Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Intel VTune Amplifier up to 2018 Update 3 File Permission privilege escalation

A vulnerability classified as critical has been found in Intel VTune Amplifier up to 2018 Update 3. This affects an unknown function of the component File Permission. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

WordPress up to 5.0.0 Metanet Data privilege escalation

A vulnerability, which was classified as critical, was found in WordPress up to 5.0.0. Affected is an unknown function of the component Metanet Data Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

Geutebrueck E2 Camera up to 1.12.0 DNS Configuration OS Command Injection privilege escalation

A vulnerability classified as critical has been found in Geutebrueck E2 Camera up to 1.12.0. This affects an unknown function of the component DNS Configuration. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

GE Mark VIe directory traversal [CVE-2018-19003]

A vulnerability was found in GE Mark VIe, EX2100e, EX2100e_Reg, LS2100e, EX2100e_Reg and LS2100e. It has been rated as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a directory...
Auteur: VulDB

Medtronic CareLink 9790 Programmer 29901 weak encryption [CVE-2018-18984]

A vulnerability was found in Medtronic CareLink 2090 Programmer and CareLink 9790 Programmer 29901 (affected version unknown). It has been declared as critical. Affected by this vulnerability is an unknown function. The manipulation with an...
Auteur: VulDB

IBM Business Automation Workflow 18.0.0.0/18.0.0.1 Web UI cross site scripting

A vulnerability was found in IBM Business Automation Workflow 18.0.0.0/18.0.0.1. It has been classified as problematic. Affected is an unknown function of the component Web UI. The manipulation with an unknown input leads to a cross site...
Auteur: VulDB

Ricoh myPrint on Windows/Android WSDL API Default Credentials weak authentication

A vulnerability was found in Ricoh myPrint on Windows/Android (unknown version) and classified as critical. This issue affects an unknown function of the component WSDL API. The manipulation with an unknown input leads to a weak authentication...
Auteur: VulDB

Google Go up to 1.10.5/1.11.2 crypto-x509 Package CPU Exhaustion denial of service

A vulnerability has been found in Google Go up to 1.10.5/1.11.2 and classified as problematic. This vulnerability affects an unknown function of the component crypto-x509 Package. The manipulation with an unknown input leads to a denial of...
Auteur: VulDB

Google Go up to 1.10.5/1.11.2 Command Code Execution directory traversal

A vulnerability, which was classified as critical, was found in Google Go up to 1.10.5/1.11.2. This affects an unknown function of the component Command Handler. The manipulation with an unknown input leads to a directory traversal vulnerability...
Auteur: VulDB

Google Go up to 1.10.5/1.11.2 Command Remote Code Execution

A vulnerability, which was classified as critical, has been found in Google Go up to 1.10.5/1.11.2. Affected by this issue is an unknown function of the component Command Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

IBM DB2 11.1 on Linux/Unix/Windows SELECT Statement denial of service

A vulnerability, which was classified as problematic, has been found in IBM DB2 11.1 on Linux/Unix/Windows. This issue affects an unknown function. The manipulation as part of a SELECT Statement leads to a denial of service vulnerability. Using...
Auteur: VulDB

Sonarsource SonarQube up to 7.3 API information disclosure

A vulnerability classified as problematic was found in Sonarsource SonarQube up to 7.3. This vulnerability affects an unknown function of the component API. The manipulation with an unknown input leads to a information disclosure vulnerability....
Auteur: VulDB

WordPress up to 5.0.0 Comment cross site scripting

A vulnerability classified as problematic has been found in WordPress up to 5.0.0. Affected is an unknown function of the component Comment Handler. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

WordPress up to 5.0.0 Post Type privilege escalation

A vulnerability was found in WordPress up to 5.0.0. It has been rated as critical. This issue affects an unknown function of the component Post Type Handler. The manipulation with an unknown input leads to a privilege escalation vulnerability....
Auteur: VulDB

WordPress up to 5.0.0 User-Activation Page Email information disclosure

A vulnerability was found in WordPress up to 5.0.0. It has been declared as problematic. This vulnerability affects an unknown function of the component User-Activation Page. The manipulation with an unknown input leads to a information...
Auteur: VulDB

WordPress up to 5.0.0 Plugin cross site scripting

A vulnerability was found in WordPress up to 5.0.0. It has been classified as problematic. This affects an unknown function of the component Plugin. The manipulation with an unknown input leads to a cross site scripting vulnerability. CWE is...
Auteur: VulDB

WordPress up to 5.0.0 on Apache httpd MIME Restriction privilege escalation

A vulnerability was found in WordPress up to 5.0.0 on Apache httpd and classified as critical. Affected by this issue is an unknown function of the component MIME Restriction Handler. The manipulation with an unknown input leads to a privilege...
Auteur: VulDB

WordPress up to 5.0.0 Metadata PHP Code Execution privilege escalation

A vulnerability has been found in WordPress up to 5.0.0 and classified as critical. Affected by this vulnerability is an unknown function of the component Metadata Handler. The manipulation with an unknown input leads to a privilege escalation...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress PHP Code Execution privilege escalation

A vulnerability, which was classified as critical, was found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. This affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability (PHP Code...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress Access Restriction privilege escalation

A vulnerability, which was classified as critical, has been found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. Affected by this issue is an unknown function of the component Access Restriction. The manipulation with an unknown input...
Auteur: VulDB

WP Maintenance Mode Plugin up to 2.0.6 on WordPress Email information disclosure

A vulnerability classified as problematic was found in WP Maintenance Mode Plugin up to 2.0.6 on WordPress. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a information disclosure...
Auteur: VulDB

Bomb Threats Emailed Around the World

Original release date: December 13, 2018 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency (CISA), is aware of a worldwide email campaign targeting businesses and...
Auteur: US Cert

WordPress Releases Security Update

Original release date: December 13, 2018 WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity...
Auteur: US Cert

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

CWE-79:Improper Neutralization of Input During Web Page Generation - CVE-2018-5411 Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing...
Auteur: US Cert

CERTFR-2018-AVI-601 : Multiples vulnérabilités dans Moxa NPort (13 décembre 2018)

De multiples vulnérabilités ont été découvertes dans Moxa NPort. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Auteur: Cert FR
First1732173317341735173617371738173917401741Last

Événements SSI