dimanche 16 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Be Cautious of Romance Scams

Original release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain...
Auteur: US Cert

CERTFR-2020-AVI-093 : Vulnérabilité dans Fortinet FortiManager (14 février 2020)

Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-092 : Vulnérabilité dans Juniper Junos OS (14 février 2020)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Vulnerabilities in WordPress GDPR Cookie Consent Plugin (CERT-EU Security Advisory 2020-007)

Critical vulnerabilities affecting the WordPress GDPR Cookie Consent plugin have been identified. This plugin is used to make websites GDPR compliant. The vulnerability was reported by the security researcher Jerome Bruandet from NinTechNet. The...
Auteur: Cert EU

CERTFR-2020-AVI-091 : Vulnérabilité dans PostgreSQL (14 février 2020)

Une vulnérabilité a été découverte dans PostgreSQL . Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

North Korean Malicious Cyber Activity

Original release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North...
Auteur: US Cert

Linux Kernel up to 5.5.3 Journal Size fs/ext4/block_validity.c denial of service

A vulnerability classified as problematic was found in Linux Kernel up to 5.5.3 (Operating System). This vulnerability affects an unknown part of the file fs/ext4/block_validity.c of the component Journal Size Handler. There is no information...
Auteur: VulDB

LVM2 2.02 lvmetad-core.c vg_lookup denial of service

A vulnerability classified as problematic has been found in LVM2 2.02. This affects the function vg_lookup of the file daemons/lvmetad/lvmetad-core.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Voatz App on Android Voter Man-in-the-Middle information disclosure

A vulnerability was found in Voatz App on Android (affected version not known). It has been rated as problematic. Affected by this issue is an unknown functionality of the component Voter Handler. There is no information about possible...
Auteur: VulDB

Voatz App on Android PIN weak authentication

A vulnerability was found in Voatz App on Android (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component PIN Handler. There is no information about possible...
Auteur: VulDB

Source Integration Plugin up to 1.6.1/2.3.0 on MantisBT repo_delete.php cross site scripting

A vulnerability was found in Source Integration Plugin up to 1.6.1/2.3.0 on MantisBT. It has been classified as problematic. Affected is some unknown processing of the file repo_delete.php. Upgrading to version 1.6.2 or 2.3.1 eliminates this...
Auteur: VulDB

Intel RWC3 prior 7.010.009.000 on Windows Permission privilege escalation

A vulnerability was found in Intel RWC3 on Windows and classified as critical. This issue affects an unknown code block of the component Permission. Upgrading to version 7.010.009.000 eliminates this vulnerability.
Auteur: VulDB

SimpliSafe SS3 1.4 weak authentication [CVE-2019-3998]

A vulnerability classified as critical has been found in SimpliSafe SS3 1.4. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB

Intel CSME up to 12.0.48/13.0.20/14.0.10 Subsystem privilege escalation

A vulnerability was found in Intel CSME up to 12.0.48/13.0.20/14.0.10. It has been rated as problematic. This issue affects some unknown processing of the component Subsystem. There is no information about possible countermeasures known. It may...
Auteur: VulDB

dojox up to 1.16.0 dojox.xmpp.util.xmlEncode cross site scripting

A vulnerability was found in dojox up to 1.16.0. It has been declared as problematic. This vulnerability affects the function dojox.xmpp.util.xmlEncode. Upgrading to version 1.11.9, 1.12.7, 1.13.6, 1.14.5, 1.15.2 or 1.16.1 eliminates this...
Auteur: VulDB

Intel Authenticate up to 3.8.5 Permission unknown vulnerability

A vulnerability has been found in Intel Authenticate up to 3.8.5 and classified as problematic. This vulnerability affects an unknown code of the component Permission. Upgrading to version 3.8.6 eliminates this vulnerability.
Auteur: VulDB

Intel Authenticate Permission unknown vulnerability [CVE-2020-0562]

A vulnerability, which was classified as problematic, was found in Intel Authenticate (the affected version unknown). This affects an unknown part of the component Permission. There is no information about possible countermeasures known. It may...
Auteur: VulDB

SuiteCRM up to 7.11.10 SOAP API sql injection

A vulnerability was found in SuiteCRM up to 7.11.10. It has been classified as critical. This affects an unknown code of the component SOAP API. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

SuiteCRM up to 7.11.11 add_to_prospect_list directory traversal

A vulnerability was found in SuiteCRM up to 7.11.11 and classified as critical. Affected by this issue is the function add_to_prospect_list. There is no information about possible countermeasures known. It may be suggested to replace the affected...
Auteur: VulDB

SuiteCRM up to 7.11.11 Access Control action_saveHTMLField unknown vulnerability

A vulnerability has been found in SuiteCRM up to 7.11.11 and classified as critical. Affected by this vulnerability is the function action_saveHTMLField of the component Access Control. There is no information about possible countermeasures...
Auteur: VulDB

SuiteCRM up to 7.11.11 Phar Deserialization unknown vulnerability

A vulnerability, which was classified as critical, was found in SuiteCRM up to 7.11.11. Affected is an unknown functionality of the component Phar Deserialization. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

SuiteCRM up to 7.11.11 EmailsControllerActionGetFromFields Object privilege escalation

A vulnerability, which was classified as critical, has been found in SuiteCRM up to 7.11.11. This issue affects the function EmailsControllerActionGetFromFields. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Intel Authenticate up to v2.6.100.0 Access unknown vulnerability

A vulnerability, which was classified as problematic, has been found in Intel Authenticate up to v2.6.100.0. Affected by this issue is some unknown functionality of the component Access. Upgrading to version v2.6.100.1 eliminates this...
Auteur: VulDB

Intel Authenticate 3.0 Permission unknown vulnerability [CVE-2020-0560]

A vulnerability classified as problematic was found in Intel Authenticate 3.0. Affected by this vulnerability is an unknown functionality of the component Permission. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Askey AP4000W TDC_V1.01.003 Service Port 54188 bd_svr Remote Code Execution

A vulnerability classified as critical was found in Askey AP4000W TDC_V1.01.003. This vulnerability affects the function bd_svr of the component Service Port 54188. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB
12345678910Last

Événements SSI