTP Requests Server-Side Request Forgery

A vulnerability classified as critical was found in Grafana up to 7.0.1. This vulnerability affects an unknown part of the component Access Control. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Django up to 2.2.12/3.0.6 Memcached Backend privilege escalation

A vulnerability classified as critical has been found in Django up to 2.2.12/3.0.6. This affects some unknown functionality of the component Memcached Backend. Upgrading to version 2.2.13 or 3.0.7 eliminates this vulnerability.
Auteur: VulDB

Synacor Zimbra up to 8.8.15 Patch 9/9.0.0 Patch 2 Webmail Subsystem /service/upload Avatar Image privilege escalation

A vulnerability was found in Synacor Zimbra up to 8.8.15 Patch 9/9.0.0 Patch 2. It has been rated as critical. Affected by this issue is an unknown functionality of the file /service/upload of the component Webmail Subsystem. Applying the patch...
Auteur: VulDB

Weave Net up to 2.6.2 forwarding DNS Request privilege escalation

A vulnerability was found in Weave Net up to 2.6.2. It has been declared as critical. Affected by this vulnerability is an unknown function of the file /proc/sys/net/ipv6/conf//forwarding. Upgrading to version 2.6.3 eliminates this vulnerability.
Auteur: VulDB
First45678910111213Last

Événements SSI