Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

IBM DB2 11.1 on Linux/Unix/Windows SELECT Statement denial of service

A vulnerability, which was classified as problematic, has been found in IBM DB2 11.1 on Linux/Unix/Windows. This issue affects an unknown function. The manipulation as part of a SELECT Statement leads to a denial of service vulnerability. Using...
Auteur: VulDB

Sonarsource SonarQube up to 7.3 API information disclosure

A vulnerability classified as problematic was found in Sonarsource SonarQube up to 7.3. This vulnerability affects an unknown function of the component API. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

WordPress up to 5.0.0 Comment cross site scripting

A vulnerability classified as problematic has been found in WordPress up to 5.0.0. Affected is an unknown function of the component Comment Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

WordPress up to 5.0.0 Post Type privilege escalation

A vulnerability was found in WordPress up to 5.0.0. It has been rated as critical. This issue affects an unknown function of the component Post Type Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

WordPress up to 5.0.0 User-Activation Page Email information disclosure

A vulnerability was found in WordPress up to 5.0.0. It has been declared as problematic. This vulnerability affects an unknown function of the component User-Activation Page. The manipulation with an unknown input leads to a information...
Auteur: VulDB

WordPress up to 5.0.0 Plugin cross site scripting

A vulnerability was found in WordPress up to 5.0.0. It has been classified as problematic. This affects an unknown function of the component Plugin. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

WordPress up to 5.0.0 on Apache httpd MIME Restriction privilege escalation

A vulnerability was found in WordPress up to 5.0.0 on Apache httpd and classified as critical. Affected by this issue is an unknown function of the component MIME Restriction Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

WordPress up to 5.0.0 Metadata PHP Code Execution privilege escalation

A vulnerability has been found in WordPress up to 5.0.0 and classified as critical. Affected by this vulnerability is an unknown function of the component Metadata Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress PHP Code Execution privilege escalation

A vulnerability, which was classified as critical, was found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress Access Restriction privilege escalation

A vulnerability, which was classified as critical, has been found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. Affected by this issue is an unknown function of the component Access Restriction. The manipulation with an unknown input...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress Email information disclosure

A vulnerability classified as problematic was found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Bomb Threats Emailed Around the World

Original release date: December 13, 2018 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency (CISA), is aware of a worldwide email campaign targeting businesses and...
Auteur: US Cert

WordPress Releases Security Update

Original release date: December 13, 2018 WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity...
Auteur: US Cert

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

CWE-79:Improper Neutralization of Input During Web Page Generation - CVE-2018-5411 Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing...
Auteur: US Cert

CERTFR-2018-AVI-601 : Multiples vulnérabilités dans Moxa NPort (13 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Moxa NPort. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR

CERTFR-2018-AVI-600 : Multiples vulnérabilités dans WordPress (13 décembre 2018)

De multiples vulnérabilités ont été découvertes dans WordPress . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la...
Auteur: Cert FR

CERTFR-2018-AVI-599 : Vulnérabilité dans Google Chrome (13 décembre 2018)

Une vulnérabilité a été découverte dans Google Chrome. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Auteur: Cert FR

DeDeCMS 5.7 SP2 select_images_post.php Double Extension privilege escalation

A vulnerability, which was classified as critical, has been found in DeDeCMS 5.7 SP2. Affected by this issue is an unknown function of the file uploads/include/dialog/select_images_post.php. The manipulation as part of a Double Extension leads...
Auteur: VulDB

UsualToolCMS 8.0 cmsadmin\a_sqlback.php backname[] directory traversal

A vulnerability classified as critical was found in UsualToolCMS 8.0. Affected by this vulnerability is the function backname[] of the file cmsadmin\a_sqlback.php. The manipulation with an unknown input leads to a directory traversal...
Auteur: VulDB

zzzphp CMS 1.5.8 /admin/save.php del_file denial of service

A vulnerability classified as problematic has been found in zzzphp CMS 1.5.8. Affected is the function del_file of the file /admin/save.php. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying...
Auteur: VulDB

IBM DataPower Gateway up to 7.5.0.18/7.5.1.17/7.5.2.17/7.6.0.10/7.7.1.3 Web UI cross site scripting

A vulnerability, which was classified as problematic, was found in IBM DataPower Gateway up to 7.5.0.18/7.5.1.17/7.5.2.17/7.6.0.10/7.7.1.3. This affects an unknown function of the component Web UI. The manipulation with an unknown input leads to...
Auteur: VulDB

IBM DataPower Gateway up to 7.6.0.10/7.5.2.17/7.5.1.17/7.5.0.18/7.7.1.3 weak encryption

A vulnerability, which was classified as critical, has been found in IBM DataPower Gateway up to 7.6.0.10/7.5.2.17/7.5.1.17/7.5.0.18/7.7.1.3. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a weak...
Auteur: VulDB

Siemens SIMATIC S7-410 Service Port 102 Crafted Packet denial of service

A vulnerability classified as critical was found in Siemens SIMATIC S7-400, SIMATIC S7-400 PN-DP V7, SIMATIC S7-400H, SIMATIC S7-400H V6 and SIMATIC S7-410. Affected by this vulnerability is an unknown function of the component Service Port 102....
Auteur: VulDB

Siemens SIMATIC S7-410 Service Port 102 Crafted Packet denial of service

A vulnerability classified as critical has been found in Siemens SIMATIC S7-400, SIMATIC S7-400 PN-DP V7, SIMATIC S7-400H, SIMATIC S7-400H V6 and SIMATIC S7-410. Affected is an unknown function of the component Service Port 102. The manipulation...
Auteur: VulDB

Siemens SCALANCE S602 Integrated Web Server cross site scripting

A vulnerability was found in Siemens SCALANCE S602, SCALANCE S612, SCALANCE S623 and SCALANCE S627-2M (unknown version). It has been rated as problematic. This issue affects an unknown function of the component Integrated Web Server. The...
Auteur: VulDB
First1730173117321733173417351736173717381739Last

Événements SSI