Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

DeDeCMS V57_UTF8_SP2 Safe File Extension select_soft.php privilege escalation

A vulnerability classified as critical has been found in DeDeCMS V57_UTF8_SP2. Affected is an unknown function of the file uploads/include/dialog/select_soft.php of the component Safe File Extension Handler. The manipulation with an unknown...
Auteur: VulDB

Juniper Junos OS Firewall Filter IPv6 Packet Bypass privilege escalation

A vulnerability was found in Juniper Junos OS (unknown version). It has been rated as critical. This issue affects some processing of the component Firewall Filter. The manipulation as part of a IPv6 Packet leads to a privilege escalation...
Auteur: VulDB

Juniper ATP up to 5.0.2 Key Log information disclosure

A vulnerability was found in Juniper ATP up to 5.0.2. It has been declared as problematic. This vulnerability affects a code block of the component Key Handler. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Juniper Junos OS BGP FlowSpec BGP Packet Assertion denial of service

A vulnerability was found in Juniper Junos OS (the affected version unknown). It has been classified as problematic. This affects code of the component BGP FlowSpec Handler. The manipulation as part of a BGP Packet leads to a denial of service...
Auteur: VulDB

Juniper Junos OS on EX2300/EX3400 Firewall Filter privilege escalation

A vulnerability was found in Juniper Junos OS on EX2300/EX3400 (affected version not known) and classified as critical. Affected by this issue is a part of the component Firewall Filter. The manipulation with an unknown input leads to a...
Auteur: VulDB

Juniper Junos OS Dynamic VLAN Configuration Malformed Packet Loop denial of service

A vulnerability has been found in Juniper Junos OS (affected version unknown) and classified as problematic. Affected by this vulnerability is a functionality of the component Dynamic VLAN Configuration. The manipulation as part of a Malformed...
Auteur: VulDB

Search Autocomplete up to 7.x-4.7 Autocompletion cross site scripting

A vulnerability, which was classified as problematic, was found in Search Autocomplete up to 7.x-4.7. Affected is a function of the component Autocompletion. The manipulation with an unknown input leads to a cross site scripting vulnerability....
Auteur: VulDB

HHVM up to 3.27.5/3.30.1 number_format dec_points memory corruption

A vulnerability, which was classified as critical, has been found in HHVM up to 3.27.5/3.30.1. This issue affects the function number_format. The manipulation of the argument dec_points as part of a Argument leads to a memory corruption...
Auteur: VulDB

Tiki up to 17.1 tiki-user_tasks.php show_history sql injection

A vulnerability classified as critical has been found in Tiki up to 17.1. This affects an unknown function of the file tiki-user_tasks.php. The manipulation of the argument show_history as part of a Parameter leads to a sql injection...
Auteur: VulDB

Pydio up to 8.2.1 PHP Code Execution privilege escalation

A vulnerability was found in Pydio up to 8.2.1. It has been rated as critical. Affected by this issue is some processing. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code Execution). Using CWE to...
Auteur: VulDB

PrestaShop up to 1.7.2.4 Orders Serialized Object Code Execution

A vulnerability was found in PrestaShop up to 1.7.2.4. It has been declared as critical. Affected by this vulnerability is a code block of the component Orders Handler. The manipulation as part of a Serialized Object leads to a privilege...
Auteur: VulDB

CubeCart up to 6.1.12 validate[] sql injection

A vulnerability was found in CubeCart up to 6.1.12. It has been classified as critical. Affected is code. The manipulation of the argument validate[] as part of a Parameter leads to a sql injection vulnerability. CWE is classifying the issue as...
Auteur: VulDB

Oxid eSales 4.10.6 DB Abstraction Layer core/oxconfig.php getRequestParameter() synchoxid sql injection

A vulnerability was found in Oxid eSales 4.10.6 and classified as critical. This issue affects the function oxConfig::getRequestParameter() of the file core/oxconfig.php of the component DB Abstraction Layer. The manipulation of the argument...
Auteur: VulDB

Automattic WooCommerce plugin up to 3.4.5 on WordPress Privilege Check woocommerce.php denial of service

A vulnerability has been found in Automattic WooCommerce plugin up to 3.4.5 on WordPress and classified as problematic. This vulnerability affects a functionality of the file woocommerce.php of the component Privilege Check. The manipulation ...
Auteur: VulDB

Shopware up to 5.4.2 sql injection [CVE-2018-20713]

A vulnerability, which was classified as critical, was found in Shopware up to 5.4.2. This affects a function. The manipulation with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. This is going...
Auteur: VulDB

IBM SPSS Analytic Server 3.1.1.1 Web UI cross site scripting

A vulnerability, which was classified as problematic, has been found in IBM SPSS Analytic Server 3.1.1.1. Affected by this issue is some functionality of the component Web UI. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Ceph up to 13.2.3 Bucket denial of service

A vulnerability classified as problematic was found in Ceph up to 13.2.3. Affected by this vulnerability is the functionality of the component Bucket Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The...
Auteur: VulDB

Cisco Identity Services Engine Web-based Management Interface Parameter Reflected cross site scripting

A vulnerability classified as problematic has been found in Cisco Identity Services Engine (version unknown). Affected is an unknown function of the component Web-based Management Interface. The manipulation as part of a Parameter leads to a...
Auteur: VulDB

Cisco Identity Services Engine Web-based Management Interface Stored cross site scripting

A vulnerability was found in Cisco Identity Services Engine (unknown version). It has been rated as problematic. This issue affects some processing of the component Web-based Management Interface. The manipulation with an unknown input leads to...
Auteur: VulDB

Ceph up to 13.2.3 Key information disclosure

A vulnerability was found in Ceph up to 13.2.3. It has been declared as problematic. This vulnerability affects a code block. The manipulation with an unknown input leads to a information disclosure vulnerability (Key). The CWE definition for...
Auteur: VulDB

LimeSurvey up to 2.72.3 Admin Panel Stored cross site scripting

A vulnerability was found in LimeSurvey up to 2.72.3. It has been classified as problematic. This affects code of the component Admin Panel. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). CWE is...
Auteur: VulDB

Shopware up to 5.3.3 loadPreviewAction() sort XML External Entity

A vulnerability was found in Shopware up to 5.3.3 and classified as critical. Affected by this issue is the function loadPreviewAction(). The manipulation of the argument sort as part of a Parameter leads to a privilege escalation vulnerability...
Auteur: VulDB

Automattic WooCommerce plugin up to 3.2.3 on WordPress class-wc-shortcode-products.php get_products() privilege escalation

A vulnerability has been found in Automattic WooCommerce plugin up to 3.2.3 on WordPress and classified as critical. Affected by this vulnerability is the function WC_Shortcode_Products::get_products() of the file...
Auteur: VulDB

Juniper Junos OS RPD IPv4 PIM Join Packet Crash denial of service

A vulnerability was found in Juniper Junos OS (version unknown). It has been classified as problematic. Affected is code of the component RPD. The manipulation as part of a IPv4 PIM Join Packet leads to a denial of service vulnerability (Crash)....
Auteur: VulDB

Juniper Junos OS RPD BGP Packet Crash denial of service

A vulnerability was found in Juniper Junos OS (unknown version) and classified as problematic. This issue affects a part of the component RPD. The manipulation as part of a BGP Packet leads to a denial of service vulnerability (Crash). Using CWE...
Auteur: VulDB
First1723172417251726172717281729173017311732Last

Événements SSI