RMX Security CERT Global
- Multiples vulnérabilités dans les produits Nextcloud (16 mai 2025)De multiples vulnérabilités ont été découvertes dans les produits Nextcloud. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données ... read more
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12987 DrayTek Vigor Routers OS Command Injection Vulnerability CVE-2025-4664 Google Chromium Loader Insufficient ... read more
- Siemens User Management Component (UMC)As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Schneider Electric EcoStruxure Power Build RapsodyView CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.6 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Build Rapsody Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of ... read more
- Siemens SIPROTEC and SICAMAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens Mendix OIDC SSOAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens VersiCharge AC Series EV ChargersAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens SCALANCE LPE9403As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens Teamcenter VisualizationAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens OZW Web ServersAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety SystemsAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens RUGGEDCOM APE1808 DevicesAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens RUGGEDCOM ROX IIAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens PolarionAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- Siemens IPC RS-828AAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- ECOVACS DEEBOT Vacuum and Base StationView CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: ECOVACS Equipment: DEEBOT Vacuum and Base Station Vulnerabilities: Use of Hard-coded Cryptographic Key, Download of Code ... read more
- Siemens INTRALOG WMSAs of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this ... read more
- +F FS010M vulnerable to OS command injection+F FS010M provided by FUJI SOFT INCORPORATED contains an OS command injection vulnerability. ... read more
- How the NCSC thinks about security architectureRichard C explains how an understanding of vulnerabilities - and their exploitation - informs how the NCSC assesses the security of computer systems. ... read more
- Multiples vulnérabilités dans Microsoft Windows (12 mars 2025)De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et ... read more
- CISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability CVE-2025-22224 VMware ... read more
- Multiples vulnérabilités dans Google Android (04 mars 2025)De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et ... read more
- NCSC For Startups: from HP Labs to Configured ThingsSimon Arnell, co-founder of Configured Things, describes how the NCSC For Startups programme helped the company solve an intelligence community challenge. ... read more
- Detection and Repair: The Cost of RemediationThis year, we plan on making some exciting updates to the SEI CERT C Coding Standard. This blog post is about one of our ideas for improving the standard. ... read more
- CISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939 Hitachi Vantara Pentaho BA ... read more
- Improving Machine Learning Test and Evaluation with MLTEMachine learning (ML) models commonly experience issues when integrated into production systems. In this podcast, researchers from the Carnegie Mellon University Software Engineering Institute and the U.S. Army AI Integration ... read more
- Vulnérabilité dans Python (03 mars 2025)Une vulnérabilité a été découverte dans Python. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
- Bulletin d'actualité CERTFR-2025-ACT-009 (03 mars 2025)Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés ... read more
- CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service ApplicationsCISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of ... read more
- Threat Actors Chained Vulnerabilities in Ivanti Cloud Service ApplicationsNote: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, ... read more
- CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent ... read more
- CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS SectorToday, CISA and the Environmental Protection Agency (EPA) released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems (WWS) facilities ... read more
- Multiples vulnérabilités dans Nagios XI (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans Nagios XI. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité ... read more
- Multiples vulnérabilités dans les produits IBM (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans les produits IBM.Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à ... read more
- Multiples vulnérabilités dans le noyau Linux d'Ubuntu (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
- Multiples vulnérabilités dans le noyau Linux de SUSE (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité ... read more
- Multiples vulnérabilités dans le noyau Linux de Red Hat (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à ... read more
- Multiples vulnérabilités dans Microsoft Edge (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
- Multiples vulnérabilités dans Suricata (13 décembre 2024)De multiples vulnérabilités ont été découvertes dans Suricata. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability ... read more
- Schneider Electric Modicon M340, MC80, and Momentum Unity M1EView CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Enforcement of Message Integrity During Transmission ... read more
- Schneider Electric PowerLogic PM5300 SeriesView CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerLogic PM5300 Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of ... read more
- Automated Logic WebCTRL Premium ServerView CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type, URL Redirection ... read more
- Schneider Electric Modicon M340, MC80, and Momentum Unity M1EView CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M340, MC80, and Momentum Unity M1E Vulnerabilities: Improper Input Validation, Improper Restriction of Operations ... read more
- Schneider Electric EcoStruxure IT GatewayView CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure IT Gateway Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this ... read more
- mySCADA myPRO ManagerView CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: OS Command Injection, Improper Authentication, Missing Authentication for Critical Function, Path Traversal. ... read more
- OSCAT Basic LibraryView CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: CODESYS GmbH Equipment: OSCAT Basic Library Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability ... read more
- JVN: WordPress用プラグインVK All in One Expansion Unitにおけるクロスサイトスクリプティングの脆弱性WordPress用プラグインVK All in One Expansion Unitには、クロスサイトスクリプティングの脆弱性が存在します。続きを読む ... read more
- WordPress Plugin “VK All in One Expansion Unit” vulnerable to cross-site scriptingWordPress Plugin "VK All in One Expansion Unit" contains a cross-site scripting vulnerability. ... read more
- 注意喚起: 2024年11月マイクロソフトセキュリティ更新プログラムに関する注意喚起 (公開)... read more
| Title | Category | Tag |
Building Innovative Public-Private-Partnerships for Effective and Equitable WSS Services – Project Financing |
InfrastructurePPPProjectFinance | epcm governments infrastructure |
A Review of the Use of Output-Based Aid Approaches – Project Financing |
EPCMPPPProjectFinance | data sharing governments infrastructure |