mardi 25 février 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Synergy Systems & Solutions PLC & RTU up to 5.0 weak authentication

A vulnerability was found in Synergy Systems & Solutions PLC & RTU up to 5.0 and classified as critical. This issue affects some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Synergy Systems & Solutions PLC & RTU up to 5.0 Reboot denial of service

A vulnerability has been found in Synergy Systems & Solutions PLC & RTU up to 5.0 and classified as problematic. This vulnerability affects an unknown functionality. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Hashicorp Sentinel up to 0.10.1 Policy Expression unknown vulnerability

A vulnerability, which was classified as problematic, was found in Hashicorp Sentinel up to 0.10.1. This affects an unknown function of the component Policy Expression Handler. Upgrading to version 0.10.2 eliminates this vulnerability.
Auteur: VulDB

Lenovo EZ Media & Backup Center/ix2/ix2-dl up to 4.1.406.34763 Web Interface Open Redirect

A vulnerability, which was classified as critical, has been found in Lenovo EZ Media & Backup Center, ix2 and ix2-dl up to 4.1.406.34763. Affected by this issue is some unknown processing of the component Web Interface. There is no information...
Auteur: VulDB

Lenovo XClarity Administrator up to 2.6.5 DOM-Based cross site scripting

A vulnerability classified as problematic was found in Lenovo XClarity Administrator up to 2.6.5. Affected by this vulnerability is an unknown code block. Upgrading to version 2.6.6 eliminates this vulnerability.
Auteur: VulDB

GitLab 11.8 Merge Request Endpoint information disclosure

A vulnerability classified as problematic has been found in GitLab 11.8. Affected is an unknown code of the component Merge Request Endpoint. There is no information about possible countermeasures known. It may be suggested to replace the...
Auteur: VulDB

GitLab up to 12.2.2 Merge Request information disclosure

A vulnerability was found in GitLab up to 12.2.2. It has been rated as problematic. This issue affects an unknown part of the component Merge Request Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Combodo iTop up to 2.6.0 exec.php denial of service

A vulnerability was found in Combodo iTop up to 2.6.0. It has been declared as problematic. This vulnerability affects some unknown functionality of the file...
Auteur: VulDB

Combodo iTop up to 2.6.0 Dashboard cross site scripting

A vulnerability was found in Combodo iTop up to 2.6.0. It has been classified as problematic. This affects an unknown functionality of the component Dashboard. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Combodo iTop up to 2.6.0 webservices/export.php param_file cross site scripting

A vulnerability was found in Combodo iTop up to 2.6.0 and classified as problematic. Affected by this issue is an unknown function of the file webservices/export.php. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Combodo iTop up to 2.6.0 Configuration File privilege escalation

A vulnerability has been found in Combodo iTop up to 2.6.0 and classified as critical. Affected by this vulnerability is some unknown processing of the component Configuration File. There is no information about possible countermeasures known. It...
Auteur: VulDB

Hitachi Command Suite/Automation Director Error Message information disclosure

A vulnerability, which was classified as problematic, has been found in Hitachi Command Suite and Automation Director (Automation Software) (unknown version). This issue affects an unknown code of the component Error Message Handler. There is no...
Auteur: VulDB

Be Cautious of Romance Scams

Original release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain...
Auteur: US Cert

CERTFR-2020-AVI-093 : Vulnérabilité dans Fortinet FortiManager (14 février 2020)

Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Auteur: Cert FR

CERTFR-2020-AVI-092 : Vulnérabilité dans Juniper Junos OS (14 février 2020)

Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.

Auteur: Cert FR

Vulnerabilities in WordPress GDPR Cookie Consent Plugin (CERT-EU Security Advisory 2020-007)

Critical vulnerabilities affecting the WordPress GDPR Cookie Consent plugin have been identified. This plugin is used to make websites GDPR compliant. The vulnerability was reported by the security researcher Jerome Bruandet from NinTechNet. The...
Auteur: Cert EU

CERTFR-2020-AVI-091 : Vulnérabilité dans PostgreSQL (14 février 2020)

Une vulnérabilité a été découverte dans PostgreSQL . Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Auteur: Cert FR

North Korean Malicious Cyber Activity

Original release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North...
Auteur: US Cert

Linux Kernel up to 5.5.3 Journal Size fs/ext4/block_validity.c denial of service

A vulnerability classified as problematic was found in Linux Kernel up to 5.5.3 (Operating System). This vulnerability affects an unknown part of the file fs/ext4/block_validity.c of the component Journal Size Handler. There is no information...
Auteur: VulDB

LVM2 2.02 lvmetad-core.c vg_lookup denial of service

A vulnerability classified as problematic has been found in LVM2 2.02. This affects the function vg_lookup of the file daemons/lvmetad/lvmetad-core.c. There is no information about possible countermeasures known. It may be suggested to replace...
Auteur: VulDB

Voatz App on Android Voter Man-in-the-Middle information disclosure

A vulnerability was found in Voatz App on Android (affected version not known). It has been rated as problematic. Affected by this issue is an unknown functionality of the component Voter Handler. There is no information about possible...
Auteur: VulDB

Voatz App on Android PIN weak authentication

A vulnerability was found in Voatz App on Android (affected version unknown). It has been declared as problematic. Affected by this vulnerability is an unknown function of the component PIN Handler. There is no information about possible...
Auteur: VulDB

Source Integration Plugin up to 1.6.1/2.3.0 on MantisBT repo_delete.php cross site scripting

A vulnerability was found in Source Integration Plugin up to 1.6.1/2.3.0 on MantisBT. It has been classified as problematic. Affected is some unknown processing of the file repo_delete.php. Upgrading to version 1.6.2 or 2.3.1 eliminates this...
Auteur: VulDB

Intel RWC3 prior 7.010.009.000 on Windows Permission privilege escalation

A vulnerability was found in Intel RWC3 on Windows and classified as critical. This issue affects an unknown code block of the component Permission. Upgrading to version 7.010.009.000 eliminates this vulnerability.
Auteur: VulDB

SimpliSafe SS3 1.4 weak authentication [CVE-2019-3998]

A vulnerability classified as critical has been found in SimpliSafe SS3 1.4. Affected is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative...
Auteur: VulDB
First891011121314151617Last

Événements SSI