vendredi 22 février 2019   -   10 : 02 : 08  

Dernières alertes de sécurité

Cisco Webex Meetings Online Content Injection Vulnerability

> date : 2019-02-21 21:44:58
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in Cisco Webex Meetings Online could allow an unauthenticated, remote attacker to inject arbitrary text into a user’s browser. The vulnerability is due to improper validation of input. An attacker could exploit this vulnerability by convincing a targeted user to view a malicious URL. A successful exploit could allow the attacker to inject arbitrary text into the user’s browser. The attacker could use the content injection to conduct spoofing attacks. Cisco has released software updates to address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-webex-injection Security Impact Rating: Medium CVE: CVE-2019-1680

Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019

> date : 2019-02-21 21:44:58
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker could exploit the vulnerability either by persuading a user to create a new container using an attacker-controlled image or by using the docker exec command to attach into an existing container that the attacker already has write access to. A successful exploit could allow the attacker to overwrite the host's runc binary file with a malicious file, escape the container, and execute arbitrary commands with root privileges on the host system. This advisory will be updated as additional information becomes available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc Security Impact Rating: High CVE: CVE-2019-5736

Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability

> date : 2019-02-21 21:44:58
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-cdp-lldp-dos Security Impact Rating: Medium CVE: CVE-2019-1684

Cisco Webex Teams for iOS Arbitrary File Upload Vulnerability

> date : 2019-02-21 21:44:58
> lien : https://tools.cisco.com/security/center/content/CiscoSecurit...

A vulnerability in the client application for iOS of Cisco Webex Teams could allow an authenticated, remote attacker to upload arbitrary files within the scope of the iOS application. The vulnerability is due to improper input validation in the client application. An attacker could exploit this vulnerability by sending a malicious file to a targeted user and persuading the user to manually open it. An exploit could allow the attacker to overwrite sensitive application files and eventually cause a denial of service (DoS) condition by foreclosing future access to the system to the targeted user. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-webx-ios-file Security Impact Rating: Medium CVE: CVE-2019-1689

| page 1 | page suivante |


 

  Sécurité



  Classement

Selon le comparatif phwinfo.com, Ironie.org est 3ème au classement des mutualisés !

   

  Nouvelles

Consulter les dernières actualités de plus de 300 sources d'informations différentes.

  news.ironie.org

connected from address ec2-54-146-227-92.compute-1.amazonaws.com (54.146.227.92:47501)
using CCBot/2.0 (https://commoncrawl.org/faq/)
served for Ironie.org by Debian GNU/Linux