Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SPARTOO : sanction de 250 000 euros et injonction sous astreinte de se conformer au RGPD

La CNIL, en tant que « chef de file », a adopté sa première décision de sanction en coopération avec d’autres autorités de contrôle européennes, en réponse à plusieurs manquements au RGPD par la société SPARTOO.
Auteur: Cnil

CERTFR-2020-AVI-484 : Multiples vulnérabilités dans Google Android (04 août 2020)

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de...
Auteur: Cert FR

CERTFR-2020-AVI-483 : Multiples vulnérabilités dans le noyau Linux de SUSE (04 août 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni...
Auteur: Cert FR

CERTFR-2020-AVI-482 : Vulnérabilité dans le noyau Linux de Red Hat (04 août 2020)

Une vulnérabilité a été découverte dans le noyau Linux de Red Hat. Elle permet à un attaquant de provoquer une élévation de privilèges.

Auteur: Cert FR

NetApp Active IQ Unified Manager for VMware vSphere up to 9.4 denial of service

A vulnerability was found in NetApp Active IQ Unified Manager for VMware vSphere and Active IQ Unified Manager for VMware Windows up to 9.4 (Virtualization Software). It has been rated as problematic. Affected by this issue is an unknown code...
Auteur: VulDB

NetApp Active IQ Unified Manager up to 9.5 on Linux JMX RMI Service Code Execution

A vulnerability was found in NetApp Active IQ Unified Manager up to 9.5 on Linux. It has been declared as critical. Affected by this vulnerability is an unknown code of the component JMX RMI Service. Upgrading to version 9.6 eliminates this...
Auteur: VulDB

Teltonika Firmware TRB2_R_00.02.04.01 Access Control privilege escalation

A vulnerability was found in Teltonika Firmware TRB2_R_00.02.04.01 (Firmware Software). It has been classified as critical. Affected is an unknown part of the component Access Control. There is no information about possible countermeasures known....
Auteur: VulDB

Teltonika Firmware TRB2_R_00.02.04.01 Package File privilege escalation

A vulnerability was found in Teltonika Firmware TRB2_R_00.02.04.01 (Firmware Software) and classified as critical. This issue affects some unknown functionality of the component Package File Handler. There is no information about possible...
Auteur: VulDB

Teltonika Firmware TRB2_R_00.02.04.01 Backup Archive privilege escalation

A vulnerability has been found in Teltonika Firmware TRB2_R_00.02.04.01 (Firmware Software) and classified as critical. This vulnerability affects an unknown functionality of the component Backup Archive Handler. There is no information about...
Auteur: VulDB

Teltonika Firmware TRB2_R_00.02.04.01 cross site request forgery

A vulnerability, which was classified as problematic, was found in Teltonika Firmware TRB2_R_00.02.04.01 (Firmware Software). This affects an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

SKYSEA Client View up to 15.210.05f privilege escalation [CVE-2020-5617]

A vulnerability, which was classified as critical, has been found in SKYSEA Client View up to 15.210.05f. Affected by this issue is some unknown processing. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Link01 up to 1.0.0 weak authentication [CVE-2020-5616]

A vulnerability classified as critical was found in Calendar01, Calendar02, PKOBO-News01, PKOBO-vote01, Telop01, Gallery01, CalendarForm01 and Link01 up to 1.0.0 (Calendar Software). Affected by this vulnerability is an unknown code block. There...
Auteur: VulDB

Calendar01/Calendar02 1.0.0 cross site request forgery [CVE-2020-5615]

A vulnerability classified as problematic has been found in Calendar01 and Calendar02 1.0.0 (Calendar Software). Affected is an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Kee Vault KeePassRPC up to 1.11.x SRP-6a Parameter privilege escalation

A vulnerability was found in Kee Vault KeePassRPC up to 1.11.x. It has been rated as critical. This issue affects an unknown part of the component SRP-6a Handler. Upgrading to version 1.12.0 eliminates this vulnerability.
Auteur: VulDB

Kee Vault KeePassRPC up to 1.11.x SRP-6a PRNG weak authentication

A vulnerability was found in Kee Vault KeePassRPC up to 1.11.x. It has been declared as critical. This vulnerability affects some unknown functionality of the component SRP-6a Handler. Upgrading to version 1.12.0 eliminates this vulnerability.
Auteur: VulDB

radare2 4.5.0 DWARF Information type_dwarf.c Segmentation Fault memory corruption

A vulnerability was found in radare2 4.5.0 (Programming Tool Software). It has been classified as critical. This affects an unknown functionality of the file type_dwarf.c of the component DWARF Information Handler. There is no information about...
Auteur: VulDB

Tiki up to 21.1 PreventXss.php cross site scripting

A vulnerability was found in Tiki up to 21.1 and classified as problematic. Affected by this issue is an unknown function in the library lib/core/TikiFilter/PreventXss.php. Upgrading to version 21.2 eliminates this vulnerability.
Auteur: VulDB

KDE ark prior 20.08.0 Extraction kerfuffle/jobs.cpp directory traversal

A vulnerability has been found in KDE ark and classified as critical. Affected by this vulnerability is some unknown processing of the file kerfuffle/jobs.cpp of the component Extraction Handler. Upgrading to version 20.08.0 eliminates this...
Auteur: VulDB

Openshift AMQ-Online/Enmasse prior 1.5.2 cross site request forgery

A vulnerability, which was classified as problematic, was found in Openshift AMQ-Online and Enmasse (Virtualization Software). Affected is an unknown code block. Upgrading to version 1.5.2 eliminates this vulnerability.
Auteur: VulDB

Extreme Management Center 8.4.1.24 GET Request Reflected cross site scripting

A vulnerability, which was classified as problematic, has been found in Extreme Management Center 8.4.1.24. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

FANUC 0i-MD/0i Mate-MD Ethernet Communication Module Malformed Packet denial of service

A vulnerability classified as problematic was found in FANUC 0i-MD and 0i Mate-MD (the affected version is unknown). This vulnerability affects an unknown part of the component Ethernet Communication Module. Proper firewalling of tcp/8193 is able...
Auteur: VulDB

Plesk Onyx 17.8.11 GET Parameter Reflected cross site scripting

A vulnerability classified as problematic has been found in Plesk Onyx 17.8.11 (Hosting Control Software). This affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

Plesk Obsidian 18.0.17 GET Parameter Reflected cross site scripting

A vulnerability was found in Plesk Obsidian 18.0.17. It has been rated as problematic. Affected by this issue is an unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

Wowza Streaming Engine up to 2019-11-28 privilege escalation

A vulnerability was found in Wowza Streaming Engine up to 2019-11-28. It has been declared as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Wowza Streaming Engine up to 2019-11-28 cross site scripting

A vulnerability was found in Wowza Streaming Engine up to 2019-11-28. It has been classified as problematic. Affected is some unknown processing. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB
12345678910Last

Événements SSI