Security News

31 10, 2019

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests

2019-12-31T12:18:10+01:00octobre 31st, 2019|Security News|

Summary A path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests. Impact Information Disclosure Affected Products FortiOS 6.0 – 6.0.0 to 6.0.4 FortiOS 5.6 – 5.6.3 to 5.6.7 FortiOS 5.4 – 5.4.6 to [...]

31 10, 2019

SA44101 – 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX

2019-10-31T13:09:50+01:00octobre 31st, 2019|Security News|

Information Product Affected Pulse Connect Secure, Pulse Policy Secure Problem Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS).  This includes an authentication by-pass vulnerability that can allow an unauthenticated user to perform a remote arbitrary file access on the Pulse Connect [...]

31 10, 2019

Pulse Secure VPN contains multiple vulnerabilities Vulnerability Note VU#927237

2020-02-10T10:44:32+01:00octobre 31st, 2019|Security News|

Overview Pulse Secure SSL VPN contains multiple vulnerabilities that can allow remote unauthenticated remote attacker to compromise the VPN server and connected clients. Description Pulse Secure released an out-of-cycle advisory along with software patches for the various affected products on April 24, 2019. This addressed a number of vulnerabilities including [...]

31 10, 2019

CVE-2019-6475: A flaw in mirror zone validity checking can allow zone data to be spoofed

2019-10-31T13:10:59+01:00octobre 31st, 2019|Security News|

CVE: CVE-2019-6475 Document version: 2.0 Posting date: 16 October 2019 Program impacted: BIND Versions affected: BIND 9.14.0 -> 9.14.6 Also releases 9.15.0 -> 9.15.4 of the BIND 9.15 development branch. Severity: Medium Exploitable: Remotely Description: Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by [...]

Aller en haut